CVSS: 8.2EPSS: 0%CPEs: 568EXPL: 0CVE-2019-11137
https://notcve.org/view.php?id=CVE-2019-11137
Insufficient input validation in system firmware for Intel(R) Xeon(R) Scalable Processors, Intel(R) Xeon(R) Processors D Family, Intel(R) Xeon(R) Processors E5 v4 Family, Intel(R) Xeon(R) Processors E7 v4 Family and Intel(R) Atom(R) processor C Series may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Una comprobación de entrada insuficiente en el firmware del sistema para Intel® Xeon® Scalable Processors, Intel® Xeon® Processors D Family, Intel® Xeon® Processors E5 v4 Family, Intel® Xeon® Processors E7 v4 Family y Intel® Atom® processor C Series, puede habilitar a un usuario privilegiado para permitir una escalada de privilegios, una denegación de servicio y/o una divulgación de información por medio de un acceso local. • https://support.f5.com/csp/article/K56215245?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03967en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 568EXPL: 0CVE-2019-11136
https://notcve.org/view.php?id=CVE-2019-11136
Insufficient access control in system firmware for Intel(R) Xeon(R) Scalable Processors, 2nd Generation Intel(R) Xeon(R) Scalable Processors and Intel(R) Xeon(R) Processors D Family may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access. Un control de acceso insuficiente en el firmware del sistema para Intel® Xeon® Scalable Processors, 2nd Generation Intel® Xeon® Scalable Processors y Intel® Xeon® Processors D Family, puede habilitar a un usuario privilegiado para permitir potencialmente una escalada de privilegios, una denegación de servicio y/o una divulgación de información por medio de un acceso local. • https://support.f5.com/csp/article/K56215245?utm_source=f5support&%3Butm_medium=RSS https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03967en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html •
CVSS: 5.5EPSS: 0%CPEs: 205EXPL: 0CVE-2018-7112
https://notcve.org/view.php?id=CVE-2018-7112
The HPE-provided Windows firmware installer for certain Gen9, Gen8, G7,and G6 HPE servers allows local disclosure of privileged information. This issue was resolved in previously provided firmware updates as follows. The HPE Windows firmware installer was updated in the system ROM updates which also addressed the original Spectre/Meltdown set of vulnerabilities. At that time, the Windows firmware installer was also updated in the versions of HPE Integrated Lights-Out 2, 3, and 4 (iLO 2, 3, and 4) listed in the security bulletin. The updated HPE Windows firmware installer was released in the system ROM and HPE Integrated Lights-Out (iLO) releases documented in earlier HPE Security Bulletins: HPESBHF03805, HPESBHF03835, HPESBHF03831. • http://www.securitytracker.com/id/1041984 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03805en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03831en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03835en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03869en_us •