CVSS: 7.3EPSS: 0%CPEs: -EXPL: 0CVE-2023-31348
https://notcve.org/view.php?id=CVE-2023-31348
A DLL hijacking vulnerability in AMD μProf could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. • https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-9001 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2023-20578
https://notcve.org/view.php?id=CVE-2023-20578
A TOCTOU (Time-Of-Check-Time-Of-Use) in SMM may allow an attacker with ring0 privileges and access to the BIOS menu or UEFI shell to modify the communications buffer potentially resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2022-23815
https://notcve.org/view.php?id=CVE-2022-23815
Improper bounds checking in APCB firmware may allow an attacker to perform an out of bounds write, corrupting the APCB entry, potentially leading to arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-4004.html •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2021-26344
https://notcve.org/view.php?id=CVE-2021-26344
An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. • https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37287 – Kibana arbitrary code execution via prototype pollution
https://notcve.org/view.php?id=CVE-2024-37287
A flaw allowing arbitrary code execution was discovered in Kibana. An attacker with access to ML and Alerting connector features, as well as write access to internal ML indices can trigger a prototype pollution vulnerability, ultimately leading to arbitrary code execution. • https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22 • CWE-94: Improper Control of Generation of Code ('Code Injection') •