VYPR
Vendor

Duendesoftware

Products
4
CVEs
15
Across products
15
Status
Private

Products

4

Recent CVEs

15
  • CVE-2023-5410HigMar 12, 2024
    risk 0.53cvss 8.2epss 0.00

    A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.

  • CVE-2021-3808HigFeb 1, 2023
    risk 0.51cvss 7.8epss 0.00

    Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.

  • CVE-2024-47975HigOct 7, 2024
    risk 0.46cvss 7.0epss 0.00

    Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service.

  • CVE-2024-47976MedOct 7, 2024
    risk 0.44cvss 6.7epss 0.00

    Improper access removal handling in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access.

  • CVE-2024-47969MedOct 7, 2024
    risk 0.40cvss 6.2epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.

  • CVE-2025-26620MedFeb 18, 2025
    risk 0.34cvss epss 0.00

    Duende.AccessTokenManagement is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. Duende.AccessTokenManagement contains a race condition when requesting access tokens using the client credentials flow. Concurrent requests to obtain an access token using…

  • CVE-2025-12902MedNov 7, 2025
    risk 0.29cvss 4.4epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked Storage Device or create a Denial of Service.

  • CVE-2025-12896MedNov 7, 2025
    risk 0.29cvss 4.4epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker with local or physical access to gain un-authorized access to a locked storage device.

  • CVE-2025-9195MedAug 28, 2025
    risk 0.29cvss 4.4epss 0.00

    Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service

  • CVE-2024-47974MedOct 7, 2024
    risk 0.29cvss 4.4epss 0.00

    Race condition during resource shutdown in some Solidigm DC Products may allow an attacker to potentially enable denial of service.

  • CVE-2024-47967MedOct 7, 2024
    risk 0.29cvss 4.4epss 0.00

    Improper resource initialization handling in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service.

  • CVE-2024-51987MedNov 8, 2024
    risk 0.28cvss 5.4epss 0.00

    Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed…

  • CVE-2024-47972MedOct 7, 2024
    risk 0.26cvss 4.0epss 0.00

    Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially control the performance of the resource.

  • CVE-2024-39694MedJul 31, 2024
    risk 0.24cvss 4.7epss 0.01

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some…

  • CVE-2024-49755LowOct 28, 2024
    risk 0.13cvss 3.1epss 0.00

    Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. IdentityServer's local API authentication handler performs insufficient validation of the cnf claim in DPoP access tokens. This allows an attacker to use leaked DPoP access tokens at local api…