CVSS: 6.0EPSS: 0%CPEs: 668EXPL: 0CVE-2022-21233 – hw: cpu: Intel: Stale Data Read from legacy xAPIC vulnerability
https://notcve.org/view.php?id=CVE-2022-21233
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. Un aislamiento inapropiado de los recursos compartidos en algunos procesadores Intel(R) puede permitir que un usuario privilegiado permita potencialmente la divulgación de información a través del acceso local. A flaw was found in hw. The APIC can operate in xAPIC mode (also known as a legacy mode), in which APIC configuration registers are exposed through a memory-mapped I/O (MMIO) page. This flaw allows an attacker who can execute code on a target CPU to query the APIC configuration page. • https://lists.debian.org/debian-lts-announce/2023/04/msg00000.html https://security.netapp.com/advisory/ntap-20220923-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html https://access.redhat.com/security/cve/CVE-2022-21233 https://bugzilla.redhat.com/show_bug.cgi?id=2115640 https://access.redhat.com/solutions/6971358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 983EXPL: 0CVE-2022-26373 – hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions
https://notcve.org/view.php?id=CVE-2022-26373
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Una compartición no transparente de objetivos de predicción de retorno entre contextos en algunos procesadores Intel(R) puede permitir que un usuario autorizado permita potencialmente la divulgación de información por medio de acceso local. A flaw was found in hw. In certain processors with Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. • https://lists.debian.org/debian-lts-announce/2022/09/msg00011.html https://lists.debian.org/debian-lts-announce/2022/10/msg00000.html https://security.netapp.com/advisory/ntap-20221007-0005 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00706.html https://access.redhat.com/security/cve/CVE-2022-26373 https://bugzilla.redhat.com/show_bug.cgi?id=2115065 https://access.redhat.com/solutions/6971358 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 2CVE-2022-21225 – Intel Data Center Manager 4.1 SQL Injection
https://notcve.org/view.php?id=CVE-2022-21225
Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. La neutralización inadecuada en el software Intel(R) Data Center Manager antes de la versión 4.1 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a través del acceso adyacente Intel Data Center Manager's endpoint at "/DcmConsole/DataAccessServlet?action=getRoomRackData" is vulnerable to an authenticated, blind SQL injection attack when user-supplied input to the HTTP POST parameter "dataName" is processed by the web application. Versions 4.1 and below are affected. • http://packetstormsecurity.com/files/170180/Intel-Data-Center-Manager-4.1-SQL-Injection.html http://seclists.org/fulldisclosure/2022/Dec/1 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00662.html •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-44545
https://notcve.org/view.php?id=CVE-2021-44545
Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. Una comprobación de entrada inapropiada para algunos productos Intel(R) PROSet/Wireless WiFi y Killer(TM) WiFi puede permitir que un usuario no autenticado habilite potencialmente la denegación de servicio por medio de un acceso adyacente. • https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00621.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-28697
https://notcve.org/view.php?id=CVE-2022-28697
Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Un control de acceso inapropiado en el firmware para Intel(R) AMT e Intel(R) Standard Manageability puede permitir que un usuario no autenticado habilite potencialmente la escalada de privilegios por medio del acceso físico. • https://security.netapp.com/advisory/ntap-20221014-0004 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00709.html •