Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-39281

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-01 Nov, 2023 | 00:00
Updated At-06 Sep, 2024 | 19:14
Rejected At-
Credits

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:01 Nov, 2023 | 00:00
Updated At:06 Sep, 2024 | 19:14
Rejected At:
▼CVE Numbering Authority (CNA)

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.insyde.com/security-pledge
N/A
https://www.insyde.com/security-pledge/SA-2023054
N/A
Hyperlink: https://www.insyde.com/security-pledge
Resource: N/A
Hyperlink: https://www.insyde.com/security-pledge/SA-2023054
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.insyde.com/security-pledge
x_transferred
https://www.insyde.com/security-pledge/SA-2023054
x_transferred
Hyperlink: https://www.insyde.com/security-pledge
Resource:
x_transferred
Hyperlink: https://www.insyde.com/security-pledge/SA-2023054
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
Insyde Software Corp. (ISC)insyde
Product
insydeh20
CPEs
  • cpe:2.3:a:insyde:insydeh20:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 5.0 through 5.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-121CWE-121 Stack-based Buffer Overflow
Type: CWE
CWE ID: CWE-121
Description: CWE-121 Stack-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.15.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:01 Nov, 2023 | 22:15
Updated At:06 Sep, 2024 | 20:35

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.15.7MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 5.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
CPE Matches
Intel Corporation
intel
>>b760>>-
cpe:2.3:h:intel:b760:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>c262>>-
cpe:2.3:h:intel:c262:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>c266>>-
cpe:2.3:h:intel:c266:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1305u>>-
cpe:2.3:h:intel:core_i3-1305u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13100>>-
cpe:2.3:h:intel:core_i3-13100:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13100e>>-
cpe:2.3:h:intel:core_i3-13100e:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13100f>>-
cpe:2.3:h:intel:core_i3-13100f:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13100t>>-
cpe:2.3:h:intel:core_i3-13100t:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13100te>>-
cpe:2.3:h:intel:core_i3-13100te:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1315u>>-
cpe:2.3:h:intel:core_i3-1315u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1315ue>>-
cpe:2.3:h:intel:core_i3-1315ue:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1315ure>>-
cpe:2.3:h:intel:core_i3-1315ure:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1320pe>>-
cpe:2.3:h:intel:core_i3-1320pe:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-1320pre>>-
cpe:2.3:h:intel:core_i3-1320pre:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13300he>>-
cpe:2.3:h:intel:core_i3-13300he:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i3-13300hre>>-
cpe:2.3:h:intel:core_i3-13300hre:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1334u>>-
cpe:2.3:h:intel:core_i5-1334u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1335u>>-
cpe:2.3:h:intel:core_i5-1335u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1335ue>>-
cpe:2.3:h:intel:core_i5-1335ue:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13400>>-
cpe:2.3:h:intel:core_i5-13400:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13400e>>-
cpe:2.3:h:intel:core_i5-13400e:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13400f>>-
cpe:2.3:h:intel:core_i5-13400f:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13400t>>-
cpe:2.3:h:intel:core_i5-13400t:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1340p>>-
cpe:2.3:h:intel:core_i5-1340p:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1340pe>>-
cpe:2.3:h:intel:core_i5-1340pe:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13420h>>-
cpe:2.3:h:intel:core_i5-13420h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13450hx>>-
cpe:2.3:h:intel:core_i5-13450hx:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1345u>>-
cpe:2.3:h:intel:core_i5-1345u:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1345ue>>-
cpe:2.3:h:intel:core_i5-1345ue:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1345ure>>-
cpe:2.3:h:intel:core_i5-1345ure:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500>>-
cpe:2.3:h:intel:core_i5-13500:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500e>>-
cpe:2.3:h:intel:core_i5-13500e:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500h>>-
cpe:2.3:h:intel:core_i5-13500h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500hx>>-
cpe:2.3:h:intel:core_i5-13500hx:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500t>>-
cpe:2.3:h:intel:core_i5-13500t:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13500te>>-
cpe:2.3:h:intel:core_i5-13500te:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13505h>>-
cpe:2.3:h:intel:core_i5-13505h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1350p>>-
cpe:2.3:h:intel:core_i5-1350p:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1350pe>>-
cpe:2.3:h:intel:core_i5-1350pe:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-1350pre>>-
cpe:2.3:h:intel:core_i5-1350pre:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600>>-
cpe:2.3:h:intel:core_i5-13600:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600h>>-
cpe:2.3:h:intel:core_i5-13600h:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600he>>-
cpe:2.3:h:intel:core_i5-13600he:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600hre>>-
cpe:2.3:h:intel:core_i5-13600hre:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600hx>>-
cpe:2.3:h:intel:core_i5-13600hx:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600k>>-
cpe:2.3:h:intel:core_i5-13600k:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600kf>>-
cpe:2.3:h:intel:core_i5-13600kf:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5-13600t>>-
cpe:2.3:h:intel:core_i5-13600t:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5_14600k>>-
cpe:2.3:h:intel:core_i5_14600k:-:*:*:*:*:*:*:*
Intel Corporation
intel
>>core_i5_14600kf>>-
cpe:2.3:h:intel:core_i5_14600kf:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-787Primarynvd@nist.gov
CWE-121Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-787
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-121
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.insyde.com/security-pledgecve@mitre.org
Vendor Advisory
https://www.insyde.com/security-pledge/SA-2023054cve@mitre.org
Vendor Advisory
Hyperlink: https://www.insyde.com/security-pledge
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.insyde.com/security-pledge/SA-2023054
Source: cve@mitre.org
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

0Records found
CVE-2023-20520
Matching Score-10
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-10
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.79%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control settings in ASP Bootloader may allow an attacker to corrupt the return address causing a stack-based buffer overrun potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7301_firmwareepyc_7451_firmwareepyc_7552_firmwareepyc_7451epyc_7282_firmwareepyc_7742_firmwareepyc_7371epyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7551epyc_7h12epyc_7301epyc_7453epyc_73f3_firmwareepyc_7401epyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_7261_firmwareepyc_73f3epyc_74f3_firmwareepyc_7252epyc_7571_firmwareepyc_7402_firmwareepyc_7351_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7351epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7501epyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7401p_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7401_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7351p_firmwareepyc_7551pepyc_7501_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7601_firmwareepyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7251epyc_7402epyc_7643epyc_7551_firmwareepyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7261epyc_7551p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7281epyc_7502p_firmwareepyc_7713_firmwareepyc_7371_firmwareepyc_7713epyc_7281_firmwareepyc_7571epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7251_firmwareepyc_7351pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7401pepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_7601epyc_72621st Gen AMD EPYC™ 3rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-38578
Matching Score-10
Assigner-TianoCore.org
ShareView Details
Matching Score-10
Assigner-TianoCore.org
CVSS Score-7.4||HIGH
EPSS-0.06% / 17.85%
||
7 Day CHG~0.00%
Published-03 Mar, 2022 | 21:53
Updated-23 Apr, 2025 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.

