CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-25505
https://notcve.org/view.php?id=CVE-2023-25505
NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0209
https://notcve.org/view.php?id=CVE-2023-0209
NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. • https://nvidia.custhelp.com/app/answers/detail/a_id/5458 • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36963 – SolarWinds Platform Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2022-36963
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecuteExternalProgram method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. • https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm https://www.solarwinds.com/trust-center/security-advisories/cve-2022-36963 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2021-33974
https://notcve.org/view.php?id=CVE-2021-33974
. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability. • https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html https://pastebin.com/ms1ivjYe • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-33971
https://notcve.org/view.php?id=CVE-2021-33971
. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. • https://MemoryCorruptor.blogspot.com/p/vulnerabilities-disclosures.html https://pastebin.com/31v5JMcG https://www.youtube.com/channel/UCLJ6fZxUqbmPe4jiwC6o4hg • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •