Show filters
37 Total Results
Displaying 1-10 of 37
Sort by:
Attacker Value
Very High

CVE-2021-38647

Disclosure Date: September 15, 2021 (last updated February 23, 2025)
Open Management Infrastructure Remote Code Execution Vulnerability
3
2
Attacker Value
Moderate

CVE-2021-38648

Disclosure Date: September 15, 2021 (last updated February 23, 2025)
Open Management Infrastructure Elevation of Privilege Vulnerability
1
1
Attacker Value
Unknown

CVE-2024-42492

Disclosure Date: February 12, 2025 (last updated February 13, 2025)
Uncontrolled search path element in some BIOS and System Firmware Update Package for Intel(R) Server M50FCP family before version R01.02.0002 may allow a privileged user to potentially enable escalation of privilege via local access.
0
0
Attacker Value
Unknown

CVE-2023-4727

Disclosure Date: June 11, 2024 (last updated November 21, 2024)
A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with an existing session saved in the LDAP directory server, which may lead to escalation of privilege.
0
0
Attacker Value
Unknown

CVE-2024-21330

Disclosure Date: March 12, 2024 (last updated January 12, 2025)
Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-7093

Disclosure Date: December 25, 2023 (last updated January 06, 2024)
A vulnerability classified as critical has been found in KylinSoft kylin-system-updater up to 2.0.5.16-0k2.33. Affected is an unknown function of the file /usr/share/kylin-system-updater/SystemUpdater/UpgradeStrategiesDbus.py of the component com.kylin.systemupgrade Service. The manipulation of the argument SetDownloadspeedMax leads to os command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248940. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-4632

Disclosure Date: November 08, 2023 (last updated November 17, 2023)
An uncontrolled search path vulnerability was reported in Lenovo System Update that could allow an attacker with local access to execute code with elevated privileges.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3702

Disclosure Date: October 27, 2023 (last updated November 08, 2023)
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3701

Disclosure Date: October 27, 2023 (last updated November 08, 2023)
A privilege elevation vulnerability was reported in the Lenovo Vantage SystemUpdate plugin version 2.0.0.212 and earlier that could allow a local attacker to execute arbitrary code with elevated privileges.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-3700

Disclosure Date: October 27, 2023 (last updated November 08, 2023)
A Time of Check Time of Use (TOCTOU) vulnerability was reported in the Lenovo Vantage SystemUpdate Plugin version 2.0.0.212 and earlier that could allow a local attacker to delete arbitrary files.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >