Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tianocore edk2 - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
Tianocore Edk2 201808
Tianocore Edk2 201811
Tianocore Edk2 201903
Tianocore Edk2 201905
Tianocore Edk2 201908
Tianocore Edk2 201911
Tianocore Edk2 202002
Tianocore Edk2 202005
Tianocore Edk2 202008
Tianocore Edk2 202011
Tianocore Edk2 202102
Tianocore Edk2 202105
7.8
CVSSv3
CVE-2017-5731
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Tianocore Edk2
7.8
CVSSv3
CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
6.8
CVSSv3
CVE-2014-8271
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate malicious users to gain privileges via a long variable name.
Tianocore Edk2
6.8
CVSSv3
CVE-2014-4860
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate malicious users to bypass intended access restrictions by providing crafted data that is not properly handled duri...
Tianocore Edk2 -
7.5
CVSSv3
CVE-2023-45232
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Availabilit...
Tianocore Edk2
7.5
CVSSv3
CVE-2023-45233
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Availability.
Tianocore Edk2
8.8
CVSSv3
CVE-2023-45234
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentialit...
Tianocore Edk2
8.8
CVSSv3
CVE-2023-45235
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidential...
Tianocore Edk2
7.5
CVSSv3
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »