CVE-2022-21229
https://notcve.org/view.php?id=CVE-2022-21229
Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. Unas restricciones de búfer inapropiadas para algunos controladores del kit de portátiles Intel(R) NUC 9 Extreme versiones anteriores a 2.2.0.22 pueden permitir que un usuario autenticado habilite potencialmente una escalada de privilegios por medio del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00665.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html •
CVE-2022-26669 – ASUS Control Center - SQL Injection
https://notcve.org/view.php?id=CVE-2022-26669
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. ASUS Control Center es vulnerable a una inyección SQL. Un atacante remoto autenticado con privilegio de usuario general puede inyectar un comando SQL a parámetros específicos de la API para adquirir el esquema de la base de datos o acceder a los datos • https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-26668 – ASUS Control Center - Broken Access Control
https://notcve.org/view.php?id=CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. La API de ASUS Control Center presenta una vulnerabilidad de control de acceso rota. Un atacante remoto no autenticado puede llamar a funciones privilegiadas de la API para llevar a cabo operaciones parciales del sistema o causar una interrupción parcial del servicio • https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.html • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVE-2017-1758
https://notcve.org/view.php?id=CVE-2017-1758
IBM Financial Transaction Manager for ACH Services for Multi-Platform (IBM Control Center 6.0 and 6.1, IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4, and 3.1.0, IBM Transformation Extender Advanced 9.0) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 135859. IBM Financial Transaction Manager para ACH Services Multi-Platform (IBM Control Center 6.0 y 6.1; IBM Financial Transaction Manager 3.0.2, 3.0.3, 3.0.4 y 3.1.0; IBM Transformation Extender Advanced 9.0) es vulnerable a un ataque de XEE (XML External Entity) al procesar datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información sensible o consumir recursos de la memoria. • http://www.ibm.com/support/docview.wss?uid=swg22012828 http://www.ibm.com/support/docview.wss?uid=swg22013375 http://www.ibm.com/support/docview.wss?uid=swg22013432 http://www.securityfocus.com/bid/103130 https://exchange.xforce.ibmcloud.com/vulnerabilities/135859 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2016-0252
https://notcve.org/view.php?id=CVE-2016-0252
IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control Center 5.4.x before 5.4.2.1 iFix09 allow local users to decrypt the master key via unspecified vectors. IBM Control Center 6.x en versiones anteriores a 6.0.0.1 iFix06 y Sterling Control Center 5.4.x en versiones anteriores a 5.4.2.1 iFix09 permiten a usuarios locales descifrar la clave maestra a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21985641 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •