Tianocore: >> Edk2 Security Vulnerabilities
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-06-11
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-06-03
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.
CVSS Score
8.0
EPSS Score
0.001
Published
2020-11-23
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-11-23
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-23
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-11-23
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2020-11-23
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.
CVSS Score
7.5
EPSS Score
0.007
Published
2020-11-23
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.
CVSS Score
5.5
EPSS Score
0.0
Published
2020-11-23
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privileges via a long variable name.
CVSS Score
6.8
EPSS Score
0.002
Published
2020-02-06