Action-Not Available
Vendor-tianocoreTianoCoreInsyde Software Corp. (ISC)
Product-kerneledk2EDK II
CWE ID-CWE-124
Buffer Underwrite ('Buffer Underflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-33833
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.15% / 36.79%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 17:44
Updated-03 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/Linux
Product-debian_linuxconnection_managern/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-49614
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 11.80%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Aug, 2024 | 15:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bounds write in firmware for some Intel(R) FPGA products before version 2.9.0 may allow escalation of privilege and information disclosure.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) FPGA productsagilex_7_fpga_f-series_023_firmwareagilex_7_fpga_f-series_006_firmwareagilex_7_fpga_f-series_008_firmwareagilex_7_fpga_f-series_019_firmwareagilex_7_fpga_i-series_023_firmwareagilex_7_fpga_i-series_022_firmwareagilex_7_fpga_i-series_019_firmwareagilex_7_fpga_i-series_035_firmwareagilex_7_fpga_i-series_040_firmwareagilex_7_fpga_f-series_022_firmwareagilex_7_fpga_i-series_041_firmwareagilex_7_fpga_f-series_012_firmwareagilex_7_fpga_f-series_027_firmwareagilex_7_fpga_i-series_027_firmwareagilex_7_fpga_f-series_014_firmwareagilex_7_fpga_m-series_039_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-8752
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.80%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:05
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-cloud_backupactive_management_technology_firmwarestandard_manageabilityIntel(R) AMT, Intel(R) ISM versions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11171
Matching Score-10
Assigner-Intel Corporation
ShareView Details
Matching Score-10
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 66.94%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:36
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-32292
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.71% / 81.60%
||
7 Day CHG+0.23%
Published-03 Aug, 2022 | 00:00
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code.

Action-Not Available
Vendor-n/aIntel CorporationDebian GNU/Linux
Product-connmandebian_linuxn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20596
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.26%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:55
Updated-02 Aug, 2024 | 09:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the SMM Supervisor may allow an attacker with a compromised SMI handler to gain Ring0 access potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_pro_7940hs_firmwareryzen_5_6600h_firmwareryzen_7_7800x3d_firmwareryzen_5_pro_7640hs_firmwareryzen_7_7735hs_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxryzen_7_5800hsryzen_5_5500hryzen_5_5600hsryzen_3_5300geryzen_7_5825uryzen_7_5825u_firmwareryzen_5_6600hryzen_9_6980hxryzen_5_5560uryzen_9_7950xryzen_9_7940hryzen_5_pro_7640uryzen_9_7900xryzen_7_7700xryzen_5_6600hsryzen_7_7840hryzen_9_5900hsryzen_5_pro_7545u_firmwareryzen_7_7700x_firmwareryzen_7_5700gryzen_9_5980hsryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_7600ryzen_7_5800h_firmwareryzen_9_6900hsryzen_5_7640hryzen_7_pro_7840u_firmwareryzen_3_5400uryzen_5_7640h_firmwareryzen_7_7700_firmwareryzen_9_5980hs_firmwareryzen_7_7735uryzen_3_5300gryzen_5_7600x_firmwareryzen_7_6800h_firmwareryzen_9_pro_7945ryzen_5_5600ge_firmwareryzen_7_6800u_firmwareryzen_5_5600hs_firmwareryzen_7_pro_7745ryzen_5_5600h_firmwareryzen_9_6900hs_firmwareryzen_3_5400u_firmwareryzen_5_pro_7640u_firmwareryzen_7_6800hs_firmwareryzen_7_pro_7840uryzen_7_pro_7745_firmwareryzen_5_7535uryzen_7_7800x3dryzen_9_7900x3d_firmwareryzen_5_pro_7640hsryzen_7_7840h_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_7535u_firmwareryzen_7_6800uryzen_7_7736uryzen_5_5600gryzen_9_pro_7945_firmwareryzen_3_5425u_firmwareryzen_7_7735hsryzen_9_7900x3dryzen_5_5600uryzen_5_pro_7540u_firmwareryzen_9_5900hx_firmwareryzen_5_5600geryzen_9_7900_firmwareryzen_5_7600xryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_9_6980hs_firmwareryzen_7_5700geryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_pro_7645_firmwareryzen_5_6600u_firmwareryzen_3_7335uryzen_7_5700g_firmwareryzen_5_7535hs_firmwareryzen_5_7600_firmwareryzen_7_pro_7840hs_firmwareryzen_7_pro_7840hsryzen_5_7500f_firmwareryzen_5_7535hsryzen_9_7940h_firmwareryzen_3_5300g_firmwareryzen_5_7500fryzen_7_5800u_firmwareryzen_9_pro_7940hsryzen_7_7736u_firmwareryzen_5_6600hs_firmwareryzen_3_7440u_firmwareryzen_3_5425uryzen_5_pro_7540uryzen_9_5980hx_firmwareryzen_5_5560u_firmwareryzen_3_7440uryzen_7_5800uryzen_9_5900hxryzen_9_7950x3d_firmwareryzen_5_5600g_firmwareryzen_5_pro_7645ryzen_9_7950x3dryzen_7_7700ryzen_5_5500h_firmwareryzen_5_pro_7545uryzen_7_5800hryzen_9_7900ryzen_9_7950x_firmwareryzen_7_5800hs_firmwareryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700ge_firmwareryzen_9_6980hsryzen_7_6800hryzen_9_7900x_firmwareRyzen™ 7040 Series Mobile Processors with Radeon™ Graphics Formerly codenamed “Phoenix”AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael”Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics Formerly codenamed “Cezanne” AM4Ryzen™ 7000 Series Desktop Processors with Radeon™ Graphics Formerly codenamed “Raphael” X3DAMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”
CVE-2023-20586
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.68%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:05
Updated-11 Oct, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Radeon™ Software Crimson ReLive Edition

