HP Integrated Lights-Out Improper Input Validation (CVE-2022-28636)

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28632)

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28631)

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

CVE-2022-28631

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

CVE-2023-34415

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host a...

CVE-2023-21117

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2023-21117

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2022-28636

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

CVE-2022-28635

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

CVE-2022-28632

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

CVE-2022-28636

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

CVE-2022-28635

A potential local arbitrary code execution and a local denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to potentially execute arbitra...

ROS-20220706-01

A vulnerability in the OpenSSH session encryption suite of programs is related to the fact that the application does not properly enforce security restrictions when the keyword parameter LogVerbose keyword parameter is enabled with a set of parameters that activate logging for an isolated process...

CVE-2020-0257

In SpecializeCommon of comandroidinternalosZygote.cpp, there is a permissions bypass due to an incomplete cleanup. This could lead to local escalation of privilege in isolated processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

Arbitrary Code Execution

static-eval is vulnerable to arbitrary code execution. The vulnerability is possible because there is no protection by sandbox isolated process, allowing the user to input malicious code through it...