CVE-2022-32628

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780...

CVE-2022-32620

CVE-2022-32620 affects MediaTek’s mpu component, caused by a logic error that can cause memory corruption. This may enable local escalation of privilege to System level with no user interaction required. Patch ALPS07541753 (Issue ALPS07541753) is referenced; exploitation status is not detailed in...

PUB-A-246194233

In ufdtgetnodebypathlen of ufdtconvert.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation...

PUB-A-165329981

In l2capchanput of l2capcore, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PUB-A-242702451

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

MiniDVBLinux 5.4 Remote Root Command Injection Vulnerability

Summary MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the Video Disk Recorder VDR by Klaus Schmidinger. Features of this Linux based Digital Video Recorder: Watch TV, Timer controlled recordings, Time Shift, DVD and MP3 Replay...

CVE-2022-32488

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

PT-2022-21341 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to improper input validation in Dell BIOS, which could be exploited by a local authenticated malicious user. This exploitation could potentially lead to arbitrary cod...

PT-2022-21344 · Dell · Dell Client Bios

Name of the Vulnerable Software and Affected Versions: Dell Client BIOS affected versions not specified Description: The issue is related to a Buffer Overflow. A local authenticated malicious user may potentially exploit this by manipulating an SMI to cause an arbitrary write during SMM...

PT-2022-21345 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code...

ASB-A-238177383

In ioidentitycow of iouring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Privilege escalation

Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges...

PT-2022-37678 · Gnu · Linux

Уязвимость функции diFree fs/jfs/jfs imap.c файловой системы jfs ядра операционной системы Linux связана с использованием памяти после её освобождения при ошибке монтирования. Эксплуатация уязвимости может позволить нарушителю, действующему локально, выполнить произвольный код...

DEBIAN-CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

CVE-2022-28630

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial...

CVE-2022-28627

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability...

CVE-2022-28630

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality and integrity, and a partial...

Information disclosure

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. This could lead to local information disclosure of network topography with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2022-28635

CVE-2022-28635 affects HPE iLO 5 firmware before 2.71. A local, unprivileged attacker could exploit an isolated process to execute arbitrary code and cause DoS within that process, impacting confidentiality, integrity, and availability of that process. The issue is tied to improper input handling...

CVE-2022-20377

CVE-2022-20377 affects Android’s keymaster_ipc.cpp, enabling an attacker to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. This configuration flaw can lead to local elevation of privilege with no additional execution privileges required and without user interaction. Public r...