Design/Logic Flaw

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM...

CVE-2022-26861

Dell BIOS firmware contains an Insecure Automated Optimization vulnerability (CVE-2022-26861) that allows a locally authenticated attacker to trigger arbitrary code execution during System Management Mode (SMM) by sending malicious input via SMI. The issue is tied to the BIOS/SMM trust boundary, ...

CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM...

CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM...

PT-2022-18111 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Insecure Automated Optimization vulnerability in Dell BIOS. A local authenticated malicious user could exploit this vulnerability by sending malicious input via...

CVE-2020-35537

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

PT-2022-8940 · Gnu · Gcc

Name of the Vulnerable Software and Affected Versions: gcc affected versions not specified Description: A crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The issue is related to the ipcp store vr results function in gcc/ipa-cp.c...

CVE-2020-35537

In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcpstorevrresults function in gcc/ipa-cp.c...

Pushing Open-Source Security Forward: Insights From Black Hat 2022

Open-source security has been a hot topic in recent years, and it's proven to be something of a double-edged sword. On the one hand, there's an understanding of the potential that open-source tools hold for democratizing security, making industry best practices accessible to more organizations an...

PT-2022-37184 · Git +1 · Lcms

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read crash. Technical details include the crash type being Heap-buffer-overflow READ 8, and the crash stat...

Foxit PDF Editor JavaScript Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript...

CVE-2022-26861

Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects IBM Engineering Lifecycle Optimization - Publishing

Summary There is a Vulnerability in Apache Log4j CVE-2021-44228 which is used by "IBM Engineering Lifecycle Optimization - Publishing PUB" and "Rational Publishing Engine RPE." Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary...

USN-5535-1 Intel Microcode vulnerabilities

Joseph Nuzman discovered that some Intel processors did not properly initialise shared resources. A local attacker could use this to obtain sensitive information. CVE-2021-0145 Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug...

Simplify SIEM Optimization With InsightIDR

Two key ways InsightIDR helps customers tailor reporting, detection, and response — without any headaches For far too many years, security teams have accepted that with a SIEM comes compromise. You could have highly tailored and custom rule sets, but it meant endless amounts of tuning and...

Security Bulletin: Apache log4j security vulnerability as it relates to IBM Maximo Scheduler Optimization - Apache Log4j - CVE-2021-45105 (affecting v2.16) and CVE-2021-45046 (affecting v2.15)

Summary For the 8.0.0 version of MSO, which is distributed as part of the MAS catalog here are the instructions to move to the 8.0.3 version to get log4j 2.17.1 Apache Log4j - CVE-2021-45105 affecting v2.16 and CVE-2021-45046 affecting v2.15 Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION:...

CVE-2022-21528

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

IBM Engineering Lifecycle Optimization Cross-Site Scripting Vulnerability (CNVD-2022-55503)

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM portfolio from IBM America. They make it easier to collect and analyze data across the development environment to make better decisions. Automate reporting to ensure that the entire organization...

IBM Engineering Lifecycle Optimization信息泄露漏洞

IBM Engineering Lifecycle Optimization ELO is an extension of the Engineering Lifecycle Management ELM product portfolio from IBM USA. They make it easier to collect and analyze data from across the development environment to make better decisions. Automate reporting to ensure the entire...

Siemens Opcenter Quality Authentication Bypass Vulnerability

Opcenter Quality is a quality management system QMS that enables organizations to protect compliance, optimize quality, reduce defects and rework costs, and achieve operational excellence by improving process stability.An authentication bypass vulnerability exists in Siemens Opcenter Quality, whi...