CVE-2025-27708

Out-of-bounds read in the firmware for some IntelR Converged Security and Management Engine CSME Firmware FW within Ring 0: Kernel may allow an information disclosure. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...

CVE-2025-27708

Out-of-bounds read in the firmware for some IntelR Converged Security and Management Engine CSME Firmware FW within Ring 0: Kernel may allow an information disclosure. System software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...

CVE-2025-27708

The CVE-2025-27708 entry describes an out-of-bounds read in Intel CSME firmware (Ring 0) that may allow information disclosure. A local attacker with privileged user rights and high attack complexity could expose data without user interaction, with confidentiality impact High and no integrity/ava...

EUVD-2018-15497

Malware in sbrugna...

EUVD-2025-24442

Malicious code in bioql PyPI...

CVE-2025-20037

Time-of-check time-of-use race condition in firmware for some IntelR Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2025-20067

Observable timing discrepancy in firmware for some IntelR CSME and IntelR SPS may allow a privileged user to potentially enable information disclosure via local access...

CVE-2025-20037

Time-of-check time-of-use race condition in firmware for some IntelR Converged Security and Management Engine may allow a privileged user to potentially enable escalation of privilege via local access...

PT-2025-32698

Name of the Vulnerable Software and Affected Versions: IntelR CSME and IntelR SPS affected versions not specified Description: An observable timing discrepancy in firmware may allow a privileged user to potentially enable information disclosure via local access. Recommendations: At the moment,...

The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine (CSME) arises from improper initialization of resources, allowing attackers to disclose protected information.

The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine CSME is related to improper initialization of resources. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine (CSME) is related to incorrect default permissions, allowing attackers to increase their privileges.

The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine CSME is related to incorrect default permissions. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of software for remote management and monitoring of the Intel Converged Security and Manageability Engine (CSME) arises from insufficient validation of input data. This allows attackers to increase their privileges.

The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine CSME is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

Intel Converged Security and Management Engine Input Validation Error Vulnerability

Intel Converged Security and Management Engine CSME is a security management engine from Intel Corporation USA. An input validation error vulnerability exists in Intel Converged Security and Management Engine versions prior to 2328.5.5.0, which stems from the presence of an input validation error...

2024.1 IPU - Intel® Chipset Software and SPS Advisory

Summary: Potential security vulnerabilities in the Intel® Converged Security Management Engine CSME installer, Intel® Local Manageability Service software and Intel® Server Platform Servcies SPS may allow information disclosure, escalation of privilege, or denial of service. Vulnerability Details...

CVE-2022-38102

Improper Input validation in firmware for some IntelR Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access...

Input validation

Improper Input validation in firmware for some IntelR Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access...

K54380426: Intel CPU vulnerability CVE-2018-3643

Security Advisory Description A vulnerability in Power Management Controller firmware in systems using specific Intel Converged Security and Management Engine CSME before version 12.0.6 or Intel Server Platform Services firmware before version 4.x.04 may allow a privileged user to potentially...

SUSE CVE-2019-11110

Authentication bypass in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access...

多款Intel产品安全漏洞

Intel Converged Security and Management Engine CSME, etc. are products of Intel Corporation, USA. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services SPS is a server platform service program. Intel Converged Security and Management Engine...

2020.2 IPU – Intel® CSME, SPS, TXE, and AMT Advisory

Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Server Platform Services SPS, Intel® Trusted Execution Engine TXE, Intel® Dynamic Application Loader DAL, Intel® Active Management Technology AMT, Intel® Standard Manageability ISM and Intel®...