CVSS: 7.8EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32487
https://notcve.org/view.php?id=CVE-2022-32487
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 580EXPL: 0CVE-2022-32485
https://notcve.org/view.php?id=CVE-2022-32485
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000203758 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-40871
https://notcve.org/view.php?id=CVE-2022-40871
Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection. By default, any administrator can be added to the installation page of dolibarr, and if successfully added, malicious code can be inserted into the database and then execute it by eval. Dolibarr ERP & CRM versiones anteriores a 15.0.3 incluyéndola, es vulnerable a una inyección de Eval. Por defecto, cualquier administrador puede ser añadido a la página de instalación de dolibarr, y si es añadido con éxito, puede insertarse código malicioso en la base de datos y luego ejecutarlo por eval • https://github.com/youncyb/dolibarr-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32492
https://notcve.org/view.php?id=CVE-2022-32492
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-32486
https://notcve.org/view.php?id=CVE-2022-32486
A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM. • https://www.dell.com/support/kbdoc/000202772 • CWE-20: Improper Input Validation •