Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-22893 | 2025-08-12 | N/A | N/A | ||
| Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-25273 | 2025-08-12 | N/A | N/A | ||
| Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-24305 | 2025-08-12 | N/A | N/A | ||
| Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-47285 | 2025-05-15 | N/A | N/A | ||
| Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, `concat()` may skip evaluation of side effects when the length of an argument is zero. This is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero. In practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b""`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b"" if self.do_some_side_effect() else b""`. The fix is available in pull request 4644 and expected to be part of the 0.4.2 release. As a workaround, don't have side effects in expressions which construct zero-length bytestrings. | |||||
| CVE-2025-47774 | 2025-05-15 | N/A | N/A | ||
| Vyper is the Pythonic Programming Language for the Ethereum Virtual Machine. In versions up to and including 0.4.2rc1, the `slice()` builtin can elide side effects when the output length is 0, and the source bytestring is a builtin (`msg.data` or `<address>.code`). The reason is that for these source locations, the check that `length >= 1` is skipped. The result is that a 0-length bytestring constructed with slice can be passed to `make_byte_array_copier`, which elides evaluation of its source argument when the max length is 0. The impact is that side effects in the `start` argument may be elided when the `length` argument is 0, e.g. `slice(msg.data, self.do_side_effect(), 0)`. The fix in pull request 4645 disallows any invocation of `slice()` with length 0, including for the ad hoc locations discussed in this advisory. The fix is expected to be part of version 0.4.2. | |||||
| CVE-2025-20004 | 2025-05-13 | N/A | N/A | ||
| Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2025-20022 | 2025-05-13 | N/A | N/A | ||
| Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiberâ„¢ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2024-33617 | 2024-11-15 | N/A | N/A | ||
| Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | |||||
| CVE-2024-25565 | 2024-11-15 | N/A | N/A | ||
| Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. | |||||
| CVE-2022-48481 | 2 Apple, Jetbrains | 2 Macos, Toolbox | 2023-05-05 | N/A | 7.8 HIGH |
| In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | |||||