Tianocore: Security Vulnerabilities
An unlimited recursion in DxeCore in EDK II.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-11
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
CVSS Score
6.7
EPSS Score
0.001
Published
2021-06-11
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-11
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-03
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVSS Score
8.0
EPSS Score
0.001
Published
2020-11-23
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-23
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-23
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-23
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-11-23
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-23