threat
engine
.sh
Back
·
··:··
Home
/
Product
/
tianocore edk2
Product
tianocore edk2
33 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-2486
all versions
The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly al
8.8
HIGH
CVE-2023-49721
<= 2023.11-8
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot
6.7
MEDIUM
CVE-2023-48733
<= 2023.11-8
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass S
6.7
MEDIUM
CVE-2023-45237
<= 202311
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an att
5.3
MEDIUM
CVE-2023-45236
<= 202311
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an att
5.8
MEDIUM
CVE-2023-45235
<= 202311
EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 pr
8.3
HIGH
CVE-2023-45234
<= 202311
EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertis
8.3
HIGH
CVE-2023-45233
<= 202311
EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options heade
7.5
HIGH
CVE-2023-45232
<= 202311
EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options he
7.5
HIGH
CVE-2023-45231
<= 202311
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect messag
6.5
MEDIUM
CVE-2023-45230
<= 202311
EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulne
8.3
HIGH
CVE-2023-45229
<= 202311
EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv
6.5
MEDIUM
CVE-2022-36765
<= 202311
EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overfl
7.0
HIGH
CVE-2022-36764
<= 202311
EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via
7.0
HIGH
CVE-2022-36763
<= 202311
EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow vi
7.0
HIGH
CVE-2021-38578
<= 202202
Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
7.4
HIGH
CVE-2021-38576
all versions
A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently br
7.5
HIGH
CVE-2021-38575
<= 202105
NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.
8.1
HIGH
CVE-2021-28213
all versions
Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.
7.5
HIGH
CVE-2021-28211
all versions
A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
6.7
MEDIUM
CVE-2021-28210
< 202008
An unlimited recursion in DxeCore in EDK II.
7.8
HIGH
CVE-2019-14584
< 2020-10-21
Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local
7.8
HIGH
CVE-2019-14587
all versions
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
6.5
MEDIUM
CVE-2019-14586
all versions
Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information
8.0
HIGH
CVE-2019-14575
all versions
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privil
7.8
HIGH
CVE-2019-14563
all versions
Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
7.8
HIGH
CVE-2019-14562
all versions
Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service v
5.5
MEDIUM
CVE-2019-14559
all versions
Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network
7.5
HIGH
CVE-2019-14553
all versions
Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.
4.9
MEDIUM
CVE-2014-8271
< svn_16280
Buffer overflow in the Reclaim function in Tianocore EDK2 before SVN 16280 allows physically proximate attackers to gain privilege
6.8
MEDIUM
CVE-2014-4860
all versions
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation
6.8
MEDIUM
CVE-2014-4859
all versions
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 a
6.8
MEDIUM
CVE-2017-5731
< 2017-11-07
Bounds checking in Tianocompress before November 7, 2017 may allow an authenticated user to potentially enable an escalation of pr
7.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin