CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22745 – Buffer Overlow in TSS2_RC_Decode in tpm2-tss
https://notcve.org/view.php?id=CVE-2023-22745
This Buffer overrun, could result in arbitrary code execution. ... This buffer overrun could result in arbitrary code execution. • https://github.com/tpm2-software/tpm2-tss/commit/306490c8d848c367faa2d9df81f5e69dab46ffb5 https://github.com/tpm2-software/tpm2-tss/security/advisories/GHSA-4j3v-fh23-vx67 https://access.redhat.com/security/cve/CVE-2023-22745 https://bugzilla.redhat.com/show_bug.cgi?id=2162610 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-47990 – IBM AIX denial of service
https://notcve.org/view.php?id=CVE-2022-47990
IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflow that could result in a denial of service or arbitrary code execution. • https://exchange.xforce.ibmcloud.com/vulnerabilities/243556 https://www.ibm.com/support/pages/node/6855827 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32490
https://notcve.org/view.php?id=CVE-2022-32490
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204685 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-34401
https://notcve.org/view.php?id=CVE-2022-34401
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter in order to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204679 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2022-34460
https://notcve.org/view.php?id=CVE-2022-34460
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000204686 • CWE-20: Improper Input Validation •