CVE-2022-41322
https://notcve.org/view.php?id=CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. • https://bugs.gentoo.org/868543 https://github.com/kovidgoyal/kitty/commit/f05783e64d5fa62e1aed603e8d69aced5e49824f https://github.com/kovidgoyal/kitty/compare/v0.26.1...v0.26.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/47RK7MBSVY5BWDUTYMJUFPBAYFSWMTOI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6RRNAPU33PHEH64P77YL3AJO6CTZGHTX https://security.gentoo.org/glsa/202209-22 https://sw.kovidgoyal.net/kitty/changelog/#detailed-list • CWE-116: Improper Encoding or Escaping of Output •
CVE-2022-30426
https://notcve.org/view.php?id=CVE-2022-30426
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. • http://acer.com http://altos.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-30426/CVE-2022-30426.md • CWE-787: Out-of-bounds Write •
CVE-2022-35408
https://notcve.org/view.php?id=CVE-2022-35408
An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. • https://binarly.io/advisories/BRLY-2022-022/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022031 •
CVE-2022-35895
https://notcve.org/view.php?id=CVE-2022-35895
The FwBlockSericceSmm driver does not properly validate input parameters for a software SMI routine, leading to memory corruption of arbitrary addresses including SMRAM, and possible arbitrary code execution. • https://binarly.io/advisories/BRLY-2022-024/index.html https://www.insyde.com/security-pledge https://www.insyde.com/security-pledge/SA-2022033 • CWE-787: Out-of-bounds Write •
CVE-2022-28637
https://notcve.org/view.php?id=CVE-2022-28637
A local Denial of Service (DoS) and local arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 (iLO 5) in Version: 2.71. • https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf04365en_us •