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-radeon_softwareRadeon™ Software Crimson ReLive Edition
CVE-2024-21981
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-5.7||MEDIUM
EPSS-0.02% / 4.28%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:54
Updated-15 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded 5000 Series ProcessorsAMD Ryzen™ Embedded R2000 Series ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD EPYC™ 7001 Series ProcessorsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD EPYC™ Embedded 7002 Series ProcessorsAMD EPYC™ 7002 Series ProcessorsAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD EPYC™ Embedded 7003 Series ProcessorsAMD Ryzen™ Embedded V1000 Series ProcessorsAMD Ryzen™ Embedded R1000 Series ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD EPYC™ 7003 Series ProcessorsAMD EPYC™ Embedded 3000 Series ProcessorsAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphicsryzenepycathlon
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-4324
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CVE-2023-4329
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CVE-2023-4325
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.15%
||
7 Day CHG~0.00%
Published-15 Aug, 2023 | 18:25
Updated-08 Oct, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities

Action-Not Available
Vendor-Intel CorporationBroadcom Inc.
Product-raid_controller_web_interfaceLSI Storage Authority (LSA)RAID Web Console 3 (RWC3)raid_web_console_3lsi_storage_authority
CVE-2021-26379
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.17% / 38.58%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7552_firmwareepyc_7282_firmwareepyc_7742_firmwareepyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7h12epyc_7453epyc_73f3_firmwareepyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_73f3epyc_74f3_firmwareepyc_7252epyc_7402_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7402epyc_7643epyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7502p_firmwareepyc_7713_firmwareepyc_7713epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_72623rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CVE-2022-38787
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.7||MEDIUM
EPSS-0.04% / 8.79%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:17
Updated-27 Jan, 2025 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-stratix_10_sx_650_fpgastratix_10_gx_400_fpga_firmwareagilex_7_fpga_f-series_006_firmwareagilex_7_fpga_i-series_022stratix_10_tx_2500_fpga_firmwarestratix_10_gx_10m_fpga_firmwarestratix_10_sx_1650_fpgastratix_10_gx_2800_fpga_firmwarestratix_10_tx_850_fpga_firmwarestratix_10_tx_1650_fpgastratix_10_gx_850_fpgastratix_10_gx_1660_fpgastratix_10_sx_400_fpga_firmwareagilex_7_fpga_i-series_022_firmwarestratix_10_dx_2100_fpgaagilex_7_fpga_i-series_035_firmwarestratix_10_tx_400_fpga_firmwarestratix_10_mx_2100_fpga_firmwareagilex_7_fpga_m-series_039stratix_10_gx_2500_fpga_firmwarestratix_10_gx_10m_fpgaagilex_7_fpga_f-series_012_firmwareagilex_7_fpga_f-series_023stratix_10_gx_2100_fpga_firmwarestratix_10_tx_1100_fpga_firmwarestratix_10_tx_1650_fpga_firmwareagilex_7_fpga_m-series_039_firmwareagilex_7_fpga_f-series_019_firmwarestratix_10_sx_1100_fpgaagilex_7_fpga_f-series_022stratix_10_tx_2800_fpga_firmwarestratix_10_tx_2800_fpgaagilex_7_fpga_i-series_023_firmwarestratix_10_sx_2500_fpga_firmwarestratix_10_gx_650_fpgaagilex_7_fpga_i-series_041agilex_7_fpga_i-series_040stratix_10_tx_1100_fpgaagilex_7_fpga_f-series_008stratix_10_gx_2100_fpgastratix_10_gx_1650_fpgaagilex_7_fpga_f-series_022_firmwarestratix_10_gx_1100_fpga_firmwarestratix_10_sx_400_fpgastratix_10_dx_1100_fpgastratix_10_sx_1100_fpga_firmwarestratix_10_gx_2110_fpga_firmwareagilex_7_fpga_f-series_027stratix_10_sx_650_fpga_firmwareagilex_7_fpga_i-series_027_firmwareagilex_7_fpga_i-series_027stratix_10_sx_850_fpgastratix_10_nx_2100_fpga_firmwareagilex_7_fpga_f-series_012stratix_10_nx_2100_fpgastratix_10_dx_1100_fpga_firmwareagilex_7_fpga_f-series_008_firmwarestratix_10_sx_850_fpga_firmwarestratix_10_sx_1650_fpga_firmwarestratix_10_gx_400_fpgastratix_10_mx_1650_fpgastratix_10_sx_2100_fpgastratix_10_gx_1660_fpga_firmwarestratix_10_tx_2100_fpga_firmwareagilex_7_fpga_i-series_040_firmwarestratix_10_sx_2800_fpgastratix_10_tx_400_fpgaagilex_7_fpga_i-series_035agilex_7_fpga_i-series_041_firmwareagilex_7_fpga_f-series_006agilex_7_fpga_f-series_027_firmwarestratix_10_tx_2100_fpgastratix_10_gx_650_fpga_firmwareagilex_7_fpga_f-series_014agilex_7_fpga_f-series_014_firmwarestratix_10_tx_2500_fpgaagilex_7_fpga_f-series_023_firmwarestratix_10_gx_1650_fpga_firmwarestratix_10_sx_2100_fpga_firmwarestratix_10_dx_2800_fpga_firmwarestratix_10_dx_2800_fpgastratix_10_tx_850_fpgastratix_10_sx_2500_fpgastratix_10_dx_2100_fpga_firmwareagilex_7_fpga_i-series_019_firmwarestratix_10_gx_850_fpga_firmwareagilex_7_fpga_i-series_019stratix_10_sx_2800_fpga_firmwarestratix_10_gx_1100_fpgaagilex_7_fpga_f-series_019stratix_10_gx_2110_fpgastratix_10_mx_1650_fpga_firmwarestratix_10_gx_2500_fpgaagilex_7_fpga_i-series_023stratix_10_gx_2800_fpgastratix_10_mx_2100_fpgaIntel(R) FPGA products
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33964
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.4||HIGH
EPSS-0.14% / 34.52%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR software
CWE ID-CWE-20
Improper Input Validation
CVE-2017-5689
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-94.30% / 99.94%
||
7 Day CHG~0.00%
Published-02 May, 2017 | 14:00
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-07-28||Apply updates per vendor instructions.

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).

