3 results (0.006 seconds)

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 9.0EPSS: 1%CPEs: 402EXPL: 0

Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. Desbordamiento de búfer en el kernel en Active Management Technology (AMT) en Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 permite que un atacante con acceso local al sistema ejecute código arbitrario con el privilegio de ejecución AMT. • http://www.securityfocus.com/bid/101920 http://www.securitytracker.com/id/1039852 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 402EXPL: 0

Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege. Múltiples desbordamientos de búfer en el kernel en Active Management Technology (AMT) en Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 permiten que un atacante con acceso local al sistema ejecute código arbitrario con el privilegio de ejecución AMT. • http://www.securityfocus.com/bid/101918 http://www.securitytracker.com/id/1039852 https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr https://security.netapp.com/advisory/ntap-20171120-0001 https://www.asus.com/News/wzeltG5CjYaIwGJ0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •