4 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 5.6EPSS: 0%CPEs: 1321EXPL: 0

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html Una inyección de valor de carga en algunos Procesadores Intel® que utilizan una ejecución especulativa puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un canal lateral con acceso local. La lista de productos afectados es proporcionada en intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html • https://security.netapp.com/advisory/ntap-20200320-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html •

CVSS: 5.6EPSS: 0%CPEs: 752EXPL: 0

Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html Un reenvío de datos inapropiado en alguna cache de datos de algunos Procesadores Intel® puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local. La lista de productos afectados es proporcionada en intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html • https://security.netapp.com/advisory/ntap-20200320-0001 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html •

CVSS: 6.0EPSS: 0%CPEs: 311EXPL: 0

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. La configuración de SPI Flash, en plataformas basadas en múltiples plataformas de Intel, permite que un atacante local altere el comportamiento del flash SPI. Esto podría conducir a una denegación de servicio (DoS). • http://www.securitytracker.com/id/1040626 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00087&languageid=en-fr https://security.netapp.com/advisory/ntap-20180924-0004 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03867en_us • CWE-269: Improper Privilege Management •