252 matches found
CVE-2021-0060
Insufficient compartmentalization in HECI subsystem for the IntelR SPS before versions SPSE504.01.04.516.0, SPSE504.04.04.033.0, SPSE504.04.03.281.0, SPSE503.01.03.116.0, SPSE305.01.04.309.0, SPS02.04.00.101.0, SPSSoC-A05.00.03.114.0, SPSSoC-X04.00.04.326.0, SPSSoC-X03.00.03.117.0,...
CVE-2021-0132
Missing release of resource after effective lifetime in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0133
Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...
CVE-2021-0133
Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...
CVE-2021-0132
Missing release of resource after effective lifetime in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0131
Use of cryptographically weak pseudo-random number generator PRNG in an API for the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access...
CVE-2021-0134
Improper input validation in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0131
Use of cryptographically weak pseudo-random number generator PRNG in an API for the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access...
CVE-2021-0051
Improper input validation in the IntelR SPS versions before SPSE504.04.04.023.0, SPSE504.04.03.228.0 or SPSSoC-A05.00.03.098.0 may allow a privileged user to potentially enable denial of service via local access...
Information disclosure
Use of cryptographically weak pseudo-random number generator PRNG in an API for the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable information disclosure via network access...
Authentication flaw
Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...
Input validation
Improper input validation in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0134
Improper input validation in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0131
The CVE-2021-0131 issue is documented across multiple sources as a vulnerability in the Intel® Security Library prior to version 3.3, caused by the use of a cryptographically weak pseudo-random number generator (PRNG). An authenticated user could potentially disclose information over the network ...
CVE-2021-0132
Missing release of resource after effective lifetime in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...
CVE-2021-0132
The CVE-2021-0132 entry concerns the Intel® Security Library prior to version 3.3, where a missing release of resources after their effective lifetime in an API may let a privileged user cause a denial of service over the network. Affected products include Intel Security Library components used i...
CVE-2021-0133
The CVE-2021-0133 issue affects Intel® Security Library prior to 3.3. It is caused by a key exchange that is not entity-authenticated, which may allow an authenticated user to escalate privileges via network access. Documents consistently identify the vulnerable component as the Intel Security Li...
CVE-2021-0133
Key exchange without entity authentication in the IntelR Security Library before version 3.3 may allow an authenticated user to potentially enable escalation of privilege via network access...
Important: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update
An update for microcodectl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
PT-2021-12919 · Intel · Intel Security Library
Name of the Vulnerable Software and Affected Versions: IntelR Security Library versions prior to 3.3 Description: The issue is related to a missing release of resource after its effective lifetime in an API, which may allow a privileged user to potentially enable denial of service via network...