Intel Trust Domain Extensions 安全漏洞

Intel Trust Domain Extensions is a confidential virtualization solution from Intel Corporation USA designed to isolate confidential virtual machines from unclassified domain software stacks, including hypervisors, VMMs, and other non-trusted domain software stacks, to ensure that the data of...

Intel DSA Security Vulnerability

Intel DSA is a driver update tool. It can detect user drivers, update the installed drivers to the latest version, support intel series of graphics cards, audio, network cards and chipset drivers, i card users must. Intel DSA version 23.4.33 before the existence of security vulnerabilities, the...

Intel PROSet/Wireless WiFi Software and Intel Killer WiFi Software Security Vulnerabilities

Intel PROSet/Wireless WiFi Software and Intel Killer WiFi Software are both wireless network card drivers from Intel Corporation. A security vulnerability previously existed in Intel PROSet/Wireless WiFi Software and Intel Killer WiFi Software version 22.240, which stemmed from improper input...

Design/Logic Flaw

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

CVE-2023-49347

CVE-2023-49347 concerns Budgie Extras Windows Previews where temporary data passed between components can be viewed or manipulated. The data is stored in a location accessible to any user with local access, enabling reading of private information, presenting false information to users, or denying...

CVE-2023-49345

CVE-2023-49345 affects Budgie Extras Takeabreak applet. The vulnerability arises from temporary data passed between application components being stored in a location accessible to local users, enabling an attacker with local access to pre-create/modify the file to mislead users or deny access to ...

CVE-2023-49343

Temporary data passed between application components by Budgie Extras Dropby applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present false...

PT-2023-20754 · Intel · Intel(R) Aptio* V Uefi Firmware Integrator Tools

Name of the Vulnerable Software and Affected Versions: IntelR Aptio V UEFI Firmware Integrator Tools affected versions not specified Description: The issue is related to a use after free condition that may allow an authenticated user to potentially enable denial of service via local access...

Memory corruption

A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to...

SUSE CVE-2016-0640

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users to affect integrity and availability via vectors related to DML...

PT-2023-12723 · Weave · Weave Gitops

Name of the Vulnerable Software and Affected Versions: Weave GitOps versions prior to v0.12.0 Description: A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are...

Information disclosure

Exposure of Sensitive Information to an Unauthorized Actor in firmware for some IntelR PROSet/Wireless Wi-Fi in multiple operating systems and some KillerTM Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2020-24456

The advisory and multiple security feeds describe CVE-2020-24456 affecting Intel’s Board ID Tool (version v.1.01). Root cause: incorrect default permissions that could let an authenticated, local attacker escalate privileges. Affected product: Intel Board ID Tool. Impact: local privilege escalati...

Buffer overflow

Improper buffer restrictions in the IntelR Unite Client for Windows before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2020-10720

A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system...

Privilege escalation

Uncontrolled search path in IntelR Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-11139

Improper conditions check in the voltage modulation interface for some IntelR XeonR Scalable Processors may allow a privileged user to potentially enable denial of service via local access...

CVE-2019-4309

IBM Security Guardium Big Data Intelligence SonarG 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035...

Supply-Chain Attack against the Electron Development Platform

Electron is a cross-platform development system for many popular communications apps, including Skype, Slack, and WhatsApp. Security vulnerabilities in the update system allows someone to silently inject malicious code into applications. From a news article: At the BSides LV security conference o...

CVE-2019-11879

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a probl...