Page 2 of 13 results (0.007 seconds)

CVSS: 4.6EPSS: 0%CPEs: 715EXPL: 0

Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. Unas credenciales insuficientemente protegidas en el aprovisionamiento USB para Intel(R) AMT SDK versiones anteriores a 16.0.3, Intel(R) SCS versiones anteriores a 12.2 e Intel(R) MEBx versiones anteriores a 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 y 15.0.0.0004, pueden permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de acceso físico • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00575.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html • CWE-522: Insufficiently Protected Credentials •

CVSS: 7.2EPSS: 0%CPEs: 1312EXPL: 0

Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. Un valor de retorno no comprobado en el firmware de algunos procesadores Intel(R) puede permitir a un usuario con privilegios habilitar potencialmente una escalada de privilegios mediante acceso local. • https://security.netapp.com/advisory/ntap-20220210-0007 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 7.2EPSS: 0%CPEs: 1312EXPL: 0

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access. Una inicialización no segura de variables predeterminadas para la funcionalidad Intel BSSA DFT puede permitir a un usuario con privilegios habilitar potencialmente una escalada de privilegios por medio de acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00525.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00527.html • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 5.5EPSS: 0%CPEs: 502EXPL: 0

Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una eliminación inapropiada de información confidencial antes del almacenamiento o transferencia en algunos Intel® Processors, puede habilitar a un usuario autenticado para permitir potencialmente una divulgación de información por medio de un acceso local A flaw was found in the Intel Advanced Vector Extensions (AVX) implementation, where a local authenticated attacker with the ability to execute AVX instructions can gather the AVX register state from previous AVX executions. This vulnerability allows information disclosure of the AVX register state. • https://lists.debian.org/debian-lts-announce/2021/02/msg00007.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MAAGIK5CXKBPGY3R4UR5VO56M7MKLZ43 https://security.netapp.com/advisory/ntap-20201113-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381 https://access.redhat.com/security/cve/CVE-2020-8696 https://bugzilla.redhat.com/show_bug.cgi?id=1890355 https://access.redhat.com/articles/5569051 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •