PT-2022-19117 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution issue was discovered, allowing a low privileged user to execute arbitrary code, resulting in a complete loss of confidentiality, integrity,...

PT-2022-19114 · Hewlett Packard · Hpe Integrated Lights-Out 5 +1

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 versions prior to 2.71 Description: A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware. A highly privileged user could locally exploit this vulnerabili...

CVE-2022-2313

A DLL hijacking vulnerability in the MA Smart Installer for Windows prior to 5.7.7, which allows local users to execute arbitrary code and obtain higher privileges via careful placement of a malicious DLL into the folder from where the Smart installer is being executed...

CVE-2022-32498

Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure...

CVE-2022-34900

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.3 39313 Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within t...

PT-2022-3284 · Ping Identity · Pingid Windows Login

Name of the Vulnerable Software and Affected Versions: PingID Windows Login versions prior to 2.8 Description: The issue is related to errors in authentication of the connection with a local Java service used to capture security key requests. An attacker with the ability to execute code on the...

NVIDIA DGX 缓冲区错误漏洞

The Nvidia NVIDIA DGX is a high-performance workstation for deep learning applications from Nvidia, USA. A buffer error vulnerability exists in NVIDIA DGX A100 Servers prior to version 22.5.5, which stems from a boundary error when handling untrusted input in SBIOS in BiosCfgTool, and is exploite...

USN-5463-1 ntfs-3g vulnerabilities

It was discovered that NTFS-3G incorrectly handled the ntfsck tool. If a user or automated system were tricked into using ntfsck on a specially crafted disk image, a remote attacker could possibly use this issue to execute arbitrary code. CVE-2021-46790 Roman Fiedler discovered that NTFS-3G...

Qualcomm 缓冲区错误漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way to miniaturize circuits mainly semiconductor devices, but also passive components, etc., and are from time to time fabricated on the surface of semiconductor wafers. A buffer error vulnerability exists in the Qualcomm SA8540P and...

DEBIAN-CVE-2022-1652

Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the badflpintr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service...

PT-2022-3466 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is caused by a concurrency use-after-free flaw in the bad flp intr function, allowing a local attacker to execute arbitrary code on the system or cause a denial of service...

CVE-2022-30240

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972...

CVE-2022-29971

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code...

CVE-2022-29971

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code...

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

CVE-2022-29972

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver 1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52 may allow a local user to execute arbitrary code...

CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971...

CVE-2022-30239

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971...

Magnitude Simba Amazon Redshift JDBC Driver 参数注入漏洞

Magnitude Simba Amazon Redshift JDBC Driver is a JDBC driver from Magnitude, Inc. It provides database connectivity through the standard JDBC Application Programming Interface API provided in the Enterprise Edition of the Java platform. A parameter injection vulnerability exists in Magnitude Simb...

SonicWALL NetExtender Windows client 安全漏洞

SonicWALL NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWALL, Inc. A security vulnerability exists in SonicWALL SSL-VPN NetExtender Windows Client 32 and 64 bit version 10.2.322 and prior versions, which originates from a boundary error...