Action-Not Available
Vendor-Siemens AGHewlett Packard Enterprise (HPE)Intel Corporation
Product-simatic_ipc627dsimatic_pcs_7_ipc647csimatic_ipc827d_firmwaresimatic_pcs_7_ipc677c_firmwaresimotion_p320-4_sproliant_ml10_gen9_server_firmwaresimatic_ipc827csimatic_ipc547gsimatic_ipc477d_firmwaresimatic_field_pg_m4_firmwaresimatic_pcs_7_ipc647c_firmwaresimatic_pcs_7_ipc847csimatic_pcs_7_ipc677csimatic_itp1000_firmwaresimatic_ipc847c_firmwaresimatic_ipc647c_firmwaresimatic_ipc427dsimatic_pcs_7_ipc477d_firmwaresimatic_pcs_7_ipc547g_firmwaresinumerik_pcu_50.5-psimatic_pcs_7_ipc847dsimatic_ipc647d_firmwaresimatic_pcs_7_ipc627c_firmwaresimatic_ipc477dsimatic_ipc547g_firmwaresinumerik_pcu50.5-p_firmwaresimatic_ipc477e_firmwaresimatic_pcs_7_ipc427e_firmwaresimatic_pcs_7_ipc627csimatic_ipc647dproliant_ml10_gen9_serversimatic_pcs_7_ipc547d_firmwaresimatic_ipc477esimotion_p320-4_s_firmwaresimatic_ipc547esimatic_field_pg_m3_firmwaresimatic_pcs_7_ipc547e_firmwaresimatic_ipc427esimatic_pcs_7_ipc427esimatic_ipc677csimatic_pcs_7_ipc647dsimatic_pcs_7_ipc847c_firmwareactive_management_technology_firmwaresimatic_pcs_7_ipc647d_firmwaresimatic_ipc427e_firmwaresimatic_ipc547e_firmwaresimatic_ipc827dsimatic_ipc547d_firmwaresimatic_ipc847csimatic_field_pg_m5simatic_ipc647csimatic_ipc547dsimatic_ipc627d_firmwaresimatic_pcs_7_ipc547gsimatic_field_pg_m3simatic_ipc677c_firmwaresimatic_ipc847dsimatic_ipc627csimatic_field_pg_m4simatic_pcs_7_ipc547esimatic_ipc677dsimatic_pcs_7_ipc477dsimatic_ipc627c_firmwaresimatic_pcs_7_ipc547dsimatic_pcs_7_ipc847d_firmwaresimatic_itp1000simatic_field_pg_m5_firmwaresimatic_ipc427d_firmwaresimatic_ipc847d_firmwaresimatic_ipc677d_firmwaresimatic_ipc827c_firmwareIntel Active Mangement Technology, Intel Small Business Technology, Intel Standard ManageabilityActive Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31273
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-10||CRITICAL
EPSS-0.36% / 57.74%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure in some Intel DCM software before version 5.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-data_center_managerIntel DCM software
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30601
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.46% / 80.03%
||
7 Day CHG+0.80%
Published-18 Aug, 2022 | 00:00
Updated-05 May, 2025 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwarestandard_manageabilityIntel(R) AMT and Intel(R) Standard Manageability
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2022-29486
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.71%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hyperscanHyperscan library maintained by Intel(R)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-29514
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.7||HIGH
EPSS-0.57% / 67.61%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-system_usage_reportIntel(R) SUR software
CVE-2020-5955
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.73% / 71.66%
||
7 Day CHG~0.00%
Published-03 Nov, 2021 | 00:19
Updated-04 Aug, 2024 | 08:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.

