Skip to main content

Edk2

8 CVEs product

Monthly

CVE-2025-2486 LOW PATCH Monitor

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Rated low severity (CVSS 3.7), this vulnerability is no authentication required.

Authentication Bypass Ubuntu Edk2
NVD
CVSS 4.0
3.7
EPSS
0.0%
CVE-2022-36765 HIGH This Week

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Edk2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2022-36764 HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2022-36763 HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.1%
CVE-2021-38575 HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2021-28213 HIGH This Week

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edk2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2021-28211 MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2021-28210 HIGH POC This Week

An unlimited recursion in DxeCore in EDK II. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edk2
NVD
CVSS 3.1
7.8
EPSS
0.4%
EPSS 0% CVSS 3.7
LOW PATCH Monitor

The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Rated low severity (CVSS 3.7), this vulnerability is no authentication required.

Authentication Bypass Ubuntu Edk2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Edk2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local network. Rated high severity (CVSS 7.0). No vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC This Week

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Edk2 Kernel
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edk2
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Edk2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An unlimited recursion in DxeCore in EDK II. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edk2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy