CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-21229
https://notcve.org/view.php?id=CVE-2022-21229
Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. Unas restricciones de búfer inapropiadas para algunos controladores del kit de portátiles Intel(R) NUC 9 Extreme versiones anteriores a 2.2.0.22 pueden permitir que un usuario autenticado habilite potencialmente una escalada de privilegios por medio del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00665.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26669 – ASUS Control Center - SQL Injection
https://notcve.org/view.php?id=CVE-2022-26669
ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. ASUS Control Center es vulnerable a una inyección SQL. Un atacante remoto autenticado con privilegio de usuario general puede inyectar un comando SQL a parámetros específicos de la API para adquirir el esquema de la base de datos o acceder a los datos • https://www.twcert.org.tw/tw/cp-132-6056-b0d90-1.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-26668 – ASUS Control Center - Broken Access Control
https://notcve.org/view.php?id=CVE-2022-26668
ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. La API de ASUS Control Center presenta una vulnerabilidad de control de acceso rota. Un atacante remoto no autenticado puede llamar a funciones privilegiadas de la API para llevar a cabo operaciones parciales del sistema o causar una interrupción parcial del servicio • https://www.twcert.org.tw/tw/cp-132-6055-c6500-1.html • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0CVE-2008-5420 – EMC Control Center SST_SENDFILE Remote File Retrieval Vulnerability
https://notcve.org/view.php?id=CVE-2008-5420
The SAN Manager Master Agent service (aka msragent.exe) in EMC Control Center before 6.1 does not properly authenticate SST_SENDFILE requests, which allows remote attackers to read arbitrary files. El servicio SAN Manager Master Agent (alias msragent.exe)en EMC Control Center anterior 6.1 no autentica adecuadamente peticiones SST_SENDFILE, las cuales permiten a atacantes remotos leer archivos de su elección. This vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. • http://osvdb.org/50032 http://secunia.com/advisories/32801 http://securityreason.com/securityalert/4709 http://www.securityfocus.com/archive/1/498556/100/0/threaded http://www.securityfocus.com/bid/32392 http://www.securitytracker.com/id?1021263 http://www.vupen.com/english/advisories/2008/3220 http://www.zerodayinitiative.com/advisories/ZDI-08-076 https://exchange.xforce.ibmcloud.com/vulnerabilities/46753 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •