459
CVEs
18
Critical
151
High
1
KEV
18
PoC
89
Unpatched C/H
67.8%
Patch Rate
0.6%
Avg EPSS
Severity Breakdown
CRITICAL
18
HIGH
151
MEDIUM
278
LOW
6
Monthly CVE Trend
Affected Products (30)
Linux Kernel
226
Debian Linux
35
Xen
29
Fedora
19
Epyc 7401 Firmware
10
Epyc 7281 Firmware
10
Epyc 7351P Firmware
10
Epyc 7351 Firmware
10
Epyc 7662 Firmware
10
Epyc 7601 Firmware
10
Epyc 7532 Firmware
10
Epyc 7452 Firmware
10
Epyc 7542 Firmware
10
Epyc 7451 Firmware
10
Epyc 7301 Firmware
10
Epyc 7402P Firmware
10
Epyc 7F32 Firmware
10
Epyc 7502 Firmware
10
Epyc 7302P Firmware
10
Epyc 7502P Firmware
10
Epyc 7251 Firmware
10
Epyc 7F72 Firmware
10
Epyc 7402 Firmware
10
Epyc 7272 Firmware
10
Epyc 7352 Firmware
10
Epyc 7262 Firmware
10
Leap
10
Epyc 7551 Firmware
10
Epyc 7702 Firmware
10
Epyc 7F52 Firmware
10
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2021-22986 | On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 99.9% | 84 |
KEV
PoC
No patch
|
| CVE-2020-6100 | An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.9 | 2.1% | 70 |
PoC
No patch
|
| CVE-2020-6101 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.9 | 2.8% | 70 |
PoC
No patch
|
| CVE-2020-6102 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.9 | 2.8% | 70 |
PoC
No patch
|
| CVE-2020-6103 | An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.9 | 2.8% | 70 |
PoC
No patch
|
| CVE-2018-6546 | plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming Evolved products, executes code at a user-defined (local or SMB) path as. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 18.1% | 69 |
PoC
No patch
|
| CVE-2020-12138 | AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.8 | 3.3% | 64 |
PoC
No patch
|
| CVE-2021-3653 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available. | HIGH | 8.8 | 0.4% | 64 |
PoC
|
| CVE-2019-5098 | An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 8.6 | 2.0% | 63 |
PoC
No patch
|
| CVE-2015-7723 | AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2015-7724 | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.0% | 59 |
PoC
No patch
|
| CVE-2020-8950 | The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 1.0% | 59 |
PoC
No patch
|
| CVE-2023-1048 | A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.8 | 0.6% | 59 |
PoC
No patch
|
| CVE-2017-5926 | Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | HIGH | 7.5 | 0.4% | 58 |
PoC
No patch
|
| CVE-2021-29657 | arch/x86/kvm/svm/nested.c in the Linux kernel before 5.11.12 has a use-after-free in which an AMD KVM guest can bypass access control on host OS MSRs when there are nested guests, aka. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available. | HIGH | 7.4 | 0.4% | 57 |
PoC
|