Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
edk2 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
Tianocore Edk2 201808
Tianocore Edk2 201811
Tianocore Edk2 201903
Tianocore Edk2 201905
Tianocore Edk2 201908
Tianocore Edk2 201911
Tianocore Edk2 202002
Tianocore Edk2 202005
Tianocore Edk2 202008
Tianocore Edk2 202011
Tianocore Edk2 202102
Tianocore Edk2 202105
7.8
CVSSv3
CVE-2017-5731
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of privilege via local access.
Tianocore Edk2
4.9
CVSSv3
CVE-2019-14553
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
Tianocore Edk2 -
7.8
CVSSv3
CVE-2019-14584
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
Tianocore Edk2
7.5
CVSSv3
CVE-2019-14559
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
Tianocore Edk2 -
7.8
CVSSv3
CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
7.8
CVSSv3
CVE-2022-36764
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
7.8
CVSSv3
CVE-2022-36765
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
Tianocore Edk2
7.8
CVSSv3
CVE-2021-28210
An unlimited recursion in DxeCore in EDK II.
Tianocore Edk2
7.5
CVSSv3
CVE-2023-45236
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an malicious user to gain unauthorized access and potentially lead to a loss of Confidentiality.
Tianocore Edk2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661
open redirect
CVE-2024-25512
CVE-2024-33788
command injection
SSTI
CVE-2024-0043
CVE-2024-29210
CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »