Search for packages
| purl | pkg:deb/debian/edk2@2022.11-6%2Bdeb12u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2kzc-d6fj-aaak
Aliases: CVE-2023-45236 |
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-31nh-s7tv-g3cv
Aliases: CVE-2024-38797 |
EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability. |
Affected by 0 other vulnerabilities. |
|
VCID-shdk-x8jh-s7af
Aliases: CVE-2025-2295 |
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-xn95-jc2p-aaaq
Aliases: CVE-2023-45237 |
EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. |
Affected by 0 other vulnerabilities. Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-2jsu-4abf-aaae | BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE. |
CVE-2021-28216
|
| VCID-4352-frwj-9qf1 | EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. |
CVE-2024-38796
|
| VCID-5352-njw5-aaaa | Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize. |
CVE-2021-38578
|
| VCID-5tjt-sq7f-aaaa | EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. |
CVE-2023-45232
|
| VCID-abxw-2d5v-aaak | A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty. This can be used to permanently brick the TPM in multiple ways, as well as to non-permanently DoS the system. |
CVE-2021-38576
|
| VCID-fd27-e1my-aaas | EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. |
CVE-2023-45229
|
| VCID-j4d6-r39b-aaac | EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. |
CVE-2023-45230
|
| VCID-keqz-ek12-aaad | EDK2: integer overflow in CreateHob() could lead to HOB OOB R/W |
CVE-2022-36765
|
| VCID-kxcj-kecq-aaah | EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. |
CVE-2023-45234
|
| VCID-pcxk-paj7-aaap | EDK2: heap buffer overflow in Tcg2MeasureGptTable() |
CVE-2022-36763
|
| VCID-phkd-4f7d-aaaj | EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability. |
CVE-2023-45235
|
| VCID-up29-q45t-aaac | EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability. |
CVE-2023-45233
|
| VCID-urbz-asn8-aaan | EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability. |
CVE-2024-1298
|
| VCID-x3u3-t2dd-aaah | EDK2: heap buffer overflow in Tcg2MeasurePeImage() |
CVE-2022-36764
|
| VCID-z8n1-6p1f-aaan | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
CVE-2021-38575
|
| VCID-zh68-hgen-aaaa | EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality. |
CVE-2023-45231
|