Page 5 of 114 results (0.001 seconds)

CVSS: 7.9EPSS: 0%CPEs: 894EXPL: 0

Time-of-check time-of-use race condition in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. La condición de ejecución de tiempo de verificación y tiempo de uso en el firmware del BIOS para Intel(R) Processors, puede permitir que un usuario con privilegios habilite la escalada de privilegios a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00688.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Una escritura fuera de límites en el firmware de la BIOS para algunos procesadores Intel(R) puede permitir que un usuario autenticado permita potencialmente una escalada de privilegios por medio de acceso local. • https://security.netapp.com/advisory/ntap-20220930-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00686.html • CWE-787: Out-of-bounds Write •

CVSS: 6.0EPSS: 0%CPEs: 668EXPL: 0

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Un aislamiento inapropiado de los recursos compartidos en algunos procesadores Intel(R) puede permitir que un usuario privilegiado permita potencialmente la divulgación de información a través del acceso local. A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. • https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html https://security.netapp.com/advisory/ntap-20220923-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html https://access.redhat.com/security/cve/CVE-2022-21233 https://bugzilla.redhat.com/show_bug.cgi?id=2115640 https://access.redhat.com/solutions/6971358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 983EXPL: 0

Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Una compartición no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente la divulgación de información por medio de acceso local. A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20221007-0005 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html https://access.redhat.com/security/cve/CVE-2022-26373 https://bugzilla.redhat.com/show_bug.cgi?id=2115065 https://access.redhat.com/solutions/6971358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 814EXPL: 0

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. Una comprobación inapropiada de entradas en algunos procesadores Intel(R) puede permitir que un usuario autenticado cause potencialmente una denegación de servicio por medio de acceso local • http://www.openwall.com/lists/oss-security/2022/06/16/1 https://security.netapp.com/advisory/ntap-20220624-0006 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00645.html • CWE-20: Improper Input Validation •