Security Vulnerabilities - CVEs Published In November 2023
A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP CamerasĀ with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. While parsing
certain XML elements from incoming network requests, the product does
not sufficiently check or validate allocated buffer size. This may lead
to remote code execution.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-11-08
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 has a
command injection vulnerability in their implementation of their
binaries and handling of network requests.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-11-08
A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
Zavio CF7500, CF7300, CF7201, CF7501, CB3211, CB3212, CB5220,
CB6231, B8520, B8220, and CD321
IP Cameras
with firmware version M2.1.6.05 are
vulnerable to multiple instances of stack-based overflows. During the
processing and parsing of certain fields in XML elements from incoming
network requests, the product does not sufficiently check or validate
allocated buffer size. This may lead to remote code execution.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-11-08
A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08
A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-11-08