Action-Not Available
Vendor-n/aIntel CorporationInsyde Software Corp. (ISC)
Product-comet_laketiger_lakegreenlowcomet_lake_rvpmehlowskylake_mrdmehlow-rskylakeinsydeh2o_uefi_bioswhiskey_lakegreenlow-rwhiskey_lake_rvppurley-ep_refresh_neon_cityelkhart_lakecoffee_lakeice_lakecannon_lakekaby_lakegrantley-epwhitley-spkaby_lake_mrdn/a
CVE-2022-26845
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.7||HIGH
EPSS-0.26% / 49.06%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-287
Improper Authentication
CVE-2023-25775
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.22% / 45.10%
||
7 Day CHG-0.02%
Published-11 Aug, 2023 | 02:36
Updated-13 Feb, 2025 | 16:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ethernet_controller_rdma_driver_for_linuxIntel(R) Ethernet Controller RDMA driver for linux
CWE ID-CWE-284
Improper Access Control
CVE-2022-25899
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.31% / 78.93%
||
7 Day CHG+0.48%
Published-18 Aug, 2022 | 19:58
Updated-25 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_active_management_technology_cloud_toolkitIntel(R)
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-26843
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.3||HIGH
EPSS-0.54% / 66.54%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compileroneapi_toolkitsIntel(R) oneAPI DPC++/C++ Compiler
CVE-2022-25987
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-8.3||HIGH
EPSS-0.60% / 68.32%
||
7 Day CHG+0.11%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of Unicode encoding in source code to be compiled by the Intel(R) C++ Compiler Classic before version 2021.6 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_toolkitsc\+\+_compiler_classicIntel(R) C++ Compiler Classic
CVE-2022-23820
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.38%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:52
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xryzen_5_6600h_firmwareryzen_5_3580uathlon_3015ceryzen_7_4800u_firmwareryzen_5_5500x_firmwareryzen_5_pro_5645ryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_7_7735hs_firmwareryzen_9_3900xryzen_5_pro_3350ge_firmwareryzen_9_5900x_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxathlon_3015eryzen_7_5800hsryzen_5_5500hryzen_5_5600xryzen_9_5900_firmwareryzen_5_5600hsryzen_5_3600xt_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_3750h_firmwareryzen_threadripper_3960x_firmwareryzen_5_6600hryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_4500u_firmwareryzen_9_6980hxryzen_threadripper_pro_3975wxryzen_5_5560uryzen_3_3100ryzen_7_3750hryzen_5_6600hsryzen_7_3780uryzen_7_pro_5845athlon_3015e_firmwareryzen_9_5900hsryzen_9_4900hsryzen_7_4980u_firmwareryzen_threadripper_2920xryzen_9_5980hsryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_3_5125c_firmwareryzen_5_55003xd_firmwareryzen_9_6900hxryzen_7_5800h_firmwareryzen_9_6900hsryzen_3_3300xryzen_7_3700xryzen_5_3500uryzen_5_5500ryzen_3_5400uryzen_9_4900hs_firmwareryzen_9_4900h_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hryzen_5_4500uryzen_9_pro_5945ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900ryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_5_pro_3350gryzen_7_4980uryzen_9_5900ryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_7_7735uryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_5600hs_firmwareryzen_5_56003xdryzen_3_3350u_firmwareryzen_5_5600h_firmwareryzen_7_5700ryzen_5_4680uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareryzen_3_3300u_firmwareryzen_7_5800ryzen_7_4700uryzen_7_6800hs_firmwareryzen_7_3800xryzen_5_7535uryzen_5_4600uryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_threadripper_2990wx_firmwareryzen_5_3500cryzen_5_4600hryzen_5_4600u_firmwareryzen_5_56003xd_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_5_7535u_firmwareryzen_7_6800uryzen_3_3300uryzen_7_7736uryzen_5_3600xtryzen_3_5425u_firmwareryzen_7_7735hsryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareryzen_7_4800hryzen_5_5600uryzen_9_4900hryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareathlon_3015ce_firmwareryzen_threadripper_2970wxryzen_7_4800hsryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_5_5625uryzen_5_6600uryzen_5_pro_3400gryzen_threadripper_2920x_firmwareryzen_7_4800hs_firmwareryzen_9_6980hs_firmwareryzen_5_3450uryzen_3_5125cryzen_7_3800x_firmwareryzen_5_pro_3350geryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_7_pro_5845_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_5_6600u_firmwareryzen_3_7335uryzen_7_3800xtryzen_threadripper_2970wx_firmwareryzen_7_5700_firmwareryzen_5_7535hs_firmwareryzen_9_3950x_firmwareryzen_9_pro_5945_firmwareryzen_threadripper_pro_3995wxryzen_5_4600h_firmwareryzen_5_7535hsryzen_7_3700c_firmwareryzen_7_5700x_firmwareryzen_threadripper_pro_3955wxryzen_5_4600hsryzen_7_5800u_firmwareryzen_7_7736u_firmwareryzen_9_3900x_firmwareryzen_7_4700u_firmwareryzen_7_3700uryzen_5_6600hs_firmwareryzen_5_pro_5645_firmwareryzen_3_3350uryzen_5_3500_firmwareryzen_3_5425uryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5800uryzen_9_5900hxryzen_5_4680u_firmwareryzen_5_4600hs_firmwareryzen_5_pro_3400geryzen_5_5500h_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xryzen_3_5100ryzen_5_3500ryzen_7_5800hryzen_5_3450u_firmwareryzen_threadripper_pro_3945wxryzen_5_3600ryzen_5_pro_3400ge_firmwareryzen_threadripper_3970x_firmwareryzen_5_3500u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_7_5800hs_firmwareryzen_7_4800uryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD Ryzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5AMD Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAMD Ryzen™ 5000 Series Desktop Processors “Vermeer”AMD EPYC™ Embedded 7003AMD Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM43rd Gen AMD EPYC™ ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSAMD Ryzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"AMD Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”Ryzen™ 3000 series Desktop Processors “Matisse"AMD Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23821
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.56%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 18:54
