Page 7 of 43 results (0.011 seconds)

CVSS: 4.4EPSS: 0%CPEs: 333EXPL: 0

Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access. Una lectura fuera de límites de un subsistema en Intel® CSME versiones anteriores a 12.0.81, 13.0.47, 13.30.17, 14.1.53 y 14.5.32 puede permitir a un usuario privilegiado habilitar potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210611-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html • CWE-125: Out-of-bounds Read •

CVSS: 6.7EPSS: 0%CPEs: 576EXPL: 0

Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. Unas restricciones de búfer inapropiadas en un subsistema en Intel® CSME versiones anteriores a 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 y 15.0.22 pueden permitir a un usuario privilegiado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210611-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 4.4EPSS: 0%CPEs: 618EXPL: 0

Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. Una inicialización inapropiada en un subsistema en Intel® CSME versiones anteriores a 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 y 15.0.22 puede habilitar a un usuario privilegiado para permitir potencialmente una divulgación de información por medio de un acceso local • https://cert-portal.siemens.com/productcert/pdf/ssa-309571.pdf https://security.netapp.com/advisory/ntap-20210611-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00459.html • CWE-665: Improper Initialization •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 7.8EPSS: 0%CPEs: 291EXPL: 0

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel En la función psi_write del archivo psi.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://source.android.com/security/bulletin/2020-05-01 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html • CWE-787: Out-of-bounds Write •