VARIoT IoT vulnerabilities database
| VAR-202205-0951 | CVE-2022-29033 | Siemens JT2GO and Siemens Teamcenter Visualization Buffer error vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-1003 | CVE-2022-1674 | vim/vim In NULL Pointer dereference vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. vim/vim for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Vim, gVim: Multiple Vulnerabilities
Date: August 21, 2022
Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231
ID: 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Vim, the worst of which
could result in denial of service.
Background
=========
Vim is an efficient, highly configurable improved version of the classic
‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060
2 app-editors/vim < 9.0.0060 >= 9.0.0060
3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
==========
Multiple vulnerabilities have been discovered in Vim and gVim. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Vim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
=========
[ 1 ] CVE-2021-3770
https://nvd.nist.gov/vuln/detail/CVE-2021-3770
[ 2 ] CVE-2021-3778
https://nvd.nist.gov/vuln/detail/CVE-2021-3778
[ 3 ] CVE-2021-3796
https://nvd.nist.gov/vuln/detail/CVE-2021-3796
[ 4 ] CVE-2021-3872
https://nvd.nist.gov/vuln/detail/CVE-2021-3872
[ 5 ] CVE-2021-3875
https://nvd.nist.gov/vuln/detail/CVE-2021-3875
[ 6 ] CVE-2021-3927
https://nvd.nist.gov/vuln/detail/CVE-2021-3927
[ 7 ] CVE-2021-3928
https://nvd.nist.gov/vuln/detail/CVE-2021-3928
[ 8 ] CVE-2021-3968
https://nvd.nist.gov/vuln/detail/CVE-2021-3968
[ 9 ] CVE-2021-3973
https://nvd.nist.gov/vuln/detail/CVE-2021-3973
[ 10 ] CVE-2021-3974
https://nvd.nist.gov/vuln/detail/CVE-2021-3974
[ 11 ] CVE-2021-3984
https://nvd.nist.gov/vuln/detail/CVE-2021-3984
[ 12 ] CVE-2021-4019
https://nvd.nist.gov/vuln/detail/CVE-2021-4019
[ 13 ] CVE-2021-4069
https://nvd.nist.gov/vuln/detail/CVE-2021-4069
[ 14 ] CVE-2021-4136
https://nvd.nist.gov/vuln/detail/CVE-2021-4136
[ 15 ] CVE-2021-4166
https://nvd.nist.gov/vuln/detail/CVE-2021-4166
[ 16 ] CVE-2021-4173
https://nvd.nist.gov/vuln/detail/CVE-2021-4173
[ 17 ] CVE-2021-4187
https://nvd.nist.gov/vuln/detail/CVE-2021-4187
[ 18 ] CVE-2021-4192
https://nvd.nist.gov/vuln/detail/CVE-2021-4192
[ 19 ] CVE-2021-4193
https://nvd.nist.gov/vuln/detail/CVE-2021-4193
[ 20 ] CVE-2021-46059
https://nvd.nist.gov/vuln/detail/CVE-2021-46059
[ 21 ] CVE-2022-0128
https://nvd.nist.gov/vuln/detail/CVE-2022-0128
[ 22 ] CVE-2022-0156
https://nvd.nist.gov/vuln/detail/CVE-2022-0156
[ 23 ] CVE-2022-0158
https://nvd.nist.gov/vuln/detail/CVE-2022-0158
[ 24 ] CVE-2022-0213
https://nvd.nist.gov/vuln/detail/CVE-2022-0213
[ 25 ] CVE-2022-0261
https://nvd.nist.gov/vuln/detail/CVE-2022-0261
[ 26 ] CVE-2022-0318
https://nvd.nist.gov/vuln/detail/CVE-2022-0318
[ 27 ] CVE-2022-0319
https://nvd.nist.gov/vuln/detail/CVE-2022-0319
[ 28 ] CVE-2022-0351
https://nvd.nist.gov/vuln/detail/CVE-2022-0351
[ 29 ] CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
[ 30 ] CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
[ 31 ] CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
[ 32 ] CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
[ 33 ] CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
[ 34 ] CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
[ 35 ] CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
[ 36 ] CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
[ 37 ] CVE-2022-0417
https://nvd.nist.gov/vuln/detail/CVE-2022-0417
[ 38 ] CVE-2022-0443
https://nvd.nist.gov/vuln/detail/CVE-2022-0443
[ 39 ] CVE-2022-0554
https://nvd.nist.gov/vuln/detail/CVE-2022-0554
[ 40 ] CVE-2022-0629
https://nvd.nist.gov/vuln/detail/CVE-2022-0629
[ 41 ] CVE-2022-0685