Updated-03 Dec, 2024 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xryzen_5_6600h_firmwareryzen_5_3580uathlon_3015ceryzen_7_4800u_firmwareryzen_5_5500x_firmwareryzen_3_3250cryzen_5_pro_5645ryzen_3_3100_firmwareryzen_threadripper_2950x_firmwareryzen_7_7735hs_firmwareryzen_9_3900xryzen_5_pro_3350ge_firmwareryzen_9_5900x_firmwareryzen_9_6900hx_firmwareryzen_9_5980hxathlon_3015eryzen_7_5800hsryzen_5_5500hryzen_5_5600xryzen_9_5900_firmwareryzen_5_5600hsryzen_5_3600xt_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_3750h_firmwareryzen_threadripper_3960x_firmwareryzen_5_6600hryzen_threadripper_3960xryzen_threadripper_2950xryzen_5_4500u_firmwareryzen_9_6980hxryzen_threadripper_pro_3975wxryzen_5_5560uryzen_3_3100ryzen_7_3750hryzen_5_6600hsryzen_7_3780uryzen_7_pro_5845athlon_3015e_firmwareryzen_9_5900hsryzen_9_4900hsryzen_7_4980u_firmwareryzen_3_3250c_firmwareryzen_threadripper_2920xryzen_9_5980hsryzen_7_3700cryzen_5_pro_3350g_firmwareryzen_7_3800xt_firmwareryzen_3_5125c_firmwareryzen_5_55003xd_firmwareryzen_9_6900hxryzen_7_5800h_firmwareryzen_9_6900hsryzen_3_3300xryzen_7_3700xryzen_5_3500uryzen_5_5500ryzen_3_5400uryzen_9_4900hs_firmwareryzen_9_4900h_firmwareryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hryzen_5_4500uryzen_9_pro_5945ryzen_threadripper_3990x_firmwareryzen_7_3780u_firmwareryzen_9_3900ryzen_3_4300uryzen_7_4800h_firmwareryzen_3_4300u_firmwareryzen_5_5600x_firmwareryzen_9_3900_firmwareryzen_7_3700x_firmwareryzen_5_pro_3350gryzen_7_4980uryzen_9_5900ryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_7_7735uryzen_threadripper_3990xryzen_5_3500c_firmwareryzen_5_5600hs_firmwareryzen_5_56003xdryzen_3_3350u_firmwareryzen_5_5600h_firmwareryzen_7_5700ryzen_5_4680uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareryzen_3_3300u_firmwareryzen_7_5800ryzen_7_4700uryzen_7_6800hs_firmwareryzen_7_3800xryzen_5_7535uryzen_5_4600uryzen_9_5950xryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_threadripper_2990wx_firmwareryzen_5_3500cryzen_5_4600hryzen_5_4600u_firmwareryzen_3_3200u_firmwareryzen_5_56003xd_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_pro_3400g_firmwareryzen_9_3900xt_firmwareryzen_5_7535u_firmwareryzen_7_6800uryzen_3_3300uryzen_7_7736uryzen_5_3600xtryzen_3_5425u_firmwareryzen_7_7735hsryzen_5_3500x_firmwareryzen_9_3900xtryzen_5_3550h_firmwareryzen_7_4800hryzen_5_5600uryzen_9_4900hryzen_9_5900hx_firmwareryzen_5_3500xryzen_9_5950x_firmwareathlon_3015ce_firmwareryzen_threadripper_2970wxryzen_7_4800hsryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_5_5625uryzen_5_6600uryzen_5_pro_3400gryzen_threadripper_2920x_firmwareryzen_7_4800hs_firmwareryzen_9_6980hs_firmwareryzen_5_3450uryzen_3_5125cryzen_7_3800x_firmwareryzen_5_pro_3350geryzen_9_6980hx_firmwareryzen_7_7735u_firmwareryzen_7_pro_5845_firmwareryzen_threadripper_pro_3945wx_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_3600xryzen_5_6600u_firmwareryzen_3_7335uryzen_7_3800xtryzen_threadripper_2970wx_firmwareryzen_7_5700_firmwareryzen_5_7535hs_firmwareryzen_9_3950x_firmwareryzen_9_pro_5945_firmwareryzen_threadripper_pro_3995wxryzen_5_4600h_firmwareryzen_5_7535hsryzen_7_3700c_firmwareryzen_7_5700x_firmwareryzen_threadripper_pro_3955wxryzen_5_4600hsryzen_7_5800u_firmwareryzen_7_7736u_firmwareryzen_9_3900x_firmwareryzen_3_3200uryzen_7_4700u_firmwareryzen_7_3700uryzen_5_6600hs_firmwareryzen_5_pro_5645_firmwareryzen_3_3350uryzen_5_3500_firmwareryzen_3_5425uryzen_threadripper_pro_3955wx_firmwareryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_threadripper_pro_3995wx_firmwareryzen_7_5800uryzen_9_5900hxryzen_5_4680u_firmwareryzen_5_4600hs_firmwareryzen_3_3250uryzen_5_pro_3400geryzen_5_5500h_firmwareryzen_9_3950xryzen_threadripper_2990wxryzen_5_5600ryzen_threadripper_3970xryzen_3_5100ryzen_5_3500ryzen_7_5800hryzen_5_3450u_firmwareryzen_threadripper_pro_3945wxryzen_5_3600ryzen_5_pro_3400ge_firmwareryzen_threadripper_3970x_firmwareryzen_3_3250u_firmwareryzen_threadripper_pro_3975wx_firmwareryzen_5_3500u_firmwareryzen_7_5800hs_firmwareryzen_7_4800uryzen_5_5625u_firmwareryzen_3_7335u_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hRyzen™ Threadripper™ PRO Processors “Castle Peak” WS SP3Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6AMD Ryzen™ Embedded V2000Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5AMD Ryzen™ Embedded R1000AMD Ryzen™ Embedded V1000Ryzen™ Threadripper™ 3000 Series Processors “Castle Peak” HEDTAthlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”AMD Ryzen™ Embedded R2000Ryzen™ 3000 Series Desktop Processors “Matisse”AMD Ryzen™ 7035 Series Processors with Radeon™ Graphics “Rembrandt-R”Ryzen™ 5000 Series Desktop Processors “Vermeer”Ryzen™ Threadripper™ 2000 Series Processors “Colfax”AMD Ryzen™ 6000 Series Processors with Radeon™ Graphics "Rembrandt"Ryzen™ Threadripper™ PRO 3000WX Series Processors “Chagall” WSRyzen™ 3000 Series Mobile Processor with Radeon™ Graphics “Picasso” FP5Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso” AM4AMD Ryzen™ Embedded 5000Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”AMD Ryzen™ 7030 Series Mobile Processors with Radeon™ Graphics “Barcelo-R”AMD Ryzen™ 5000 Series Processors with Radeon™ Graphics “Barcelo”AMD Ryzen™ Embedded V3000Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne”
CVE-2020-12338
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.81% / 82.06%
||
7 Day CHG~0.00%
Published-13 Nov, 2020 | 20:00
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-open_webrtc_toolkitOpen WebRTC Toolkit
CVE-2020-11483
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.35%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1dgx-2NVIDIA DGX Servers
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2022-22730
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 60.14%
||
7 Day CHG-0.05%
Published-18 Aug, 2022 | 19:44
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-edge_insights_for_industrialIntel(R) Edge Insights for Industrial software
CWE ID-CWE-287
Improper Authentication
CVE-2020-11486
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.13% / 83.45%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 03:35
Updated-04 Aug, 2024 | 11:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product's environment, which may lead to remote code execution.

