hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR)

A flaw was found in hw. Incomplete cleanup of multi-core shared buffers for some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

CVE-2022-36349

Insecure default variable initialization in BIOS firmware for some IntelR NUC Boards and IntelR NUC Kits before version MYi30060 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-29466

Improper input validation in firmware for IntelR SPS before version SPSE304.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-27638

Uncontrolled search path element in the IntelR Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access...

Intel NUC 安全漏洞

The Intel NUC is a small minicomputer from Intel Corporation USA. A security vulnerability exists in versions prior to IntelR NUC 11 Pro Kits and IntelR NUC 11 Pro Boards TNTGL357.0064, which stems from improper initialization of their BIOS firmware allowing authenticated users to potentially...

CVE-2021-44862

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user c...

hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)

A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access...

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

...

Cisco TelePresence Collaboration Endpoint Software和RoomOS Software 路径遍历漏洞

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the U.S. company Cisco Cisco.Cisco RoomOS Software is a set of automatic management software for Cisco devices. The software is mainly used for upgrading and managing the motherboard firmware of Cisc...

PT-2022-26089 · F5 · F5Os-A +1

Name of the Vulnerable Software and Affected Versions: F5OS-A versions 1.x before 1.1.0 F5OS-C versions 1.x before 1.5.0 Description: The issue is related to excessive file permissions in F5OS, allowing an authenticated local attacker to execute a limited set of commands in a container and impact...

CVE-2022-32493

Dell BIOS contains an Stack-Based Buffer Overflow vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

Dell BIOS 安全漏洞

Dell BIOS is embedded software on a small memory chip on the motherboard of a computer from Dell USA. A buffer overflow vulnerability exists in Dell BIOS, which can be exploited by an authenticated, local attacker to execute intentional code in SMRAM using SMI...

CVE-2022-20818

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a...

CVE-2022-20930

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands...

CVE-2022-20850

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit...

PT-2022-6177 · Cisco · Cisco Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE SD-WAN Software affected versions not specified Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an...

PT-2022-6017 · Cisco · Cisco Sd-Wan

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN Software affected versions not specified Description: A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This issue is d...

mariadb: CONNECT storage engine heap-based buffer overflow

A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running...

Intel Wireless Bluetooth 缓冲区错误漏洞

Intel Wireless Bluetooth is a driver tool from Intel USA that can effectively solve some problems with intel bluetooth in win10 system. A security vulnerability exists in Intel Wireless Bluetooth versions prior to 22.120 and KillerTM BluetoothR versions prior to 22.120, which stems from an...

mariadb: CONNECT storage engine heap-based buffer overflow

A flaw was found in MariaDB. Lack of input validation leads to a heap buffer overflow. This flaw allows an authenticated, local attacker with at least a low level of privileges to submit a crafted SQL query to MariaDB and escalate their privileges to the level of the MariaDB service user, running...