CVE-2022-40135
An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
Source: CVE-2022-40135
[월:] 2023년 01월
CVE-2022-40137
CVE-2022-40137
A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code.
Source: CVE-2022-40137
CVE-2022-40136
CVE-2022-40136
An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory.
Source: CVE-2022-40136
CVE-2022-48006
CVE-2022-48006
An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php.
Source: CVE-2022-48006
CVE-2023-22315
CVE-2023-22315
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code.
Source: CVE-2023-22315
CVE-2022-34888
CVE-2022-34888
The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect.
Source: CVE-2022-34888
CVE-2022-34885
CVE-2022-34885
An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code.
Source: CVE-2022-34885
CVE-2022-34884
CVE-2022-34884
A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service.
Source: CVE-2022-34884
CVE-2023-0097
CVE-2023-0097
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Source: CVE-2023-0097
CVE-2023-0033
CVE-2023-0033
The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.
Source: CVE-2023-0033