Page 154 of 38408 results (0.051 seconds)

CVSS: 3.3EPSS: 0%CPEs: -EXPL: 0

An insufficient bounds check in PMFW (Power Management Firmware) may allow an attacker to utilize a malicious VF (virtualization function) to send a malformed message, potentially resulting in a denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html • CWE-787: Out-of-bounds Write •

CVSS: 4.7EPSS: 0%CPEs: -EXPL: 0

An insufficient DRAM address validation in PMFW may allow a privileged attacker to read from an invalid DRAM address to SRAM, potentially resulting in data corruption or denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html •

CVSS: 3.9EPSS: 0%CPEs: 14EXPL: 0

Insufficient input validation in the ABL may allow a privileged attacker with access to the BIOS menu or UEFI shell to tamper with the structure headers in SPI ROM causing an out of bounds memory read and write, potentially resulting in memory corruption or denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •

CVSS: 5.2EPSS: 0%CPEs: 7EXPL: 0

Lack of stack protection exploit mechanisms in ASP Secure OS Trusted Execution Environment (TEE) may allow a privileged attacker with access to AMD signing keys to c006Frrupt the return address, causing a stack-based buffer overrun, potentially leading to a denial of service. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0

In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-226-08 • CWE-732: Incorrect Permission Assignment for Critical Resource •