Action-Not Available
Vendor-NVIDIA CorporationIntel Corporation
Product-bmc_firmwaredgx-1NVIDIA DGX Servers
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-12315
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.49% / 80.28%
||
7 Day CHG~0.00%
Published-12 Nov, 2020 | 18:14
Updated-04 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-endpoint_management_assistantIntel(R) EMA
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-0595
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.78% / 85.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:56
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-service_manageractive_management_technology_firmwareIntel(R) AMT and Intel(R) ISM
CWE ID-CWE-416
Use After Free
CVE-2021-46760
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.23% / 45.42%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 19:01
Updated-27 Jan, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_3975wxryzen_3975wx_firmwareryzen_3955wx_firmwareryzen_3995wxryzen_3955wxryzen_3970x_firmwareryzen_3960xryzen_3945wx_firmwareryzen_3970xryzen_3990xryzen_3960x_firmwareryzen_3995wx_firmwareryzen_3945wxryzen_3990x_firmware3rd Gen AMD Ryzen™ Threadripper™ Processors “Castle Peak” HEDTRyzen™ Threadripper™ PRO Processors “Castle Peak” WS
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-7247
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.94% / 75.33%
||
7 Day CHG~0.00%
Published-18 May, 2020 | 15:52
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges.

Action-Not Available
Vendor-n/aAdvanced Micro Devices, Inc.
Product-overdriven/a
CVE-2021-41842
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.22% / 78.19%
||
7 Day CHG~0.00%
Published-05 Jan, 2022 | 23:07
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler lacks a CommBuffer check.

Action-Not Available
Vendor-n/aInsyde Software Corp. (ISC)
Product-insydeh2on/a
CVE-2019-11131
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.59% / 68.11%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:08
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CVE-2019-11119
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.06%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-raid_web_console_3Intel(R) RAID Web Console 3 for Windows*
CVE-2019-11107
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 62.96%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:09
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) AMT
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8758
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.59% / 80.90%
||
7 Day CHG+0.28%
Published-10 Sep, 2020 | 14:22
Updated-04 Aug, 2024 | 10:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel CorporationNetApp, Inc.
Product-active_management_technology_firmwarestandard_manageabilitysteelstore_cloud_integrated_storageIntel(R) AMT and Intel(R) ISM
CVE-2017-12865
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.76% / 87.57%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

Action-Not Available
Vendor-n/aDebian GNU/LinuxIntel Corporation
Product-debian_linuxconnmann/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2020-0594
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.78% / 85.48%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 13:55
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-service_manageractive_management_technology_firmwareIntel(R) AMT and Intel(R) ISM
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-0169
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 21:07
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-converged_security_management_engine_firmwaretrusted_execution_engine_firmwareIntel(R) TXE
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20555
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 16.68%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:07
Updated-24 Oct, 2024 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-ryzen_9_5900xathlon_gold_pro_3150ge_firmwareryzen_5_3580uryzen_5_6600h_firmwareathlon_3015ceryzen_7_4800u_firmwareathlon_silver_3050u_firmwareathlon_silver_3050e_firmwareryzen_5_pro_5645ryzen_7_7800x3d_firmwareryzen_9_5900x_firmwareryzen_9_6900hx_firmwareathlon_gold_3150c_firmwareryzen_3_3300_firmwareryzen_9_5980hxathlon_3015eathlon_pro_300geryzen_7_5800hsryzen_5_5600xryzen_9_5900_firmwareryzen_7_pro_7730uryzen_3_pro_7330uryzen_5_5600hsryzen_3_5300geathlon_gold_pro_3150gryzen_3_4100_firmwareryzen_7_5825uryzen_7_5825u_firmwareryzen_5_3600x_firmwareryzen_7_3750h_firmwareryzen_5_6600hryzen_7_5800x3d_firmwareryzen_9_3800x_firmwareryzen_5_4500u_firmwareryzen_9_6980hxathlon_pro_3145bryzen_5_5560uryzen_9_7950xryzen_7_3750hryzen_7_5700u_firmwareryzen_9_7900xryzen_7_7700xryzen_5_6600hsathlon_silver_3050eryzen_7_3780uryzen_7_pro_5845athlon_3015e_firmwareryzen_9_5900hsryzen_3_4100ryzen_9_4900hsryzen_7_7700x_firmwareryzen_7_4980u_firmwareryzen_7_5700gryzen_9_5980hsryzen_7_3700cryzen_3_5125c_firmwareryzen_9_6900hxryzen_5_7600ryzen_5_5500u_firmwareryzen_7_5800h_firmwareryzen_9_6900hsryzen_3_3300xryzen_7_3700xryzen_5_3500uryzen_5_5500ryzen_3_5400uryzen_9_4900hs_firmwareryzen_9_4900h_firmwareathlon_pro_3045bathlon_gold_pro_3150geryzen_5_5600_firmwareryzen_7_5800xryzen_5_3550hryzen_5_4500uryzen_9_pro_5945ryzen_7_3780u_firmwareryzen_3_4300uathlon_gold_3150geryzen_7_4800h_firmwareryzen_7_7700_firmwareathlon_silver_3050c_firmwareryzen_3_4300u_firmwareryzen_5_5600x_firmwareryzen_7_4980uryzen_7_3700x_firmwareryzen_7_5800x3dryzen_3_5300gryzen_9_5900ryzen_9_pro_7945ryzen_5_5600ge_firmwareryzen_5_7600x_firmwareryzen_9_5980hs_firmwareryzen_7_6800h_firmwareryzen_7_6800u_firmwareryzen_5_3500c_firmwareryzen_5_5600hs_firmwareryzen_3_7320uryzen_5_pro_7530uryzen_7_pro_7745athlon_gold_3150uryzen_3_3350u_firmwareryzen_5_5600h_firmwareryzen_5_7520uryzen_7_5700ryzen_5_4680uryzen_5_5500uryzen_3_5400u_firmwareryzen_9_6900hs_firmwareathlon_silver_3050cryzen_7_5800ryzen_3_3300u_firmwareryzen_7_4700uryzen_7_6800hs_firmwareryzen_7_pro_7745_firmwareryzen_7_3700_firmwareathlon_gold_3150g_firmwareryzen_7_7800x3dryzen_5_4600uryzen_9_5950xryzen_9_7900x3d_firmwareryzen_5_3600_firmwareryzen_5_5500_firmwareryzen_5_3580u_firmwareryzen_5_3500cryzen_5_4600hryzen_5_4600u_firmwareryzen_3_3300x_firmwareryzen_5_5600hryzen_7_6800hsryzen_5_4500ryzen_3_5300u_firmwareryzen_7_6800uryzen_3_3300uryzen_3_5300uryzen_5_5600gryzen_9_pro_7945_firmwareryzen_3_5425u_firmwareryzen_7_3700ryzen_9_7900x3dryzen_5_3550h_firmwareryzen_7_4800hryzen_5_5600uathlon_pro_3045b_firmwareryzen_9_4900hryzen_9_5900hx_firmwareryzen_9_5950x_firmwareathlon_3015ce_firmwareryzen_5_5600x3d_firmwareryzen_5_5600geryzen_7_4800hsryzen_9_7900_firmwareryzen_5_7600xryzen_7_3700u_firmwareryzen_7_5800x_firmwareryzen_3_5300ge_firmwareryzen_5_5625uryzen_5_6600uryzen_9_6980hs_firmwareryzen_9_3850xryzen_7_5700geryzen_5_3450uryzen_7_4800hs_firmwareathlon_pro_3145b_firmwareryzen_3_5125cryzen_9_6980hx_firmwareryzen_7_pro_5845_firmwareryzen_9_5900hs_firmwareryzen_5_5600u_firmwareryzen_5_5600x3dryzen_5_3600xryzen_5_pro_7645_firmwareathlon_pro_300ge_firmwareryzen_5_6600u_firmwareryzen_7_5700g_firmwareryzen_7_5700_firmwareryzen_5_7600_firmwareryzen_5_7500f_firmwareryzen_9_pro_5945_firmwareryzen_5_7520u_firmwareryzen_5_4600h_firmwareathlon_gold_3150gryzen_5_4500_firmwareryzen_7_3700c_firmwareryzen_7_5700x_firmwareryzen_3_5300g_firmwareryzen_5_7500fryzen_5_4600hsryzen_7_5800u_firmwareryzen_3_7320u_firmwareryzen_7_4700u_firmwareryzen_7_3700uryzen_5_6600hs_firmwareryzen_3_3300ryzen_9_3800xryzen_5_pro_5645_firmwareryzen_3_pro_7330u_firmwareathlon_silver_3050uryzen_3_3350uryzen_3_5425uryzen_7_5800_firmwareryzen_9_5980hx_firmwareryzen_3_5100_firmwareryzen_5_5560u_firmwareryzen_4700s_firmwareryzen_7_5800uryzen_9_5900hxathlon_gold_pro_3150g_firmwareryzen_9_7950x3d_firmwareryzen_9_3850x_firmwareryzen_5_4600hs_firmwareathlon_gold_3150cryzen_5_4680u_firmwareryzen_5_5600g_firmwareryzen_5_pro_7645athlon_gold_3150u_firmwareryzen_9_7950x3dryzen_7_7700ryzen_5_5600ryzen_3_5100ryzen_4700sryzen_7_5800hryzen_7_pro_7730u_firmwareryzen_5_3450u_firmwareryzen_9_7900ryzen_5_3600ryzen_9_7950x_firmwareryzen_5_3500u_firmwareryzen_5_pro_7530u_firmwareryzen_7_5800hs_firmwareathlon_gold_3150ge_firmwareryzen_7_4800uryzen_5_5625u_firmwareryzen_7_5700uryzen_7_5700ge_firmwareryzen_7_5700xryzen_9_6980hsryzen_7_6800hryzen_9_7900x_firmwareRyzen™ 3000 Series Mobile Processors with Radeon™ Graphics “Picasso”Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics “Renoir” FP5Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics “Renoir” FP6Ryzen™ 6000 Series Mobile Processors "Rembrandt"Athlon™ 3000 Series Desktop Processors with Radeon™ Graphics “Picasso”Ryzen™ 3000 Series Desktop Processors “Matisse” AM4Ryzen™ 5000 Series Desktop Processors “Vermeer” AM4Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Dali”/”Dali” FP5Ryzen™ 7020 Series Mobile Processors “Mendocino”Ryzen™ 7000 Series Processors “Raphael”Athlon™ 3000 Series Mobile Processors with Radeon™ Graphics “Pollock”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Lucienne”Ryzen™ 5000 Series Mobile Processors with Radeon™ Graphics “Cezanne”Ryzen™ 5000 Series Desktop Processor with Radeon™ Graphics “Cezanne” AM4Ryzen™ 7030 Series Mobile Processors “Barcelo” ryzen_7000_series_desktop_processorsathlon_3000gryzen_3000_series_desktop_processorsryzen_5000_series_desktop_processorsryzen_4000_series_desktop_processors_with_radeon_graphics
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-0096
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-8||HIGH
EPSS-0.25% / 47.71%
||
7 Day CHG-0.01%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-active_management_technology_firmwareIntel(R) Active Management Technology (AMT)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-20524
Matching Score-6
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-6
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.79%
||
7 Day CHG~0.00%
Published-09 May, 2023 | 18:36
Updated-28 Jan, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-epyc_72f3_firmwareepyc_7443pepyc_7552_firmwareepyc_7282_firmwareepyc_7742_firmwareepyc_7773xepyc_7f72_firmwareepyc_7413epyc_7532epyc_7313p_firmwareepyc_7702p_firmwareepyc_7663epyc_7h12epyc_7453epyc_73f3_firmwareepyc_7f52epyc_7543_firmwareepyc_7f32epyc_7402pepyc_7552epyc_73f3epyc_74f3_firmwareepyc_7252epyc_7402_firmwareepyc_7642_firmwareepyc_75f3_firmwareepyc_7262_firmwareepyc_7343epyc_7542epyc_7642epyc_7443_firmwareepyc_7272_firmwareepyc_7302epyc_7f32_firmwareepyc_7763_firmwareepyc_7573x_firmwareepyc_7252_firmwareepyc_7473x_firmwareepyc_7352epyc_7643_firmwareepyc_7662epyc_7473xepyc_7232pepyc_7532_firmwareepyc_7453_firmwareepyc_7713p_firmwareepyc_7302_firmwareepyc_7702_firmwareepyc_7742epyc_72f3epyc_7f52_firmwareepyc_7543pepyc_7502epyc_7452epyc_7513epyc_7302pepyc_7763epyc_7413_firmwareepyc_74f3epyc_7502_firmwareepyc_7402p_firmwareepyc_7713pepyc_7402epyc_7643epyc_7313epyc_7232p_firmwareepyc_7443epyc_7302p_firmwareepyc_7663_firmwareepyc_7352_firmwareepyc_7543epyc_7502p_firmwareepyc_7713_firmwareepyc_7713epyc_7702epyc_7702pepyc_75f3epyc_7313pepyc_7773x_firmwareepyc_7313_firmwareepyc_7573xepyc_7502pepyc_7h12_firmwareepyc_7452_firmwareepyc_7543p_firmwareepyc_7282epyc_7272epyc_7513_firmwareepyc_7373xepyc_7662_firmwareepyc_7542_firmwareepyc_7f72epyc_7343_firmwareepyc_7443p_firmwareepyc_7373x_firmwareepyc_72623rd Gen AMD EPYC™ 2nd Gen AMD EPYC™
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-11182
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.25%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:38
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-hpcr1304wftysrbbs2600bpbhns2600bpb24rhpcr2208wf0zsrr1304wftysrhpcr2208wftzsrr2208wftzsrr2208wf0zsrr1208wftysr1304wf0ysr2224wfqzshns2600bpqbbs2600stqhpcr2312wftzsrhns2600bpbrhpcr2224wftzsrhns2600bpblchpcr2208wftzsrxbbs2600stbr2208wf0zsr2208wftzshns2600bpsrr1208wftysrr2208wftzsrxbbs2600stbrhns2600bpbrxr2312wf0nphns2600bpblcrs2600stbr2224wftzsrr2208wfqzsrr2224wftzsbbs2600bpqrbbs2600stqrr2208wfqzsbbs2600bpshns2600bpshpcr2312wf0nprhns2600bpq24rhns2600bpb24hns2600bps24hns2600bpq24hns2600bpblc24r2312wfqzshpcr1208wftysrs9256wk1hlchpchns2600bpsrbbs2600bpsrr2312wf0nprs2600stbrs2600wftrhns2600bpbhpcr2208wfqzsrs9248wk2hlcr1304wftysbbs2600bpbrs9248wk2hachpcr1208wfqysrhns2600bpblc24rs2600wf0rs2600stqrs9232wk1hlcs2600stqs9232wk2hacr2308wftzss9248wk1hlcs2600wfqrhpcr2308wftzsrr1208wfqysrhpchns2600bpbrr2312wftzsrr2308wftzsrhpcr1304wf0ysrhpchns2600bpqrs2600wf0hns2600bps24rs9232wk2hlchns2600bpqrs2600wfqbbs2600bpqr1304wf0ysrbaseboard_management_controller_firmwares2600wfthns2600bpb24rxr2312wftzsIntel(R) BMC
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-3632
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 23.25%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 21:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.

Action-Not Available
Vendor-Intel Corporation
Product-core_2_quadcore_2_soloxeon_silvercore_2_duocore_i5xeonxeon_goldcore_i9xeon_platinumactive_management_technology_firmwarecore_duocore_i7core_2_extremecore_solocore_i3Intel Active Management Technology
CWE ID-CWE-787
Out-of-bounds Write
Details not found