Page 2 of 25 results (0.011 seconds)

CVSS: 5.5EPSS: 0%CPEs: 126EXPL: 0

CVE-2021-46748

https://notcve.org/view.php?id=CVE-2021-46748

Insufficient bounds checking in the ASP (AMD Secure Processor) may allow an attacker to access memory outside the bounds of what is permissible to a TA (Trusted Application) resulting in a potential denial of service. Una verificación de límites insuficiente en el ASP (AMD Secure Processor) puede permitir que un atacante acceda a la memoria fuera de los límites de lo permitido para una TA (Trusted Application), lo que resulta en una posible denegación de servicio. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-6003 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00971.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.8EPSS: 0%CPEs: 305EXPL: 0

CVE-2023-39281

https://notcve.org/view.php?id=CVE-2023-39281

A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. Una vulnerabilidad de desbordamiento del búfer de pila descubierta en AsfSecureBootDxe en Insyde InsydeH2O con kernel 5.0 a 5.5 permite a los atacantes ejecutar código arbitrario durante la fase DXE. • https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2023054 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 5.5EPSS: 0%CPEs: 319EXPL: 0

CVE-2023-20597

https://notcve.org/view.php?id=CVE-2023-20597

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization •

CVSS: 4.4EPSS: 0%CPEs: 381EXPL: 0

CVE-2023-20594

https://notcve.org/view.php?id=CVE-2023-20594

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. La inicialización incorrecta de variables en el controlador DXE puede permitir que un usuario privilegiado filtre información sensible a través del acceso local. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4007 • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 264EXPL: 0

CVE-2023-20555

https://notcve.org/view.php?id=CVE-2023-20555

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. • https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-4003 • CWE-787: Out-of-bounds Write •