Page 9 of 54 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 160EXPL: 0

CVE-2020-0529

https://notcve.org/view.php?id=CVE-2020-0529

Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access. Una inicialización inapropiada en el firmware de la BIOS para las familias de Intel® Core™ Processor de 8va, 9na y 10ma generación, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html • CWE-665: Improper Initialization •

CVSS: 7.8EPSS: 0%CPEs: 160EXPL: 0

CVE-2020-0528

https://notcve.org/view.php?id=CVE-2020-0528

Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. Unas restricciones de búfer inapropiadas en el firmware de la BIOS para las familias de Intel® Core™ Processor de 7ma, 8va, 9na y 10ma generación, pueden permitir a un usuario autenticado habilitar potencialmente una escalada de privilegios y/o una denegación de servicio por medio de un acceso local • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00322.html •

CVSS: 6.5EPSS: 0%CPEs: 727EXPL: 0

CVE-2020-0543 – hw: Special Register Buffer Data Sampling (SRBDS)

https://notcve.org/view.php?id=CVE-2020-0543

Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Una limpieza incompleta de operaciones de lectura de un registro especial específico en algunos Intel® Processors puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un acceso local A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00031.html http://www.openwall.com/lists/oss-security/2020/07/14/5 https://cert-portal.siemens.com/productcert/pdf/ssa-534763.pdf https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-459: Incomplete Cleanup •

CVSS: 7.8EPSS: 0%CPEs: 291EXPL: 0

CVE-2020-0110

https://notcve.org/view.php?id=CVE-2020-0110

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel En la función psi_write del archivo psi.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una escalada local de privilegios sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para su explotación. • https://source.android.com/security/bulletin/2020-05-01 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00533.html • CWE-787: Out-of-bounds Write •

CVSS: 6.5EPSS: 0%CPEs: 897EXPL: 0

CVE-2020-0549 – hw: L1D Cache Eviction Sampling

https://notcve.org/view.php?id=CVE-2020-0549

Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Unos errores de limpieza en algunos desalojos de caché de datos para algunos procesadores Intel(R), pueden permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio del acceso local. A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents (which were expected to be blank) can be inferred using MDS or TAA style attack methods to allow a local attacker to infer fill buffer values. • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00016.html https://kc.mcafee.com/corporate/index?page=content&id=SB10318 https://lists.debian.org/debian-lts-announce/2020/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DT2VKDMQ3I37NBNJ256A2EXR7OJHXXKZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T5OUM24ZC43G4IDT3JUCIHJTSDXJSK6Y https://security.netapp.com/advisory/ntap-20200210-0004 https://usn.ubunt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •