GHSA-G644-PR5V-VPPF Insertion of Sensitive Information into Log File in Apache NiFi Stateless

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext...

Multiple vulnerabilities fixed in Intel systems

Intel has fixed several vulnerabilities in Converged Security and Manageability Engine CSME, Server Platform Services SPS, Trusted Execution Engine TXE, Dynamic Application Loader DAL, Active Management Technology AMT and Standard Manageability ISM. Malicious parties can exploit the vulnerabiliti...

CVE-2020-12303

Use after free in DAL subsystem for IntelR CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, IntelR TXE 3.1.80, 4.0.30 may allow an authenticated user to potentially enable escalation of privileges via local access...

CVE-2020-0545

Integer overflow in subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77 and IntelR TXE versions before 3.1.75, 4.0.25 and IntelR Server Platform Services SPS versions before SPSE504.01.04.380.0, SPSSoC-X04.00.04.128.0, SPSSoC-A04.00.04.211.0, SPSE304.01.04.109.0,...

CVE-2020-0566

Improper Access Control in subsystem for IntelR TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

CVE-2020-0536

Improper input validation in the DAL subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and IntelR TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access...

Intel TXE and CSME Path Traversal Vulnerability

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Intel CSME, TXE and SPS Input Validation Error Vulnerability

Intel Converged Security and Management Engine CSME, etc. are products of Intel Corporation, USA. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services SPS is a server platform service program. Intel Converged Security and Management Engine...

Vulnerabilities fixed in Intel products

Intel has fixed vulnerabilities in Intel Converged Security and Manageability Engine CSME, Intel Server Platform Services SPS, Intel Trusted Execution Engine TXE, Intel Active Management Technology AMT, Intel Standard Manageability ISM and Intel Dynamic Application Loader DAL. The above products...

HPSBHF03667 rev. 2 - Intel® 2020.1 IPU - CSME, SPS, TXT, AMT and DAL Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported By: Intel® VULNERABILITY SUMMARY HP has been notified by Intel of potential security vulnerabilities in the Intel® Converged Security and...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

Lenovo Security Advisory: LEN-30041 Potential Impact: Privilege escalation, denial of service, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2020-0542, CVE-2020-0532, CVE-2020-0538, CVE-2020-0534, CVE-2020-0541, CVE-2020-0533, CVE-2020-0537, CVE-2020-053...

Intel CSME, SPS, TXE, AMT and DAL Advisory - Lenovo Support US

No description provided...

CVE-2020-1963

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

[SECURITY] Fedora 32 Update: bubblewrap-0.4.1-1.fc32

Bubblewrap /usr/bin/bwrap is a core execution engine for unprivileged containers that works as a setuid binary on kernels without user namespaces...

CVE-2019-11102

Insufficient input validation in IntelR DAL software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...

CVE-2019-11090

Cryptographic timing conditions in the subsystem for IntelR PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; IntelR TXE 3.1.70 and 4.0.20; IntelR SPS before versions SPSE504.01.04.305.0, SPSSoC-X04.00.04.108.0, SPSSoC-A04.00.04.191.0, SPSE304.01.04.086.0,...

CVE-2019-0168

Insufficient input validation in the subsystem for IntelR CSME before versions 11.8.70, 12.0.45 and 13.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...

Intel TXE and Intel Converged Security and Management Engine Code Issue Vulnerabilities

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Intel TXE and Intel Converged Security and Management Engine License Issue Vulnerability

Intel Converged Security and Management Engine CSME and Intel TXE are both products of Intel Corporation, U.S.A. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trust execution engine with hardware authentication capabilities for use in CPUs central...

Unspecified Vulnerability in Intel TXE and Intel Management Engine Consumer Driver

Intel TXE and Intel Management Engine Consumer Driver are both products of Intel Corporation, USA. Intel TXE is a Trusted Execution Engine with hardware validation for use in CPUs Central Processing Units.Intel Management Engine Consumer Driver is a management engine consumer driver. An unspecifi...