Total
12838 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46769 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 8.8 High |
| Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution. | ||||
| CVE-2021-46756 | 1 Amd | 126 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 123 more | 2025-01-28 | 9.1 Critical |
| Insufficient validation of inputs in SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity. | ||||
| CVE-2021-46762 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 3.9 Low |
| Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service. | ||||
| CVE-2023-41782 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 3.9 Low |
| There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. | ||||
| CVE-2023-25650 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.5 Medium |
| There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | ||||
| CVE-2023-1732 | 1 Cloudflare | 1 Circl | 2025-01-27 | 5.3 Medium |
| When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20. | ||||
| CVE-2022-26837 | 1 Intel | 454 Core I3-11100he, Core I3-11100he Firmware, Core I3-1110g4 and 451 more | 2025-01-27 | 7.5 High |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-30258 | 1 Eprosima | 1 Fast Dds | 2025-01-27 | 8.2 High |
| FastDDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group). Prior to versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8, when a publisher serves a malformed `RTPS` packet, the subscriber crashes when creating `pthread`. This can remotely crash any Fast-DDS process, potentially leading to a DOS attack. Versions 2.14.1, 2.13.5, 2.10.4, and 2.6.8 contain a patch for the issue. | ||||
| CVE-2023-31148 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-27 | 9.1 Critical |
| An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2022-33964 | 1 Intel | 1 System Usage Report | 2025-01-27 | 7.4 High |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2022-33190 | 1 Intel | 1 System Usage Report | 2025-01-27 | 7.1 High |
| Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31149 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-27 | 9.1 Critical |
| An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2022-29494 | 1 Intel | 58 C621a, C627a, C629a and 55 more | 2025-01-27 | 6.5 Medium |
| Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2022-36339 | 1 Intel | 26 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 23 more | 2025-01-27 | 7.5 High |
| Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2022-34147 | 1 Intel | 82 Cm8ccb4r, Cm8ccb4r Firmware, Cm8i3cb4n and 79 more | 2025-01-27 | 7.5 High |
| Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-28699 | 1 Intel | 38 Nuc7cjyh, Nuc7cjyh Firmware, Nuc7cjyhn and 35 more | 2025-01-27 | 7.5 High |
| Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-32766 | 1 Intel | 2 Compute Stick Stk2mv64cc, Compute Stick Stk2mv64cc Firmware | 2025-01-27 | 7.2 High |
| Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-37327 | 1 Intel | 234 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 231 more | 2025-01-27 | 6.1 Medium |
| Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access. | ||||
| CVE-2022-32577 | 1 Intel | 6 Nuc5cpyh, Nuc5cpyh Firmware, Nuc5pgyh and 3 more | 2025-01-27 | 3.4 Low |
| Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access | ||||
| CVE-2022-25976 | 1 Intel | 1 Virtual Raid On Cpu | 2025-01-27 | 5.5 Medium |
| Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. | ||||