Shodan
Vulnerabilities
Vulnerable Software
Tianocore:  >> Edk2  Security Vulnerabilities
CVE-2023-45231
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-01-16
CVE-2022-36763
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
CVSS Score
7.0
EPSS Score
0.001
Published
2024-01-09
CVE-2022-36764
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-01-09
CVE-2022-36765
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-01-09
CVE-2021-38578
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
CVSS Score
7.4
EPSS Score
0.001
Published
2022-03-03
CVE-2021-38576
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-01-03
CVE-2021-38575
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
CVSS Score
8.1
EPSS Score
0.005
Published
2021-12-01
CVE-2021-28210
An unlimited recursion in DxeCore in EDK II.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-11
CVE-2021-28211
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-06-11
CVE-2021-28213
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-06-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved