Search Results (366668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28357 1 Rocket.chat 1 Rocket.chat 2025-01-27 4.3 Medium
A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.
CVE-2023-25005 1 Autodesk 1 Infraworks 2025-01-27 7.8 High
A maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.
CVE-2023-20880 1 Vmware 2 Aria Operations, Cloud Foundation 2025-01-27 6.7 Medium
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
CVE-2023-20878 1 Vmware 2 Cloud Foundation, Vrealize Operations 2025-01-27 7.2 High
VMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.
CVE-2023-20877 1 Vmware 2 Cloud Foundation, Vrealize Operations 2025-01-27 8.8 High
VMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.
CVE-2022-29523 1 Open Cas Project 1 Open Cas 2025-01-27 3.3 Low
Improper conditions check in the Open CAS software maintained by Intel(R) before version 22.3.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2021-46765 1 Amd 88 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 85 more 2025-01-27 7.5 High
Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service.
CVE-2021-46760 1 Amd 14 Ryzen 3945wx, Ryzen 3945wx Firmware, Ryzen 3955wx and 11 more 2025-01-27 9.8 Critical
A malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.
CVE-2021-46759 1 Amd 112 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 109 more 2025-01-27 6.1 Medium
Improper syscall input validation in AMD TEE (Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port, resulting in a potential loss of integrity.
CVE-2022-35729 2 Intel, Openbmc-project 58 C621a, C624a, C627a and 55 more 2025-01-27 7.5 High
Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.
CVE-2022-29494 1 Intel 58 C621a, C627a, C629a and 55 more 2025-01-27 6.5 Medium
Improper input validation in firmware for OpenBMC in some Intel(R) platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2022-29493 1 Intel 248 Baseboard Management Controller Firmware, C252, C256 and 245 more 2025-01-27 4.5 Medium
Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.
CVE-2022-33196 2 Intel, Redhat 274 Xeon D-1513n, Xeon D-1513n Firmware, Xeon D-1518 and 271 more 2025-01-27 7.2 High
Incorrect default permissions in some memory controller configurations for some Intel(R) Xeon(R) Processors when using Intel(R) Software Guard Extensions which may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-21163 1 Intel 1 Crypto Api Toolkit For Intel Sgx 2025-01-27 8.4 High
Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36416 1 Vmware 1 Ixgben 2025-01-27 4.4 Medium
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36797 1 Vmware 1 Ixgben 2025-01-27 3.3 Low
Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.1 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2022-36397 1 Intel 1 Quickassist Technology 2025-01-27 7.3 High
Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-37340 1 Intel 1 Quickassist Technology 2025-01-27 6.7 Medium
Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-36382 1 Intel 30 Ethernet Controller X710-am2, Ethernet Controller X710-am2 Firmware, Ethernet Controller X710-bm2 and 27 more 2025-01-27 6 Medium
Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-27808 2 Intel, Microsoft 2 Administrative Tools For Intel Network Adapters, Windows 2025-01-27 6.3 Medium
Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access.