805 matches found
hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS)
A flaw was found in hw. Incomplete cleanup of microarchitectural fill buffers on some Intel® Processors may allow an authenticated user to enable information disclosure via local access...
CVE-2022-20909
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these...
Cisco Nexus Dashboard 安全漏洞
Cisco Nexus Dashboard is the United States Cisco Cisco a single console. It can simplify the operation and management of data center networks. A security vulnerability exists in Cisco Nexus Dashboard that allows an authenticated local attacker to elevate privileges on affected devices...
PT-2023-13379 · Dell · Dell Bios
Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could potentially exploit this vulnerability by using a specifically timed DMA transacti...
CVE-2022-20651
A vulnerability in the logging component of Cisco Adaptive Security Device Manager ASDM could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited...
CVE-2022-31465
A vulnerability has been identified in Xpedition Designer VX.2.10 All versions VX.2.10 Update 13, Xpedition Designer VX.2.11 All versions VX.2.11 Update 11, Xpedition Designer VX.2.12 All versions VX.2.12 Update 5, Xpedition Designer VX.2.13 All versions VX.2.13 Update 1. The affected application...
CVE-2022-24418
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM...
CVE-2022-28161
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...
UBUNTU-CVE-2022-20792
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus ClamAV versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution...
CVE-2022-20796
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...
UBUNTU-CVE-2022-20796
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus ClamAV versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense is a suite of unified software from Cisco that provides next-generation firewall services.Cisco Firepower Threat Defense Software is vulnerable to an input validation error that could be exploited by an authenticated local attacker to inject XML into the command...
CVE-2022-20732
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...
CVE-2022-20732
A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...
Cisco Virtualized Infrastructure Manager 访问控制错误漏洞
Cisco Virtualized Infrastructure Manager is a fully automated cloud lifecycle management system from Cisco, U.S. An access control error vulnerability exists in Cisco Virtualized Infrastructure Manager, which stems from certain configuration files' The vulnerability is caused by an access privile...
CVE-2022-20716
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on...
CVE-2022-20717
A vulnerability in the NETCONF process of Cisco SD-WAN vEdge Routers could allow an authenticated, local attacker to cause an affected device to run out of memory, resulting in a denial of service DoS condition. This vulnerability is due to insufficient memory management when an affected device...
CVE-2022-20681
A vulnerability in the CLI of Cisco IOS XE Software for Cisco Catalyst 9000 Family Switches and Cisco Catalyst 9000 Family Wireless Controllers could allow an authenticated, local attacker to elevate privileges to level 15 on an affected device. This vulnerability is due to insufficient validatio...
CVE-2022-20739
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this...
PT-2022-2277 · Cisco · Cisco Ios Xe
Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the Tool Command Language Tcl interpreter could allow an authenticated, local attacker to escalate from privilege level 15 to root-level privileges. This...