CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36794
https://notcve.org/view.php?id=CVE-2022-36794
16 Feb 2023 — Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00718.html • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-36348
https://notcve.org/view.php?id=CVE-2022-36348
16 Feb 2023 — Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. • http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00718.html •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29515
https://notcve.org/view.php?id=CVE-2022-29515
11 Nov 2022 — Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access. La falta de liberación de memoria después de la vida útil efectiva del firmware para Intel(R) SPS anterior a las versiones SPS_E3_06.00.03.035.0 puede permitir que un usuario privilegiado habilite potencialmente la Denegación de Servicio (DoS) a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29466
https://notcve.org/view.php?id=CVE-2022-29466
11 Nov 2022 — Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access. Una validación de entrada incorrecta en el firmware para Intel(R) SPS anterior a la versión SPS_E3_04.01.04.700.0 puede permitir que un usuario autenticado habilite potencialmente la Denegación de Servicio (DoS) a través del acceso local. • https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00610.html • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-26074
https://notcve.org/view.php?id=CVE-2022-26074
18 Aug 2022 — Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access. Una saneo incompleto en un subsistema de firmware para Intel(R) SPS versiones anteriores a SPS_E3_04.08.04.330.0 y SPS_E3_04.01.04.530.0, puede permitir que un usuario privilegiado permita potencialmente la denegación de servicio por acceso local. • https://security.netapp.com/advisory/ntap-20220930-0003 • CWE-459: Incomplete Cleanup •
CVSS: 10.0EPSS: 94%CPEs: 398EXPL: 416CVE-2021-44228 – Apache Log4j2 Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-44228
10 Dec 2021 — Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.... • https://packetstorm.news/files/id/171626 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption CWE-502: Deserialization of Untrusted Data CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •
CVSS: 4.4EPSS: 0%CPEs: 29EXPL: 0CVE-2021-0051
https://notcve.org/view.php?id=CVE-2021-0051
09 Jun 2021 — Improper input validation in the Intel(R) SPS versions before SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 or SPS_SoC-A_05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access. Una comprobación de entrada inapropiada en lntel(R) SPS versiones anteriores a SPS_E5_04.04.04.023.0, SPS_E5_04.04.03.228.0 o SPS_SoC-A_05.00.03.098.0 puede habilitar a un usuario privilegiado para permitir potencialmente una denegación de servicio por medio de un acceso local • https://security.netapp.com/advisory/ntap-20210716-0001 • CWE-20: Improper Input Validation •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2020-24509
https://notcve.org/view.php?id=CVE-2020-24509
09 Jun 2021 — Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. Una administración insuficiente del flujo de control en el subsistema en Intel® SPS versiones anteriores a SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0 o SPS_E5_04.04.03.263.0, puede habilitar a un usuario privilegi... • https://security.netapp.com/advisory/ntap-20210611-0003 •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8755
https://notcve.org/view.php?id=CVE-2020-8755
12 Nov 2020 — Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Una condición de carrera en el subsistema para Intel® CSME versiones anteriores a 12.0.70 y 14.0.45, Intel® SPS versiones anteriores a E5_04.01.04.400 y E3_05.01.04.200, pueden habilitar a un usuario no autenticado para permitir potencialmente una escalada de pri... • https://security.netapp.com/advisory/ntap-20201113-0002 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-8705
https://notcve.org/view.php?id=CVE-2020-8705
12 Nov 2020 — Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 3.1.80 and 4.0.30, Intel(R) SPS versions before E5_04.01.04.400, E3_04.01.04.200, SoC-X_04.00.04.200 and SoC-A_04.00.04.300 may allow an unauthenticated user to potentially enable escalation of privileges via physical access. Una inicialización predeterminada no segura del resource en Intel® Boot Guard e... • https://security.netapp.com/advisory/ntap-20201113-0002 • CWE-1188: Initialization of a Resource with an Insecure Default •