https://nvd.nist.gov/vuln/detail/CVE-2022-0685
[ 42 ] CVE-2022-0714
https://nvd.nist.gov/vuln/detail/CVE-2022-0714
[ 43 ] CVE-2022-0729
https://nvd.nist.gov/vuln/detail/CVE-2022-0729
[ 44 ] CVE-2022-0943
https://nvd.nist.gov/vuln/detail/CVE-2022-0943
[ 45 ] CVE-2022-1154
https://nvd.nist.gov/vuln/detail/CVE-2022-1154
[ 46 ] CVE-2022-1160
https://nvd.nist.gov/vuln/detail/CVE-2022-1160
[ 47 ] CVE-2022-1381
https://nvd.nist.gov/vuln/detail/CVE-2022-1381
[ 48 ] CVE-2022-1420
https://nvd.nist.gov/vuln/detail/CVE-2022-1420
[ 49 ] CVE-2022-1616
https://nvd.nist.gov/vuln/detail/CVE-2022-1616
[ 50 ] CVE-2022-1619
https://nvd.nist.gov/vuln/detail/CVE-2022-1619
[ 51 ] CVE-2022-1620
https://nvd.nist.gov/vuln/detail/CVE-2022-1620
[ 52 ] CVE-2022-1621
https://nvd.nist.gov/vuln/detail/CVE-2022-1621
[ 53 ] CVE-2022-1629
https://nvd.nist.gov/vuln/detail/CVE-2022-1629
[ 54 ] CVE-2022-1674
https://nvd.nist.gov/vuln/detail/CVE-2022-1674
[ 55 ] CVE-2022-1720
https://nvd.nist.gov/vuln/detail/CVE-2022-1720
[ 56 ] CVE-2022-1733
https://nvd.nist.gov/vuln/detail/CVE-2022-1733
[ 57 ] CVE-2022-1735
https://nvd.nist.gov/vuln/detail/CVE-2022-1735
[ 58 ] CVE-2022-1769
https://nvd.nist.gov/vuln/detail/CVE-2022-1769
[ 59 ] CVE-2022-1771
https://nvd.nist.gov/vuln/detail/CVE-2022-1771
[ 60 ] CVE-2022-1785
https://nvd.nist.gov/vuln/detail/CVE-2022-1785
[ 61 ] CVE-2022-1796
https://nvd.nist.gov/vuln/detail/CVE-2022-1796
[ 62 ] CVE-2022-1851
https://nvd.nist.gov/vuln/detail/CVE-2022-1851
[ 63 ] CVE-2022-1886
https://nvd.nist.gov/vuln/detail/CVE-2022-1886
[ 64 ] CVE-2022-1897
https://nvd.nist.gov/vuln/detail/CVE-2022-1897
[ 65 ] CVE-2022-1898
https://nvd.nist.gov/vuln/detail/CVE-2022-1898
[ 66 ] CVE-2022-1927
https://nvd.nist.gov/vuln/detail/CVE-2022-1927
[ 67 ] CVE-2022-1942
https://nvd.nist.gov/vuln/detail/CVE-2022-1942
[ 68 ] CVE-2022-1968
https://nvd.nist.gov/vuln/detail/CVE-2022-1968
[ 69 ] CVE-2022-2000
https://nvd.nist.gov/vuln/detail/CVE-2022-2000
[ 70 ] CVE-2022-2042
https://nvd.nist.gov/vuln/detail/CVE-2022-2042
[ 71 ] CVE-2022-2124
https://nvd.nist.gov/vuln/detail/CVE-2022-2124
[ 72 ] CVE-2022-2125
https://nvd.nist.gov/vuln/detail/CVE-2022-2125
[ 73 ] CVE-2022-2126
https://nvd.nist.gov/vuln/detail/CVE-2022-2126
[ 74 ] CVE-2022-2129
https://nvd.nist.gov/vuln/detail/CVE-2022-2129
[ 75 ] CVE-2022-2175
https://nvd.nist.gov/vuln/detail/CVE-2022-2175
[ 76 ] CVE-2022-2182
https://nvd.nist.gov/vuln/detail/CVE-2022-2182
[ 77 ] CVE-2022-2183
https://nvd.nist.gov/vuln/detail/CVE-2022-2183
[ 78 ] CVE-2022-2206
https://nvd.nist.gov/vuln/detail/CVE-2022-2206
[ 79 ] CVE-2022-2207
https://nvd.nist.gov/vuln/detail/CVE-2022-2207
[ 80 ] CVE-2022-2208
https://nvd.nist.gov/vuln/detail/CVE-2022-2208
[ 81 ] CVE-2022-2210
https://nvd.nist.gov/vuln/detail/CVE-2022-2210
[ 82 ] CVE-2022-2231
https://nvd.nist.gov/vuln/detail/CVE-2022-2231
[ 83 ] CVE-2022-2257
https://nvd.nist.gov/vuln/detail/CVE-2022-2257
[ 84 ] CVE-2022-2264
https://nvd.nist.gov/vuln/detail/CVE-2022-2264
[ 85 ] CVE-2022-2284
https://nvd.nist.gov/vuln/detail/CVE-2022-2284
[ 86 ] CVE-2022-2285
https://nvd.nist.gov/vuln/detail/CVE-2022-2285
[ 87 ] CVE-2022-2286
https://nvd.nist.gov/vuln/detail/CVE-2022-2286
[ 88 ] CVE-2022-2287
https://nvd.nist.gov/vuln/detail/CVE-2022-2287
[ 89 ] CVE-2022-2288
https://nvd.nist.gov/vuln/detail/CVE-2022-2288
[ 90 ] CVE-2022-2289
https://nvd.nist.gov/vuln/detail/CVE-2022-2289
[ 91 ] CVE-2022-2304
https://nvd.nist.gov/vuln/detail/CVE-2022-2304
[ 92 ] CVE-2022-2343
https://nvd.nist.gov/vuln/detail/CVE-2022-2343
[ 93 ] CVE-2022-2344
https://nvd.nist.gov/vuln/detail/CVE-2022-2344
[ 94 ] CVE-2022-2345
https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. ==========================================================================
Ubuntu Security Notice USN-5723-1
November 14, 2022
vim vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim could be made to crash when searching specially
crafted patterns.
(CVE-2022-1725)
It was discovered that there existed a buffer over-read in Vim when
searching specially crafted patterns. (CVE-2022-2124)
It was discovered that there existed a heap buffer overflow in Vim when
auto-indenting lisp. (CVE-2022-2125)
It was discovered that there existed an out of bounds read in Vim when
performing spelling suggestions. (CVE-2022-2126)
It was discovered that Vim accessed invalid memory when executing specially
crafted command line expressions. An attacker could possibly use this to
crash Vim, access or modify memory, or execute arbitrary commands.
(CVE-2022-2175)
It was discovered that there existed an out-of-bounds read in Vim when
auto-indenting lisp. An attacker could possibly use this to crash Vim,
access or modify memory, or execute arbitrary commands. (CVE-2022-2183)
It was discovered that Vim accessed invalid memory when terminal size
changed. An attacker could possibly use this to crash Vim, access or modify
memory, or execute arbitrary commands. (CVE-2022-2206)
It was discovered that there existed a stack buffer overflow in Vim's
spelldump. (CVE-2022-2304)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 ESM:
vim 2:7.4.1689-3ubuntu1.5+esm13
vim-athena 2:7.4.1689-3ubuntu1.5+esm13
vim-athena-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gnome 2:7.4.1689-3ubuntu1.5+esm13
vim-gnome-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk3 2:7.4.1689-3ubuntu1.5+esm13
vim-gtk3-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-nox 2:7.4.1689-3ubuntu1.5+esm13
vim-nox-py2 2:7.4.1689-3ubuntu1.5+esm13
vim-tiny 2:7.4.1689-3ubuntu1.5+esm13
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5723-1
CVE-2022-1674, CVE-2022-1725, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304
| VAR-202205-0918 | CVE-2021-33069 | Improper resource shutdown and release vulnerability in multiple Intel products |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access
| VAR-202205-0955 | CVE-2022-29031 | Siemens JT2GO and Siemens Teamcenter Visualization Code problem vulnerability |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. Siemens JT2GO and Teamcenter Visualization
| VAR-202205-1012 | CVE-2021-33077 | Vulnerabilities in multiple Intel products |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. (DoS) It may be in a state
| VAR-202205-1000 | CVE-2021-33078 | Race Condition Vulnerability in Multiple Intel Products |
CVSS V2: 4.7 CVSS V3: 4.7 Severity: MEDIUM |
Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
| VAR-202205-1051 | CVE-2021-33082 | Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. optane ssd dc p4800x firmware, optane ssd dc p4801x firmware, optane ssd p5800x Multiple Intel products, such as firmware, contain vulnerabilities related to deletion of important information before storage or transfer.Information may be obtained
| VAR-202205-1037 | CVE-2022-23139 | ZTE of zxmp m721 Fraudulent Authentication Vulnerability in Firmware |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. ZTE of zxmp m721 An incorrect authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ZTE ZXMP M721 is a metro edge OTN (Optical Transport Network) device of China ZTE Corporation (ZTE). Attackers can use this vulnerability to obtain higher permissions
| VAR-202205-0714 | CVE-2022-22139 | Intel's Intel Extreme Tuning Utility (Intel XTU) Vulnerability regarding uncontrolled search path elements in |
CVSS V2: 4.4 CVSS V3: 7.3 Severity: HIGH |
