CVEリスト - 高リスク・悪用確認済み脆弱性

NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。

Assigner(CNA/発行元):[email protected] この条件を外す

CVSS スコア
表示中 2140 / 51
CVE 説明 CVSS 最大値 EPSS(%) 公開 更新
CVE-2023-39538 AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.  7.5 0.22% 2023-12-06 2026-06-17
CVE-2023-39539 AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.  7.5 0.62% 2023-12-06 2026-06-17
CVE-2023-34332 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 7.8 0.18% 2024-01-09 2026-06-17
CVE-2023-34333 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 7.8 0.18% 2024-01-09 2026-06-17
CVE-2023-37293 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 9.6 0.31% 2024-01-09 2026-06-17
CVE-2023-37294 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 8.3 0.26% 2024-01-09 2026-06-17
CVE-2023-37295 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 8.3 0.26% 2024-01-09 2026-06-17
CVE-2023-37296 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 8.3 0.26% 2024-01-09 2026-06-17
CVE-2023-37297 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 8.3 0.26% 2024-01-09 2026-06-17
CVE-2023-3043 AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. 9.6 0.31% 2024-01-09 2026-06-17
CVE-2024-3708 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. 該当なし 0.04% 2024-05-22 2024-07-09
CVE-2024-33656 The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms 7.8 0.16% 2024-08-21 2026-06-17
CVE-2024-33657 This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. 7.8 0.17% 2024-08-21 2026-06-17
CVE-2024-2315 APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. 6.8 0.08% 2024-11-12 2026-06-17
CVE-2024-33658 APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. 4.4 0.17% 2024-11-12 2026-06-17
CVE-2024-33660 An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. 5.2 0.11% 2024-11-12 2026-06-17
CVE-2024-42442 APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. 7.2 0.79% 2024-11-12 2026-06-17
CVE-2024-42444 APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. 7.5 0.12% 2025-01-14 2026-06-17
CVE-2024-33659 AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability. 5.7 0.15% 2025-02-11 2026-06-17
CVE-2024-54084 APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. 7.5 0.11% 2025-03-11 2026-06-17
cvelogic Threat Intelligence