CVE-2022-1108

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code...

CVE-2022-23448

A vulnerability has been identified in SIMATIC Energy Manager Basic All versions V7.3 Update 1, SIMATIC Energy Manager PRO All versions V7.3 Update 1. Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local...

多款Qualcomm产品访问控制错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits including primarily semiconductor devices, but also passive components, etc., and from time to time fabricated on the surface of semiconductor wafers. Access Control Error Vulnerability in Multiple Qualcomm...

CVE-2022-26419

Omron CX-Position versions 2.5.3 and prior is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code...

USN-5357-1 linux, linux-aws, linux-azure-4.15, linux-dell300x, linux-hwe, linux-kvm, linux-snapdragon vulnerability

It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based buffer overflow. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code...

Linux kernel 缓冲区错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux kernel suffers from a buffer overflow vulnerability that originates from not properly validating data boundaries when net/ipv4/esp4.c and net/ipv6/esp6.c perform...

PT-2022-08: Deserialization of untrusted data in Veeam Agent for Microsoft Windows

The vulnerability was identified in Veeam Agent for Windows versions 2.0, 2.1, 2.2, 3.0.2, 4.0, and 5.0. The discovered vulnerability allows local users to run arbitrary code with LOCAL SYSTEM privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 12.03.2022...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO Right-to-Left Override characters was possible...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO Right-to-Left Override characters was possible...

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO Right-to-Left Override characters was possible...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

Code injection

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

Code injection

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO Right-to-Left Override characters was possible...

CVE-2022-24346

The CVE-2022-24346 issue affects JetBrains IntelliJ IDEA prior to 2021.3.1, where local code execution could be triggered via Right-to-Left Override (RLO) characters embedded in a project/file. Red Hat and NVD entries confirm the same description. Impact is defined as local code execution with pa...

CVE-2022-24346

In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO Right-to-Left Override characters was possible...

CVE-2022-24345

JetBrains IntelliJ IDEA prior to version 2021.2.4 is affected by a local code execution flaw when opening a project, allowing code execution without user permission. The issue is documented as CVE-2022-24345 and is addressed in JetBrains’ Q4 2021 security bulletin, with the fixed version 2021.2.4...

CVE-2022-24345

In JetBrains IntelliJ IDEA before 2021.2.4, local code execution without permission from a user upon opening a project was possible...

AZL-8666 CVE-2022-24051 affecting package mariadb for versions less than 10.6.7-1

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...