CVSS: 5.9EPSS: 0%CPEs: 13EXPL: 0CVE-2019-11090
https://notcve.org/view.php?id=CVE-2019-11090
Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access. Condiciones de sincronización criptográfica en el subsistema para Intel® PTT versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 y 14.0.10; Intel® TXE 3.1.70 y 4.0.20; Intel® SPS versiones anteriores a SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0, puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso de red. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-0091
https://notcve.org/view.php?id=CVE-2019-0091
Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access. Vulnerabilidad de inyección de código en el instalador para Intel (R) CSME anterior a las versiones 11.8.65, 11.11.65, 11.22.65, 12.0.35 e Intel (R) TXE versiones 3.1.65, 4.0.15 puede permitir que un usuario sin privilegios habilite potencialmente un aumento de privilegios por medio de un acceso local. • https://support.f5.com/csp/article/K21423526 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00213.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 11EXPL: 0CVE-2013-5740
https://notcve.org/view.php?id=CVE-2013-5740
Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors. Vulnerabilidad no especificada en Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) anteriores a v1.2, usados por Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, y C206 chipsets y Mobile Intel QM67 y QS67 chipsets, cuando el measured launch environment (MLE) es invocado, permite a usuarios locales saltarse el mecanismo de protección (Trusted Execution Technology) y llevar a cabo otras funciones SINIT ACM no especificadas a través de vectores no especificados. • http://support.citrix.com/article/CTX138633 https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00035&languageid=en-fr •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2009-0066
https://notcve.org/view.php?id=CVE-2009-0066
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes. Múltiples vulnerabilidades sin especificar en Intel system software para Trusted Execution Technology (TXT) permite a atacantes remotos evitar las protecciones de integridad del cargador previstas, como se demostró con la explotación de tboot. NOTA: a fecha de 07-01-2009, la única revelación es un pre-aviso impreciso sin información de uso inmediato. • http://blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Wojtczuk http://invisiblethingslab.com/press/itl-press-2009-01.pdf http://theinvisiblethings.blogspot.com/2009/01/attacking-intel-trusted-execution.html http://www.securityfocus.com/bid/33119 •