Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tianocore edk2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
Tianocore Edk2 201808
Tianocore Edk2 201811
Tianocore Edk2 201903
Tianocore Edk2 201905
Tianocore Edk2 201908
Tianocore Edk2 201911
Tianocore Edk2 202002
Tianocore Edk2 202005
Tianocore Edk2 202008
Tianocore Edk2 202011
Tianocore Edk2 202102
Tianocore Edk2 202105
4.9
CVSSv3
CVE-2019-14553
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Tianocore Edk2 -
6.8
CVSSv3
CVE-2014-8271
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate malicious users to gain privileges via a long variable name.
Tianocore Edk2
7.5
CVSSv3
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
7.5
CVSSv3
CVE-2023-45237
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
7.8
CVSSv3
CVE-2019-14584
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Tianocore Edk2
7.8
CVSSv3
CVE-2017-5731
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Tianocore Edk2
7.8
CVSSv3
CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
7.8
CVSSv3
CVE-2022-36765
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
6.8
CVSSv3
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate malicious users to bypass intended access restrictions by providing crafted data that is not properly handled duri...
Tianocore Edk2 -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »