Security Vulnerabilities - CVEs Published In January 2023
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-01-11
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-11
A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-11
Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-11
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-01-11
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests.
CVSS Score
4.4
EPSS Score
0.001
Published
2023-01-11
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-11
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-01-11
A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-01-11
A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability.
CVSS Score
5.5
EPSS Score
0.003
Published
2023-01-11