218 matches found
Code injection
Uncontrolled search path in the installer for IntelR RSTe Software RAID Driver for the IntelR Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-12301
Improper initialization in BIOS firmware for IntelR Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access...
Authentication flaw
Improper authentication in socket services for some IntelR Server Boards, Server Systems and Compute Modules before version 2.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access...
Authentication flaw
Improper authentication for some IntelR Server Boards, Server Systems and Compute Modules before version 1.59 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-0541
Out-of-bounds write in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access...
Input validation
Improper input validation in the DAL subsystem for IntelR CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and IntelR TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access...
Design/Logic Flaw
Improper buffer restrictions in subsystem for IntelR CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5670 advisory. - brcmfmac: add subtype check for event handling in data path John Donnelly Orabug: 30776354 CVE-2019-9503 - mwifiex: pcie: Fix memory leak in...
Buffer overflow
Improper buffer restrictions in firmware for some IntelR NUC may allow an authenticated user to potentially enable escalation of privilege via local access...
USN-4302-1: Linux kernel vulnerabilities
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information. CVE-2020-2732 Gregory Herrero discovere...
USN-4301-1: Linux kernel vulnerabilities
It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...
Design/Logic Flaw
Unquoted service path in IntelR OptaneTM DC Persistent Memory Module Management Software before version 1.0.0.3461 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access...
CVE-2020-0520
CVE-2020-0520 is a path traversal vulnerability in igdkmd64.sys affecting Intel Graphics Drivers prior to 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100. The underlying issue allows an authenticated local attacker with low privileges to potentially escalate privileges or cause a De...
CVE-2020-0506
Improper initialization in IntelR Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access...
Input validation
Improper permissions in the installer for IntelR RWC3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2019-14598
Improper Authentication in subsystem in IntelR CSME versions 12.0 through 12.0.48 IOT only: 12.0.56, versions 13.0 through 13.0.20, versions 14.0 through 14.0.10 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access...
CVE-2020-0563
Improper permissions in the installer for IntelR MPSS before version 3.8.6 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2019-11106
Insufficient session validation in the subsystem for IntelR CSME before versions 11.8.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege via local access...
Input validation
Insufficient input validation in IntelR DAL software for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access...
Input validation
Insufficient input validation in the subsystem for IntelR CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; IntelR TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable escalation of privilege, information disclosure or denial of...