Total
34659 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26417 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Windows Overlay Filter Information Disclosure Vulnerability | |||||
| CVE-2021-26416 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 7.8 HIGH | 7.7 HIGH |
| Windows Hyper-V Denial of Service Vulnerability | |||||
| CVE-2021-26414 | 1 Microsoft | 10 Windows 10, Windows 7, Windows 8.1 and 7 more | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
| Windows DCOM Server Security Feature Bypass | |||||
| CVE-2021-26413 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Windows Installer Spoofing Vulnerability | |||||
| CVE-2021-26412 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| Microsoft Exchange Server Remote Code Execution Vulnerability | |||||
| CVE-2021-26408 | 1 Amd | 76 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 73 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. | |||||
| CVE-2021-26401 | 1 Amd | 252 A10-9600p, A10-9600p Firmware, A10-9630p and 249 more | 2024-11-21 | 1.9 LOW | 5.6 MEDIUM |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | |||||
| CVE-2021-26400 | 1 Amd | 1 Cpu | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | |||||
| CVE-2021-26390 | 1 Amd | 74 Athlon 300u, Athlon 300u Firmware, Ryzen 3 3200u and 71 more | 2024-11-21 | 4.9 MEDIUM | 6.2 MEDIUM |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | |||||
| CVE-2021-26382 | 1 Amd | 70 Ryzen 3 3200u, Ryzen 3 3200u Firmware, Ryzen 3 3250u and 67 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | |||||
| CVE-2021-26376 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | |||||
| CVE-2021-26375 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | |||||
| CVE-2021-26366 | 1 Amd | 125 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 122 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | |||||
| CVE-2021-26363 | 1 Amd | 67 Radeon Software, Ryzen 3 3100, Ryzen 3 3100 Firmware and 64 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | |||||
| CVE-2021-26362 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. | |||||
| CVE-2021-26361 | 1 Amd | 71 Athlon 3050ge, Athlon 3050ge Firmware, Athlon 3150g and 68 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | |||||
| CVE-2021-26349 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA). | |||||
| CVE-2021-26348 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2021-26342 | 1 Amd | 76 Epyc 7001, Epyc 7001 Firmware, Epyc 7251 and 73 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB). The failure to flush the TLB may cause the microcode to use stale TLB translations which may allow for disclosure of SEV guest memory contents. Users of SEV-ES/SEV-SNP guest VMs are not impacted by this vulnerability. | |||||
| CVE-2021-26340 | 1 Amd | 210 Epyc 7001, Epyc 7001 Firmware, Epyc 7232p and 207 more | 2024-11-21 | 3.6 LOW | 8.4 HIGH |
| A malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the Translation Lookaside Buffer (TLB) resulting in unexpected behavior inside the virtual machine (VM). | |||||