CVSS: 5.6EPSS: 0%CPEs: 1321EXPL: 0CVE-2020-0551
https://notcve.org/view.php?id=CVE-2020-0551
Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html Una inyección de valor de carga en algunos Procesadores Intel® que utilizan una ejecución especulativa puede permitir a un usuario autenticado habilitar potencialmente una divulgación de información por medio de un canal lateral con acceso local. La lista de productos afectados es proporcionada en intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html • https://security.netapp.com/advisory/ntap-20200320-0002 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html •
CVSS: 5.5EPSS: 0%CPEs: 1040EXPL: 0CVE-2019-14615 – kernel: Intel graphics card information leak.
https://notcve.org/view.php?id=CVE-2019-14615
Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access. El flujo de control insuficiente en determinadas estructuras de datos para algunos Procesadores de Intel(R) con Intel(R) Processor Graphics, puede permitir a un usuario no autenticado habilitar potencialmente una divulgación de información por medio de un acceso local. An information disclosure flaw was found in the Linux kernel. The i915 graphics driver lacks control of flow for data structures which may allow a local, authenticated user to disclose information when using ioctl commands with an attached i915 device. The highest threat from this vulnerability is to data confidentiality. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00021.html http://packetstormsecurity.com/files/156185/Kernel-Live-Patch-Security-Notice-LSN-0062-1.html http://packetstormsecurity.com/files/156455/Kernel-Live-Patch-Security-Notice-LSN-0063-1.html http://seclists.org/fulldisclosure/2020/Mar/31 https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html https://support.apple.com/kb/HT211100 https://usn.ubuntu.com/4253-1 https://usn.ubuntu.com/4253-2 https://us • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer •