318 matches found
CVE-2024-21939
CVE-2024-21939 concerns the AMD Cloud Manageability Service (ACMS). The connected AMD advisory documents indicate the issue stems from incorrect default ACL permissions in the ACMS Software installation directory, enabling a low-privileged local attacker to escalate privileges and potentially exe...
AMD Cloud Manageability Service 安全漏洞
AMD Cloud Manageability Service is a software product within the AMD Manageability solution from UltraMicroelectronics AMD that enables IT administrators to manage AMD devices that are not on the corporate network. AMD Cloud Manageability Service has a security vulnerability that stems from...
PT-2024-19122 · Amd · Amd Cloud Manageability Service
Name of the Vulnerable Software and Affected Versions: AMD Cloud Manageability Service ACMS Software affected versions not specified Description: The issue is related to incorrect default permissions in the installation directory of the AMD Cloud Manageability Service ACMS Software. This could...
AMD Cloud Manageability Service Incorrect Default Permissions Vulnerability
Bulletin ID: AMD-SB-9006 Potential Impact: Incorrect Default Permissions Leading to Arbitrary Execution Severity: High Summary A researcher reported an incorrect default permissions vulnerability within the AMD Cloud Manageability Service ACMS Software. ACMS is designed to help enable IT...
CVE-2023-38655
CVE-2023-38655 concerns improper buffer restrictions in firmware for Intel® AMT and Intel® Standard Manageability. The vulnerability could allow a privileged attacker to cause a denial of service over the network. Connected sources corroborate the issue within Intel chipset firmware/CSME/AMT ecos...
PT-2024-7105 · Intel · Intel Converged Security/Manageability Engine
Name of the Vulnerable Software and Affected Versions: Intel Converged Security and Manageability Engine CSME affected versions not specified Description: The issue is related to insufficient input validation in the Intel Converged Security and Manageability Engine CSME firmware, which may allow ...
PT-2024-7103 · Intel · Intel Csme
Name of the Vulnerable Software and Affected Versions: IntelR CSME affected versions not specified Description: The issue is related to an unchecked return value in the firmware of some Intel Converged Security and Manageability Engine CSME subsystems. This may allow an unauthenticated user with...
UBUNTU-CVE-2022-37341
Improper access control in some IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access...
PT-2024-11602 · Intel · Intel Ethernet Adapters +1
Name of the Vulnerable Software and Affected Versions: IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware affected versions not specified Description: The issue is related to improper access control in the firmware of certain Intel Ethernet Adapters and Intel...
The vulnerability of software for remote management and monitoring of the Intel Local Manageability Service arises from insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.
The vulnerability of the software for remote management and monitoring of the Intel Local Manageability Service is related to insufficient protection of registration data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of software for remote management and monitoring of the Intel Converged Security and Manageability Engine (CSME) arises from insufficient validation of input data. This allows attackers to increase their privileges.
The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine CSME is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine (CSME) is related to incorrect default permissions, allowing attackers to increase their privileges.
The vulnerability of the software for remote management and monitoring of the Intel Converged Security and Manageability Engine CSME is related to incorrect default permissions. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2023-27502
Insertion of sensitive information into log file for some IntelR Local Manageability Service software before version 2316.5.1.2 may allow an authenticated user to potentially enable information disclosure via local access...
CVE-2023-27502
Intel Local Manageability Service prior to v2316.5.1.2 is affected by CVE-2023-27502, which enables potential information disclosure via local access through log message disclosure. The issue is limited to authenticated Local Manageability Service users and involves sensitive data being written i...
Intel Local Manageability Service Log Information Disclosure Vulnerability
Intel Local Manageability Service is a management engine from Intel Corporation USA designed to help IT administrators manage computers and devices in an organization over a local network or remote connection. Intel Local Manageability Service versions prior to 2316.5.1.2 are vulnerable to a log...
Intel 2024.1 IPU - Chipset Software March 2024 Security Update
Intel has informed HP of potential security vulnerabilities in the Intel® Converged Security Management Engine CSME installer and Intel® Local Manageability Service software which may allow escalation of privilege or information disclosure. Intel is releasing updates to mitigate these potential...
2024.1 IPU - Intel® Chipset Software and SPS Advisory
Summary: Potential security vulnerabilities in the Intel® Converged Security Management Engine CSME installer, Intel® Local Manageability Service software and Intel® Server Platform Servcies SPS may allow information disclosure, escalation of privilege, or denial of service. Vulnerability Details...
The vulnerability of the Manageability Engine (ME) in Intel Server Platform Services (SPS) software for Lenovo ThinkSystem servers allows a malicious actor to alter the firmware configuration and trigger a service failure.
The vulnerability of the Manageability Engine ME in Intel Server Platform Services SPS of Lenovo ThinkSystem servers stems from the synchronization failure between BIOS/UEFI and ME states due to the use of non-replicable configurations. Exploiting this vulnerability can allow an attacker to alter...
CVE-2021-33142
Improper input validation in some IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access...
CVE-2021-33157
Insufficient control flow management in some IntelR Ethernet Adapters and IntelR Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access...