Page 14 of 79 results (0.017 seconds)

CVSS: 7.8EPSS: 0%CPEs: 160EXPL: 0

Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. Unas restricciones de búfer inapropiadas en el firmware de la BIOS para las familias de Intel® Core™ Processor de 7ma, 8va, 9na y 10ma generación, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios y/o una denegación de servicio por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 7.8EPSS: 0%CPEs: 291EXPL: 0

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel En la función psi_write del archivo psi.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://source.android.com/security/bulletin/2020-05-01 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html • CWE-787: Out-of-bounds Write •

CVSS: 5.6EPSS: 0%CPEs: 1321EXPL: 0

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html Una inyección de valor de carga en algunos Procesadores Intel® que utilizan una ejecución especulativa puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un canal lateral con acceso local. La lista de productos afectados es proporcionada en intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html • https://security.netapp.com/advisory/ntap-20200320-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html •

CVSS: 6.5EPSS: 0%CPEs: 897EXPL: 0

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Unos errores de limpieza en algunos desalojos de caché de datos para algunos procesadores Intel(R), pueden permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio del acceso local. A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y https://security.netapp.com/advisory/ntap-20200210-0004 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •