Products
Source repositories
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-5410 | Hig | 0.53 | 8.2 | 0.00 | Mar 12, 2024 | A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. | ||
| CVE-2021-3808 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2023 | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | ||
| CVE-2024-47975 | Hig | 0.46 | 7.0 | 0.00 | Oct 7, 2024 | Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service. | ||
| CVE-2024-47976 | Med | 0.44 | 6.7 | 0.00 | Oct 7, 2024 | Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access. | ||
| CVE-2024-47969 | Med | 0.40 | 6.2 | 0.00 | Oct 7, 2024 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||
| CVE-2025-12902 | Med | 0.29 | 4.4 | 0.00 | Nov 7, 2025 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service. | ||
| CVE-2025-12896 | Med | 0.29 | 4.4 | 0.00 | Nov 7, 2025 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device. | ||
| CVE-2025-9195 | Med | 0.29 | 4.4 | 0.00 | Aug 28, 2025 | Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service | ||
| CVE-2024-47974 | Med | 0.29 | 4.4 | 0.00 | Oct 7, 2024 | Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||
| CVE-2024-47967 | Med | 0.29 | 4.4 | 0.00 | Oct 7, 2024 | Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||
| CVE-2024-47972 | Med | 0.26 | 4.0 | 0.00 | Oct 7, 2024 | Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource. | ||
| CVE-2024-39694 | Med | 0.24 | 4.7 | 0.01 | Jul 31, 2024 | Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some… | ||
| CVE-2024-49755 | Low | 0.13 | 3.1 | 0.00 | Oct 28, 2024 | Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api… |
- risk 0.53cvss 8.2epss 0.00
A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.
- risk 0.51cvss 7.8epss 0.00
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
- risk 0.46cvss 7.0epss 0.00
Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.
- risk 0.44cvss 6.7epss 0.00
Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.
- risk 0.40cvss 6.2epss 0.00
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
- risk 0.29cvss 4.4epss 0.00
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service.
- risk 0.29cvss 4.4epss 0.00
Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device.
- risk 0.29cvss 4.4epss 0.00
Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service
- risk 0.29cvss 4.4epss 0.00
Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.
- risk 0.29cvss 4.4epss 0.00
Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.
- risk 0.26cvss 4.0epss 0.00
Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.
- risk 0.24cvss 4.7epss 0.01
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some…
- risk 0.13cvss 3.1epss 0.00
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api…