NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-39538 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a BMP Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | 7.5 | 0.22% | 2023-12-06 | 2026-06-17 |
| CVE-2023-39539 | AMI AptioV contains a vulnerability in BIOS where a User may cause an unrestricted upload of a PNG Logo file with dangerous type by Local access. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | 7.5 | 0.62% | 2023-12-06 | 2026-06-17 |
| CVE-2023-34332 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference by a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 7.8 | 0.18% | 2024-01-09 | 2026-06-17 |
| CVE-2023-34333 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause an untrusted pointer to dereference via a local network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 7.8 | 0.18% | 2024-01-09 | 2026-06-17 |
| CVE-2023-37293 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 9.6 | 0.31% | 2024-01-09 | 2026-06-17 |
| CVE-2023-37294 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 8.3 | 0.26% | 2024-01-09 | 2026-06-17 |
| CVE-2023-37295 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 8.3 | 0.26% | 2024-01-09 | 2026-06-17 |
| CVE-2023-37296 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 8.3 | 0.26% | 2024-01-09 | 2026-06-17 |
| CVE-2023-37297 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a heap memory corruption via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 8.3 | 0.26% | 2024-01-09 | 2026-06-17 |
| CVE-2023-3043 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may cause a stack-based buffer overflow via an adjacent network. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | 9.6 | 0.31% | 2024-01-09 | 2026-06-17 |
| CVE-2024-3708 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 0.04% | 2024-05-22 | 2024-07-09 |
| CVE-2024-33656 | The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms | 7.8 | 0.16% | 2024-08-21 | 2026-06-17 |
| CVE-2024-33657 | This SMM vulnerability affects certain modules, allowing privileged attackers to execute arbitrary code, manipulate stack memory, and leak information from SMRAM to kernel space, potentially leading to denial-of-service attacks. | 7.8 | 0.17% | 2024-08-21 | 2026-06-17 |
| CVE-2024-2315 | APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. | 6.8 | 0.08% | 2024-11-12 | 2026-06-17 |
| CVE-2024-33658 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and impact Integrity. | 4.4 | 0.17% | 2024-11-12 | 2026-06-17 |
| CVE-2024-33660 | An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. | 5.2 | 0.11% | 2024-11-12 | 2026-06-17 |
| CVE-2024-42442 | APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System Management Mode. | 7.2 | 0.79% | 2024-11-12 | 2026-06-17 |
| CVE-2024-42444 | APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. | 7.5 | 0.12% | 2025-01-14 | 2026-06-17 |
| CVE-2024-33659 | AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability. | 5.7 | 0.15% | 2025-02-11 | 2026-06-17 |
| CVE-2024-54084 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | 7.5 | 0.11% | 2025-03-11 | 2026-06-17 |