Latest CVE Feed
-
7.5
HIGHCVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +264 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-46771
Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.... Read more
Affected Products : epyc_72f3_firmware epyc_7313_firmware epyc_7313p_firmware epyc_7343_firmware epyc_7373x_firmware epyc_73f3_firmware epyc_7413_firmware epyc_7443_firmware epyc_7443p_firmware epyc_7453_firmware +36 more products- Published: May. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-46766
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.... Read more
Affected Products : ryzen_threadripper_pro_3945wx_firmware ryzen_threadripper_pro_3955wx_firmware ryzen_threadripper_pro_3975wx_firmware ryzen_threadripper_pro_3995wx_firmware epyc_9124_firmware epyc_9174f_firmware epyc_9184x_firmware epyc_9224_firmware epyc_9254_firmware epyc_9274f_firmware +46 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46762
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +86 more products- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46758
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. ... Read more
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46754
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss ... Read more
- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-46744
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.... Read more
Affected Products : epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware epyc_7542_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7502_firmware +189 more products- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect ke... Read more
Affected Products : firebase_php-jwt- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46742
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46741
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.... Read more
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).... Read more
Affected Products : phpliteadmin- Published: Mar. 13, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's... Read more
Affected Products : swagger-ui-dist- Published: Mar. 11, 2022
- Modified: Nov. 21, 2024
-
5.1
MEDIUMCVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06... Read more
- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-46704
In GenieACS 1.2.x before 1.2.8, the UI interface API is vulnerable to unauthenticated OS command injection via the ping host argument (lib/ui/api.ts and lib/ping.ts). The vulnerability arises from insufficient input validation combined with a missing auth... Read more
Affected Products : genieacs- Published: Mar. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-46703
In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment (if users can externally control template contents). NOTE: This vulnerability only affects products ... Read more
Affected Products : razorengine- Published: Mar. 06, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-46702
Tor Browser 9.0.7 on Windows 10 build 10586 is vulnerable to information disclosure. This could allow local attackers to bypass the intended anonymity feature and obtain information regarding the onion services visited by a local user. This can be accompl... Read more
- Published: Feb. 26, 2022
- Modified: Nov. 21, 2024
-
7.2
HIGHCVE-2021-46701
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord.... Read more
Affected Products : premid- Published: Feb. 20, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-46700
In libsixel 1.8.6, sixel_encoder_output_without_macro (called from sixel_encoder_encode_frame in encoder.c) has a double free.... Read more
Affected Products : libsixel- Published: Feb. 19, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-46699
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the con... Read more
Affected Products : simcenter_femap- Published: Feb. 22, 2022
- Modified: Nov. 21, 2024