The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-26429 | Azure Sphere Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-26428 | Azure Sphere Information Disclosure Vulnerability | LOW | Aug 12, 2021 | n/a |
| CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2021-26426 | Windows User Account Profile Picture Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-26425 | Windows Event Tracing Elevation of Privilege Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-26424 | Windows TCP/IP Remote Code Execution Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-26423 | .NET Core and Visual Studio Denial of Service Vulnerability | MEDIUM | Aug 12, 2021 | n/a |
| CVE-2021-26422 | Skype for Business and Lync Remote Code Execution Vulnerability | MEDIUM | May 11, 2021 | n/a |
| CVE-2021-26421 | Skype for Business and Lync Spoofing Vulnerability | MEDIUM | May 11, 2021 | n/a |
| CVE-2021-26420 | Microsoft SharePoint Server Remote Code Execution Vulnerability | MEDIUM | Jun 10, 2021 | n/a |
| CVE-2021-26419 | Scripting Engine Memory Corruption Vulnerability | HIGH | May 13, 2021 | n/a |
| CVE-2021-26418 | Microsoft SharePoint Server Spoofing Vulnerability | MEDIUM | May 11, 2021 | n/a |
| CVE-2021-26417 | Windows Overlay Filter Information Disclosure Vulnerability | LOW | Apr 15, 2021 | n/a |
| CVE-2021-26416 | Windows Hyper-V Denial of Service Vulnerability | HIGH | Apr 16, 2021 | n/a |
| CVE-2021-26415 | Windows Installer Elevation of Privilege Vulnerability | MEDIUM | Apr 16, 2021 | n/a |
| CVE-2021-26414 | Windows DCOM Server Security Feature Bypass | MEDIUM | Jun 10, 2021 | n/a |
| CVE-2021-26413 | Windows Installer Spoofing Vulnerability | LOW | Apr 13, 2021 | n/a |
| CVE-2021-26412 | Microsoft Exchange Server Remote Code Execution Vulnerability | MEDIUM | Mar 3, 2021 | n/a |
| CVE-2021-26411 | Internet Explorer Memory Corruption Vulnerability | MEDIUM | Mar 11, 2021 | n/a |
| CVE-2021-26409 | Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26408 | Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest\'s integrity or confidentiality. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26407 | A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26406 | Insufficient validation in parsing Owner\'s Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. | -- | May 9, 2023 | n/a |
| CVE-2021-26405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-26404 | Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26403 | Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26402 | Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26401 | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | LOW | Mar 11, 2022 | n/a |
| CVE-2021-26400 | AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage. | LOW | May 11, 2022 | n/a |
| CVE-2021-26399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-26398 | Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26397 | Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | -- | May 9, 2023 | n/a |
| CVE-2021-26396 | Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | -- | Jan 11, 2023 | n/a |
| CVE-2021-26393 | Insufficient memory cleanup in the AMD Secure Processor (ASP) Trusted Execution Environment (TEE) may allow an authenticated attacker with privileges to generate a valid signed TA and potentially poison the contents of the process memory with attacker controlled data resulting in a loss of confidentiality. | -- | Nov 9, 2022 | n/a |
| CVE-2021-26392 | Insufficient verification of missing size check in \'LoadModule\' may lead to an out-of-bounds write potentially allowing an attacker with privileges to gain code execution of the OS/kernel by loading a malicious TA. | -- | Nov 9, 2022 | n/a |
| CVE-2021-26391 | Insufficient verification of multiple header signatures while loading a Trusted Application (TA) may allow an attacker with privileges to gain code execution in that TA or the OS/kernel. | -- | Nov 9, 2022 | n/a |
| CVE-2021-26390 | A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. | MEDIUM | May 12, 2022 | n/a |
| CVE-2021-26388 | Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26386 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | HIGH | May 12, 2022 | n/a |
| CVE-2021-26385 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-26384 | A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | -- | Jul 15, 2022 | n/a |
| CVE-2021-26382 | An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | -- | Jul 15, 2022 | n/a |
| CVE-2021-26379 | Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | -- | May 9, 2023 | n/a |
| CVE-2021-26378 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26376 | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26375 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2021-26373 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26372 | Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | MEDIUM | May 11, 2022 | n/a |
| CVE-2021-26371 | A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | -- | May 9, 2023 | n/a |
