pkg:Debian/edk2
54 total CVEsCRITICAL3HIGH25MEDIUM22LOW1
✅ Check your installed version
All known vulnerabilities
- CRITICAL9.8CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.from 0, < 2020.11-2+deb11u3
- CRITICAL9.8CVE-2019-0160Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of…from 0, < 0~20181115.85588389-1
- CRITICAL9.1CVE-2018-12178Buffer overflow in network stack for EDK II may allow unprivileged user to potentially enable escalation of privilege and/or denial of serv…from 0, < 0~20181115.85588389-3
- HIGH8.8CVE-2025-2486The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing by…from 0, < 2020.11-2+deb11u2
- HIGH8.8CVE-2023-45235EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise messa…from 0, < 2020.11-2+deb11u3
- HIGH8.8CVE-2023-45234EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message.from 0, < 2020.11-2+deb11u3
- HIGH8.8CVE-2023-45230EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client.from 0, < 2020.11-2+deb11u3
- HIGH8.8CVE-2018-12180Buffer overflow in BlockIo service for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information…from 0, < 0~20181115.85588389-3
- from 0, < 2020.11-2+deb11u3
- HIGH8.0CVE-2019-14586Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosur…from 0, < 0~20200229.4c0f6e34-1
- HIGH7.8CVE-2022-36765EDK2 is susceptible to a vulnerability in the CreateHob() function, allowing a user to trigger a integer overflow to buffer overflow via a…from 0, < 2020.11-2+deb11u3
- HIGH7.8CVE-2022-36764EDK2 is susceptible to a vulnerability in the Tcg2MeasurePeImage() function, allowing a user to trigger a heap buffer overflow via a local…from 0, < 2020.11-2+deb11u3
- HIGH7.8CVE-2022-36763EDK2 is susceptible to a vulnerability in the Tcg2MeasureGptTable() function, allowing a user to trigger a heap buffer overflow via a local…from 0, < 2020.11-2+deb11u3
- from 0, < 2020.11-2+deb11u3
- from 0, < 2020.11-2+deb11u3
- from 0, < 2020.11-1
- HIGH7.8CVE-2019-14584Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access.from 0, < 2020.11-1
- HIGH7.8CVE-2019-14575Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via l…from 0, < 0~20200229.4c0f6e34-1
- HIGH7.8CVE-2019-14563Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.from 0, < 0~20200229.4c0f6e34-1
- HIGH7.8CVE-2018-12179Improper configuration in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege, informat…from 0, < 0~20190606.20d2e5a1-2
- HIGH7.5CVE-2023-45237EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.from 0
- HIGH7.5CVE-2023-45236EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number.from 0
- HIGH7.5CVE-2023-45233EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6.from 0, < 2020.11-2+deb11u3
- HIGH7.5CVE-2023-45232EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of I…from 0, < 2020.11-2+deb11u3
- HIGH7.5CVE-2021-38576A BIOS bug in firmware for a particular PC model leaves the Platform authorization value empty.from 0, < 2020.11-2+deb11u3
- HIGH7.5CVE-2021-28213Example EDK2 encrypted private key in the IpSecDxe.efi present potential security risks.from 0, < 0~20190606.20d2e5a1-2
- HIGH7.5CVE-2019-14559Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.from 0, < 0~20200229.4c0f6e34-1
- HIGH7.0CVE-2025-3770EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access.from 0
- MEDIUM6.8CVE-2019-11098Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, den…from 0, < 2020.11-2+deb11u1
- MEDIUM6.8CVE-2014-4859Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows phy…from 0
- MEDIUM6.8CVE-2014-4860Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2…from 0
- MEDIUM6.8CVE-2018-12183Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosur…from 0, < 0~20181115.85588389-1
- from 0, < 2020.11-2+deb11u2
- from 0, < 0~20181115.85588389-3+deb10u4
- from 0, < 2020.11-2+deb11u2
- from 0, < 2020.11-1
- MEDIUM6.5CVE-2023-45231EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message.from 0, < 2020.11-2+deb11u3
- MEDIUM6.5CVE-2023-45229EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertis…from 0, < 2020.11-2+deb11u3
- MEDIUM6.5CVE-2019-14587Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.from 0, < 0~20200229.4c0f6e34-1
- MEDIUM6.3CVE-2024-38805EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.from 0
- MEDIUM6.0CVE-2024-1298EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local…from 0, < 2020.11-2+deb11u3
- MEDIUM6.0CVE-2018-12181Stack overflow in corrupted bmp for EDK II may allow unprivileged user to potentially enable denial of service or elevation of privilege vi…from 0, < 0~20181115.85588389-3
- from 0, < 2020.11-2+deb11u3
- MEDIUM5.7CVE-2019-14558Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 &…from 0, < 0~20200229.4c0f6e34-1
- MEDIUM5.5CVE-2019-14562Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local…from 0, < 2020.05-4
- from 0, < 0~20180803.dd4cae4d-1
- from 0, < 0~20161202.7bbe0b3e-1+deb9u2
- MEDIUM4.9CVE-2019-14553Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.from 0, < 0~20190828.37eef910-4
- from 0
- from 0
- LOW3.5CVE-2025-2295EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means.from 0
- from 0
- —CVE-2025-2296EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access.from 0
- —CVE-2024-38798EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local acc…from 0