Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34972 | 1 So Filter Shop By Project | 1 So Filter Shop By | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. | |||||
| CVE-2022-32413 | 1 Dice Project | 1 Dice | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-32311 | 1 Ingredient Stock Management System Project | 1 Ingredient Stock Management System | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. | |||||
| CVE-2022-31856 | 1 Newsletter Module Project | 1 Newsletter Module | 2022-07-13 | 7.5 HIGH | 9.8 CRITICAL |
| Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. | |||||
| CVE-2022-28327 | 1 Golang | 1 Go | 2022-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | |||||
| CVE-2021-44915 | 1 Taogogo | 1 Taocms | 2022-07-13 | 6.5 MEDIUM | 7.2 HIGH |
| Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. | |||||
| CVE-2022-31770 | 1 Ibm | 1 App Connect Enterprise Certified Container | 2022-07-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. | |||||
| CVE-2021-43116 | 1 Alibaba | 1 Nacos | 2022-07-13 | 6.5 MEDIUM | 8.8 HIGH |
| An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. | |||||
| CVE-2022-2309 | 2 Lxml, Xmlsoft | 2 Lxml, Libxml2 | 2022-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | |||||
| CVE-2022-32988 | 1 Asus | 2 Dsl-n14u-b1, Dsl-n14u-b1 Firmware | 2022-07-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. | |||||
| CVE-2020-4757 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2022-07-12 | 3.5 LOW | 6.4 MEDIUM |
| IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. | |||||
| CVE-2022-28200 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2022-07-12 | 4.6 MEDIUM | 8.2 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-32158 | 1 Splunk | 1 Splunk | 2022-07-12 | 7.5 HIGH | 10.0 CRITICAL |
| Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server. | |||||
| CVE-2022-33328 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. | |||||
| CVE-2022-33327 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. | |||||
| CVE-2022-33326 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. | |||||
| CVE-2022-33325 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. | |||||
| CVE-2022-33314 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. | |||||
| CVE-2022-33313 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. | |||||
| CVE-2022-33312 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. | |||||
| CVE-2022-33329 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. | |||||
| CVE-2022-32585 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-28127 | 1 Robustel | 2 R1510, R1510 Firmware | 2022-07-12 | 6.4 MEDIUM | 9.1 CRITICAL |
| A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-34911 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). | |||||
| CVE-2022-34912 | 1 Mediawiki | 1 Mediawiki | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. | |||||
| CVE-2022-25876 | 1 Link-preview-js Project | 1 Link-preview-js | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. | |||||
| CVE-2022-32551 | 1 Zohocorp | 1 Manageengine Servicedesk Plus Msp | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). | |||||
| CVE-2022-0250 | 1 Redirection-for-contact-form7 | 1 Redirection For Contact Form 7 | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2022-1946 | 1 Wpdevart | 1 Gallery | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2022-1967 | 1 Wp-championship Project | 1 Wp-championship | 2022-07-12 | 4.3 MEDIUM | 6.5 MEDIUM |
| The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2022-27803 | 1 Cybozu | 1 Garoon | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. | |||||
| CVE-2022-2297 | 2022-07-12 | N/A | N/A | ||
| A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?> leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2293 | 2022-07-12 | N/A | N/A | ||
| A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ci_ssms/index.php/orders/create. The manipulation of the argument customer_name with the input <script>alert("XSS")</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2292 | 2022-07-12 | N/A | N/A | ||
| A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. Affected is an unknown function of the file /ci_hms/massage_room/edit/1 of the component Room Edit Page. The manipulation of the argument massageroomDetails with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2291 | 2022-07-12 | N/A | N/A | ||
| A vulnerability was found in SourceCodester Hotel Management System 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /ci_hms/search of the component Search. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-44975 | 1 Radare | 1 Radare2 | 2022-07-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | |||||
| CVE-2021-42659 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2022-07-12 | 6.1 MEDIUM | 6.5 MEDIUM |
| There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. | |||||
| CVE-2021-34111 | 1 Thecus | 2 N4800eco, N4800eco Firmware | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. | |||||
| CVE-2020-4970 | 1 Ibm | 1 Security Identity Manager | 2022-07-12 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.4, 5.2.5, and 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 192429. | |||||
| CVE-2021-38872 | 1 Ibm | 1 Datapower Gateway | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. | |||||
| CVE-2020-4957 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. | |||||
| CVE-2021-42897 | 1 Feminer Wms Project | 1 Feminer Wms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| A remote command execution (RCE) vulnerability was found in FeMiner wms V1.0 in /wms/src/system/datarec.php. The $_POST[r_name] is directly passed into the $mysqlstr and is executed by exec. | |||||
| CVE-2021-46785 | 1 Huawei | 2 Emui, Harmonyos | 2022-07-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier. | |||||
| CVE-2021-33130 | 1 Intel | 2 Realsense Id F450, Realsense Id F450 Firmware | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2021-33123 | 1 Intel | 1346 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 1343 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-33122 | 1 Intel | 466 Celeron N4000, Celeron N4000 Firmware, Celeron N4020 and 463 more | 2022-07-12 | 7.2 HIGH | 7.8 HIGH |
| Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-33117 | 1 Intel | 54 Bios, Xeon Gold 5315y, Xeon Gold 5317 and 51 more | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. | |||||
| CVE-2021-33082 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2022-07-12 | 2.1 LOW | 4.6 MEDIUM |
| Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. | |||||
| CVE-2021-33080 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2022-07-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access. | |||||
| CVE-2021-33077 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2022-07-12 | 4.6 MEDIUM | 6.8 MEDIUM |
| Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||