PT-2023-24080 · Mediatek · Mediatek Chipset

Name of the Vulnerable Software and Affected Versions: MediaTek Chipset affected versions not specified Description: In display, there is a possible out of bounds read due to an incorrect status check. This could lead to local information disclosure with System execution privileges needed. User...

Intel Chipset Device Software Installed (Windows)

Binary data intelchipsetdevicesoftwarewininstalled.nbin...

Intel Chipset Device Software < 10.1.19444.8378 Escalation of Privilege

The version of Intel Chipset Device Software installed on the remote Windows host is prior to 10.1.19444.8378. It is, therefore, affected by multiple vulnerabilities: - Due to an uncontrolled search path element, an authenticated, local attacker can elevate their privileges. CVE-2023-28388,...

Intel Chipset Device Software November 2023 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

CVE-2023-28388

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28388

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

Design/Logic Flaw

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28388

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28388

Uncontrolled search path element in some IntelR Chipset Device Software before version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-28388

CVE-2023-28388 affects Intel® Chipset Device Software prior to version 10.1.19444.8378. Affected component vulnerability is an uncontrolled search path element that could let an authenticated, local attacker escalate privileges. Intel’s advisory (Intel-SA-00870) confirms the vulnerability and rec...

Intel Chipset Device Software Security Vulnerability

Intel Chipset Device Software is a chipset firmware update utility from Intel Corporation USA. A security vulnerability exists in Intel Chipset Device Software. An attacker exploiting this vulnerability could cause an escalation of privileges...

Intel® Chipset Device Software Advisory

Summary: A potential security vulnerability in some Intel® Chipset Device Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-28388 Description: Uncontrolled search path element in some...

CVE-2023-34195

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

Information disclosure

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

CVE-2023-34195

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

CVE-2023-34195

Insyde InsydeH2O (kernel 5.0–5.5) contains a vulnerability in SystemFirmwareManagementRuntimeDxe where GetImage reads a runtime variable GetImageProgress and later uses its value as a function pointer. The GetImageProgress variable is wiped by the same module before function end. If an OS sets th...

UNISOC Chipsets Security Vulnerability

UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in UNISOC Chipsets that stems from a possible lack of privilege checking in the vowifi service...

CVE-2023-22841

Unquoted search path in the software installer for the System Firmware Update Utility SysFwUpdt for some IntelR Server Boards and IntelR Server Systems Based on IntelR 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access...

Code injection

Unquoted search path in the software installer for the System Firmware Update Utility SysFwUpdt for some IntelR Server Boards and IntelR Server Systems Based on IntelR 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-22841

Unquoted search path in the software installer for the System Firmware Update Utility SysFwUpdt for some IntelR Server Boards and IntelR Server Systems Based on IntelR 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access...