CVSS: 6.5EPSS: 0%CPEs: 758EXPL: 0CVE-2018-3629
https://notcve.org/view.php?id=CVE-2018-3629
Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet. Desbordamiento de búfer en el manipulador de eventos en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x y 11.x podría permitir que un atacante provoque una denegación de servicio (DoS) mediante la misma subred. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 164EXPL: 0CVE-2018-3652
https://notcve.org/view.php?id=CVE-2018-3652
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces. Las restricciones de configuración UEFI existentes para DCI (Direct Connect Interface) en la familia E3 de procesadores Intel Xeon de 5ª y 6ª generación, los procesadores Intel Xeon Scalable y la familia D de procesadores Intel Xeon permiten que un atacante con presencia física limitada acceda potencialmente a los secretos de la plataforma mediante las interfaces de depuración. • https://security.netapp.com/advisory/ntap-20180802-0001 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00127.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 758EXPL: 0CVE-2018-3632
https://notcve.org/view.php?id=CVE-2018-3632
Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system. Corrupción de memoria en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 6.x, 7.x, 8.x, 9.x, 10.x, 11.0, 11.5, 11.6, 11.7, 11.10 y 11.20 podría ser provocada por un atacante con permisos de administrador locales en el sistema. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 761EXPL: 0CVE-2018-3628
https://notcve.org/view.php?id=CVE-2018-3628
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet. Desbordamiento de búfer en el manipulador HTTP en Intel Active Management Technology en Intel Converged Security Manageability Engine con versiones de firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x y 11.x podría permitir que un atacante ejecute código arbitrario mediante la misma subred. • http://www.securitytracker.com/id/1041362 https://security.netapp.com/advisory/ntap-20190327-0001 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03868en_us https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 1095EXPL: 0CVE-2018-3693 – Kernel: speculative bounds check bypass store
https://notcve.org/view.php?id=CVE-2018-3693
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis. Los sistemas con microprocesadores que emplean la ejecución especulativa y la predicción de ramas podría permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un desbordamiento de búfer especulativo y el análisis de canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://access.redhat.com/errata/RHSA-2018:2384 https://access.redhat.com/errata/RHSA-2018:2390 https://access.redhat.com/errata/RHSA-2018:2395 https://access.redhat.com/errata/RHSA-2019:1946 https://access.redhat.com/errata/RHSA-2020:0174 https://cdrdv2.intel.com/v1/dl/getContent/685359 https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 https://security.netapp.com/advisory/ntap-20180823-0001 https://www.oracle.com/s • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •