Filtered by vendor Tianocore
Subscriptions
Total
41 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2019-14553 | 1 Tianocore | 1 Edk2 | 2024-08-05 | 4.9 Medium |
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access. | ||||
CVE-2019-14575 | 2 Debian, Tianocore | 2 Debian Linux, Edk2 | 2024-08-05 | 7.8 High |
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2019-11098 | 1 Tianocore | 1 Edk Ii | 2024-08-04 | 6.8 Medium |
Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | ||||
CVE-2019-0161 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk Ii | 2024-08-04 | N/A |
Stack overflow in XHCI for EDK II may allow an unauthenticated user to potentially enable denial of service via local access. | ||||
CVE-2019-0160 | 4 Fedoraproject, Opensuse, Redhat and 1 more | 8 Fedora, Leap, Enterprise Linux and 5 more | 2024-08-04 | 9.8 Critical |
Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. | ||||
CVE-2021-38576 | 1 Tianocore | 1 Edk2 | 2024-08-04 | 7.5 High |
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. | ||||
CVE-2021-38575 | 3 Insyde, Redhat, Tianocore | 5 Kernel, Enterprise Linux, Rhel Eus and 2 more | 2024-08-04 | 8.1 High |
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. | ||||
CVE-2021-28211 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 6.7 Medium |
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. | ||||
CVE-2021-28216 | 1 Tianocore | 1 Edk Ii | 2024-08-03 | 7.8 High |
BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. | ||||
CVE-2021-28210 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 7.8 High |
An unlimited recursion in DxeCore in EDK II. | ||||
CVE-2021-28213 | 1 Tianocore | 1 Edk2 | 2024-08-03 | 7.5 High |
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. | ||||
CVE-2022-36763 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 7 High |
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
CVE-2022-36765 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-03 | 7 High |
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability. | ||||
CVE-2023-45233 | 2 Redhat, Tianocore | 2 Enterprise Linux, Edk2 | 2024-08-02 | 7.5 High |
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. | ||||
CVE-2023-45234 | 2 Redhat, Tianocore | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-02 | 8.3 High |
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | ||||
CVE-2023-45236 | 2 Redhat, Tianocore | 3 Enterprise Linux, Rhel Eus, Edk2 | 2024-08-02 | 5.8 Medium |
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | ||||
CVE-2023-45230 | 2 Redhat, Tianocore | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2024-08-02 | 8.3 High |
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | ||||
CVE-2023-45237 | 2 Redhat, Tianocore | 3 Enterprise Linux, Rhel Eus, Edk2 | 2024-08-02 | 5.3 Medium |
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. | ||||
CVE-2023-45235 | 2 Redhat, Tianocore | 4 Enterprise Linux, Rhel Aus, Rhel Eus and 1 more | 2024-08-02 | 8.3 High |
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. | ||||
CVE-2023-45229 | 2 Redhat, Tianocore | 3 Enterprise Linux, Rhel Eus, Edk2 | 2024-08-02 | 6.5 Medium |
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. |