Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
Category Archives: Advisories
CVE-2021-0153
Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
CVE-2021-0154
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
CVE-2021-0155
Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2021-0159
Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
CVE-2021-0188
Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
CVE-2021-0189
Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.
SEC Consult SA-20220512-0 :: Sandbox Escape with Root Access & Clear-text passwords in Konica Minolta bizhub MFP Printer Terminals
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 12
SEC Consult Vulnerability Lab Security Advisory < 20220512-0 >
=======================================================================
title: Sandbox Escape with Root Access & Clear-text passwords
product: Multiple Konica Minolta bizhub MFP Printer Terminals
vulnerable version: see vulnerable / tested versions below
fixed version: see solution section below
CVE number: CVE-2022-29586,…
Re: Defense in depth — the Microsoft way (part 80): 25 (in words: TWENTY-FIVE) year old TRIVIAL bug crashes CMD.exe
Posted by Tavis Ormandy on May 12
They’re explaining that you need privileges to attack *other* users. I don’t
think anyone is disputing you can “attack” yourself.
I know, I know – we’ve had this discussion before, and nothing will
convince you that this isn’t a vulnerability 🙂
Tavis.
USN-5420-1: Vorbis vulnerabilities
It was discovered that Vorbis incorrectly handled certain files.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code.
(CVE-2017-14160, CVE-2018-10392, CVE-2018-10393)