Another1024

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** A race condition in the BIOS firmware of some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. This issue is related to synchronization errors when using shared resources. The exploitation of this issue can allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel NUC BIOS firmware versions prior to IN0048 **Description** The issue is related to improper input validation in the Intel NUC BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** For Intel NUC BIOS firmware versions prior to IN0048, update to version IN0048 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Intel NUC BIOS firmware versions prior to IN0048 **Description** The issue is related to improper buffer restrictions in the Intel NUC BIOS firmware, which may allow a privileged user to potentially enable escalation of privilege via local access. This could be exploited by a user with local access to the system. **Recommendations** For Intel NUC BIOS firmware versions prior to IN0048, update to version IN0048 or later to resolve the issue. As a temporary workaround, consider restricting local access to the system to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Dell Precision Tower BIOS (affected versions not specified) **Description** The issue is related to an Improper Input Validation vulnerability. A locally authenticated malicious user with admin privileges could potentially exploit this vulnerability to perform arbitrary code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dell BIOS (affected versions not specified) **Description** A Time-of-check Time-of-use vulnerability exists in Dell BIOS, allowing a local authenticated malicious user with physical access to the system to potentially exploit this issue. The exploitation could occur by using a specifically timed DMA transaction during an SMI, which could lead to arbitrary code execution on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) NUC BIOS firmware (affected versions not specified) **Description** A race condition in the Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.5 macOS Big Sur versions prior to 11.6.8 Security Update versions prior to 2022-005 Catalina **Description** An access issue was addressed with improvements to the sandbox, allowing an app to potentially access sensitive user information. **Recommendations** For macOS versions prior to 12.5, update to macOS Monterey 12.5. For macOS Big Sur versions prior to 11.6.8, update to macOS Big Sur 11.6.8. For Security Update versions prior to 2022-005 Catalina, apply Security Update 2022-005 Catalina.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.3 macOS Catalina versions prior to Security Update 2022-001 **Description** A malicious application may be able to bypass certain Privacy preferences due to this issue. The issue was addressed with improved checks. **Recommendations** For macOS Catalina, apply Security Update 2022-001 to resolve the issue. For macOS Big Sur, update to version 11.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tinyftpd version 1.1 **Description** A buffer overflow issue exists in the `text` variable of the `do mkd` function in the ftpproto.c file. This allows an attacker to potentially overwrite ebp by providing a long pathname. **Recommendations** For Tinyftpd version 1.1, consider restricting access to the `do mkd` function until a patch is available to prevent exploitation of the buffer overflow issue.