Intel Ethernet Products 代码问题漏洞

Intel Ethernet Products is a networking product from Intel Corporation USA. A security vulnerability exists in Intel Ethernet Products Network Adapters prior to version 27.3, which arises from an uncontrolled search path and can be exploited by an authenticated attacker to potentially enable...

CVE-2022-47506

SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands...

SUSE CVE-2018-3613

Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

SUSE CVE-2018-12182

Insufficient memory write check in SMM service for EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

SUSE CVE-2019-0154

Insufficient access control in subsystem for Intel R processor graphics in 6th, 7th, 8th and 9th Generation IntelR CoreTM Processor Families; IntelR PentiumR Processor J, N, Silver and Gold Series; IntelR CeleronR Processor J, N, G3900 and G4900 Series; IntelR AtomR Processor A and E3900 Series;...

SUSE CVE-2019-14584

Null pointer dereference in Tianocore EDK2 may allow an authenticated user to potentially enable escalation of privilege via local access...

SUSE CVE-2020-24502

Improper input validation in some IntelR Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows, may allow an authenticated user to potentially enable a denial of service via local access...

SUSE CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...

SUSE CVE-2022-20796

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...

SUSE CVE-2022-21123

Incomplete cleanup of multi-core shared buffers for some IntelR Processors may allow an authenticated user to potentially enable information disclosure via local access...

PT-2023-1326 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands, which could allow an authenticated, local attacker t...

PT-2023-7464 · Intel · Intel Trace Analyzer/Collector

Name of the Vulnerable Software and Affected Versions: IntelR Trace Analyzer and Collector versions prior to 2021.8.0 Description: The issue is related to a stack-based buffer overflow in IntelR Trace Analyzer and Collector software. This may allow an authenticated user to potentially enable...

CVE-2023-20044

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A...

PT-2023-1148 · Cisco · Cisco Industrial Network Director

Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the monitoring application could allow an authenticated, local attacker to access a static secret key used to store both local data and...

CVE-2022-32490

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

PT-2023-1104 · Cisco · Cisco Cx Cloud Agent

Name of the Vulnerable Software and Affected Versions: Cisco CX Cloud Agent affected versions not specified Description: A vulnerability in Cisco CX Cloud Agent could allow an authenticated, local attacker to elevate their privileges due to insecure file permissions. An attacker could exploit thi...

hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW)

A flaw was found in hw. Incomplete cleanup in specific special register write operations for some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

PT-2022-6365 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x Description: The issue is related to the cleartext storage of sensitive information in the S3 component, potentially leading to information disclosure. An authenticated local attacker cou...

CVE-2022-43901

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID:...

CVE-2022-43901 IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID:...