Latest CVE Feed
-
7.5
HIGHCVE-2021-46788
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.... Read more
- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46787
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.... Read more
- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-46786
The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.... Read more
- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
5.3
MEDIUMCVE-2021-46785
The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.... Read more
- Published: May. 13, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-46784
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.... Read more
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46782
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting... Read more
Affected Products : price_table- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46781
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting... Read more
Affected Products : coming_soon- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46780
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting... Read more
Affected Products : easy_google_maps- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2021-46778
Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). By measuring the contention level on scheduler queues an at... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +349 more products- Published: Aug. 10, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46774
Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker to read/write from/to an invalid DRAM address, potentially resulting in denial-of-service.... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +264 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2021-46771
Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.... Read more
Affected Products : epyc_72f3_firmware epyc_7313_firmware epyc_7313p_firmware epyc_7343_firmware epyc_7373x_firmware epyc_73f3_firmware epyc_7413_firmware epyc_7443_firmware epyc_7443p_firmware epyc_7453_firmware +36 more products- Published: May. 10, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2021-46766
Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.... Read more
Affected Products : ryzen_threadripper_pro_3945wx_firmware ryzen_threadripper_pro_3955wx_firmware ryzen_threadripper_pro_3975wx_firmware ryzen_threadripper_pro_3995wx_firmware epyc_9124_firmware epyc_9174f_firmware epyc_9184x_firmware epyc_9224_firmware epyc_9254_firmware epyc_9274f_firmware +46 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46762
Insufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.... Read more
Affected Products : epyc_7h12_firmware epyc_7f72_firmware epyc_7f52_firmware epyc_7f32_firmware epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware +86 more products- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2021-46758
Insufficient validation of SPI flash addresses in the ASP (AMD Secure Processor) bootloader may allow an attacker to read data in memory mapped beyond SPI flash resulting in a potential loss of availability and integrity. ... Read more
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46754
Insufficient input validation in the ASP (AMD Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss ... Read more
- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2021-46744
An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.... Read more
Affected Products : epyc_7742_firmware epyc_7702p_firmware epyc_7702_firmware epyc_7662_firmware epyc_7642_firmware epyc_7552_firmware epyc_7542_firmware epyc_7532_firmware epyc_7502p_firmware epyc_7502_firmware +189 more products- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect ke... Read more
Affected Products : firebase_php-jwt- Published: Mar. 29, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2021-46742
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability.... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46741
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity.... Read more
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2021-46740
The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality.... Read more
- Published: Apr. 11, 2022
- Modified: Nov. 21, 2024