| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Skype for Business and Lync Remote Code Execution Vulnerability |
| Skype for Business and Lync Spoofing Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Scripting Engine Memory Corruption Vulnerability |
| Windows Overlay Filter Information Disclosure Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Windows DCOM Server Security Feature Bypass |
| Windows Installer Spoofing Vulnerability |
| Microsoft Exchange Server Remote Code Execution Vulnerability |
| Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality. |
| LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. |
| AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. |
| Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. |
| Insufficient verification of missing size check in 'LoadModule' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. |
| A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. |
| Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. |
| A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. |
| A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. |
| An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. |