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Extreme Tuning Utility (Intel XTU) Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Extreme Tuning Utility is a software from Intel Corporation that can increase CPU frequency. In addition to supporting CPU and graphics card overclocking, the software also has the functions of system hardware information detection and real-time monitoring of the current system status to ensure system stability after overclocking
| VAR-202205-0949 | CVE-2021-33083 | Authentication Vulnerability in Multiple Intel Products |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access
| VAR-202205-0999 | CVE-2021-33074 | Vulnerabilities in multiple Intel products |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. optane ssd dc p4800x firmware, optane ssd dc p4801x firmware, optane ssd p5800x Multiple Intel products such as firmware have unspecified vulnerabilities.Information may be obtained
| VAR-202205-0683 | CVE-2022-21128 | Intel's Intel Advisor Vulnerability in privilege management in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's Intel Advisor Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Advisor is a design and analysis tool developed by Intel Corporation for developing high-performance code
| VAR-202205-1013 | CVE-2021-33080 | Vulnerability regarding deletion of sensitive information before storage or transfer in multiple Intel products |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. (DoS) It may be in a state
| VAR-202205-0931 | CVE-2022-26510 | InHand Networks of ir302 Firmware Digital Signature Verification Vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. InHand Networks of ir302 Firmware contains a digital signature verification vulnerability.Information may be tampered with. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
| VAR-202205-0948 | CVE-2021-33075 | Race Condition Vulnerability in Multiple Intel Products |
CVSS V2: 4.7 CVSS V3: 4.7 Severity: MEDIUM |
Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access
| VAR-202205-0747 | CVE-2021-26258 | Intel's killer control center Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. Intel's killer control center Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Killer Control Center is a program of Intel Corporation in the United States that inspects applications and sets priorities so that applications that require speed can be given priority in accessing bandwidth
| VAR-202205-0900 | CVE-2022-23743 | of Check Point Software Technologies zonealarm Vulnerability in privilege management in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119. of Check Point Software Technologies zonealarm contains vulnerabilities related to privilege management and improper assignment of permissions to critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0755 | CVE-2021-33108 | Intel's in-band manageability Input verification vulnerability in |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel's in-band manageability There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0927 | CVE-2022-29882 | Cross-site scripting vulnerability in multiple Siemens products |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user. 7kg8500-0aa00-0aa0 firmware, 7kg8500-0aa00-2aa0 firmware, 7kg8500-0aa10-0aa0 Multiple Siemens products such as firmware contain a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30.
A security vulnerability exists in Siemens SICAM P850 and SICAM P855 Devices. The vulnerability can be exploited by an attacker to store an XSS attack. Do whatever you want. Siemens SICAM P850 and SICAM P855
| VAR-202205-0687 | CVE-2022-30040 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state.
Tenda AX1803 v1.0.0.1 1_2890 has a denial of service vulnerability. The vulnerability stems from a boundary error in the ntpserve parameter's handling of untrusted input