A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.

Improper access control in System Management Mode (SMM) may allow an attacker to write to SPI ROM potentially leading to arbitrary code execution.

Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.