345 matches found
CVE-2021-0119
CVE-2021-0119 stems from improper initialization in Intel processor firmware that can allow a local attacker with physical access to escalate privileges. Connected advisories confirm affected platforms (e.g., IBM QRadar appliances M5/M6, certain Oracle/Red Hat/HP/F5-guided deployments) and descri...
CVE-2021-0156
CVE-2021-0156 involves Intel processor firmware and is caused by improper input validation, enabling a local authenticated user to potentially escalate privileges. Public sources in the provided documents indicate vulnerable firmware on specific platforms (e.g., VELOS CX410 and VELOS BX110 blades...
CVE-2020-16593
CVE-2020-16593 is a Null Pointer Dereference in the Binary File Descriptor (BFD) library (libbfd) as distributed in GNU Binutils 2.35, in scan_unit_for_symbols (addr2line demonstrated), leading to denial of service via a crafted file. Connected sources confirm the issue exists in Binutils compone...
CVE-2020-35494
CVE-2020-35494 targets GNU Binutils: a flaw in /opcodes/tic4x-dis.c can cause a denial of service via processing crafted input, due to use of uninitialized memory. Affected are binutils versions prior to 2.34. Impact is availability (partial confidentiality/none integrity per description). The co...
CVE-2021-0124
CVE-2021-0124 describes improper access control in Intel processor firmware that could let a privileged user escalate privileges with physical/local access. The vulnerability is documented across multiple sources (NVD entry; IBM QRadar advisories; F5 advisory) and is associated with privilege esc...
CVE-2020-12357
CVE-2020-12357 describes an improper initialization in the firmware for some Intel processors that could allow a privileged user to escalate privileges via local access. The vulnerability is documented in Intel’s IPU BIOS advisory (INTEL-SA-00463) and is linked to the same family of processor fir...
CVE-2019-14574
Intel Graphics Driver for Windows/Linux before 26.20.100.7209 contains an out-of-bounds read in a subsystem that may allow an authenticated local user to cause a denial of service. Affected products include Intel Graphics Driver versions prior to 26.20.100.7209. Mitigation: update to 26.20.100.72...
CVE-2020-12356
CVE-2020-12356 is an Intel AMT/CSME vulnerability (Out-of-bounds read) that affects AMT/ISM/CSME subsystems prior to specific builds: versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. The issue can allow a privileged user to disclose information via local access; CVSS3.1 vector in...
CVE-2020-35495
CVE-2020-35495 is a null pointer dereference in binutils/bfd/pef.c (bfd_pef_parse_symbols) triggered by specially crafted input processed by objdump. It affects Binutils prior to 2.34 and can impact availability via crash. Remediation is upgrading to a newer Binutils version; IBM/Netezza advisori...
CVE-2021-0117
CVE-2021-0117 describes pointer issues in Intel processor firmware that may allow a local attacker to escalate privileges. The vulnerability is rooted in firmware handling, with impacts described as local privilege escalation and, per some sources, possible denial of service or information disclo...
CVE-2018-5737
CVE-2018-5737 concerns ISC BIND 9.12.x. The issue arises from the implementation of the new serve-stale feature, which can trigger an assertion failure in rbtdb.c even when stale-answer-enable is off. Additionally, interaction between serve-stale and NSEC aggressive negative caching can, in some ...
CVE-2020-8754
Intel AMT/ISM subsystem contains an out-of-bounds read vulnerability (CVE-2020-8754) that could allow unauthenticated information disclosure over the network. Affected versions include Intel AMT/ISM before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45. Intel’s advisory and vendor advisories in...
CVE-2020-8746
CVE-2020-8746 concerns Intel AMT/CSME subsystem integer overflow that could allow a remote unauthenticated actor to cause denial of service via adjacent access. Connected sources confirm the issue affects Intel AMT/CSME/ISM stack versions before specific fixes (11.8.82/11.12.82/11.22.82/12.0.70/1...
CVE-2021-0115
CVE-2021-0115 describes a buffer overflow in Intel processor firmware that may allow a local, authenticated attacker to escalate privileges. Public documents confirm the issue exists in firmware and is addressable by vendor-provided updates. IBM/F5 advisories list affected products and remediatio...
CVE-2020-8757
CVE-2020-8757 involves an out-of-bounds read in the Intel AMT subsystem that can allow a privileged local user to escalate privileges. Affected: Intel AMT/CSME family before versions 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 (and related AMT/ISM components per Intel advisories). Root cause...
CVE-2020-8760
CVE-2020-8760 is an Intel AMT/CSME-related issue described as an integer overflow in the subsystem affecting AMT/CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45. The vulnerability may allow a privileged user to escalate privileges via local access. Public sources in connected d...
CVE-2019-11111
Summary: CVE-2019-11111 is a pointer corruption vulnerability in the Unified Shader Compiler of Intel Graphics Drivers prior to 10.18.14.5074 (≈15.36.x.5074) that may allow an authenticated local attacker to escalate privileges. Affected component: Intel Graphics Drivers (Unified Shader Compiler,...
CVE-2019-11112
Summary: CVE-2019-11112 is a memory corruption vulnerability in the Intel Graphics Driver for Windows/Linux ( Kernel Mode Driver) prior to 26.20.100.6813 (DCH) or 26.20.100.6812. Affected: Intel Graphics Driver for Windows and i915 Linux driver; impact: potential escalation of privilege to an aut...
CVE-2019-11113
CVE-2019-11113 is a buffer overflow in the Kernel Mode module of the Intel Graphics Driver. Affected: Intel Graphics Driver kernel mode component prior to 25.20.100.6618 (DCH) or 21.20.x.5077 (aka15.45.5077). Impact: may allow a privileged user to potentially enable information disclosure via loc...
CVE-2021-0111
CVE-2021-0111 is a NULL pointer dereference in the firmware for some Intel processors that could allow a local attacker to escalate privileges. The vulnerability is described in multiple sources (NVD entry for CVE-2021-0111 and vendor advisories) as a local-firmware issue with potential privilege...
CVE-2021-0118
CVE-2021-0118 involves an out-of-bounds read in Intel processor firmware that could enable local privilege escalation. Public documents confirm affected surface as Intel processor firmware with local access as the attack vector. IBM and F5 advisories reference this CVE among a family of firmware ...
CVE-2021-0099
CVE-2021-0099 describes insufficient control-flow management in the firmware of some Intel processors, potentially allowing an authenticated local attacker to escalate privileges. The CVE is discussed across multiple sources in the Connected documents, which identify affected platforms and remedi...
CVE-2021-0125
CVE-2021-0125 is a confirmed Intel processor firmware vulnerability caused by improper initialization that can enable privilege escalation with physical/local access. Connected sources name affected platforms and vendor advisories; e.g., IBM QRadar M6/M5 firmware lines and IBM Cloud Pak System up...
CVE-2021-0092
The CVE-2021-0092 entry describes an Improper access control in Intel processor firmware that could allow a local privileged user to cause a denial of service. Public documents tie this to firmware on Intel CPUs and list affected environments (e.g., IBM QRadar SIEM appliances with M5/M6 firmware,...
CVE-2021-20226
CVE-2021-20226 describes a use-after-free in the Linux kernel io_uring subsystem. The root cause is a failure to validate an object’s existence before operations by not incrementing the file reference counter while in use. This can allow a local attacker with user privileges to trigger a denial o...
CVE-2019-14591
CVE-2019-14591 affects Intel Graphics Driver (Windows/Linux) prior to 26.20.100.7209. The root cause is improper input validation in the API, and an authenticated user could potentially trigger a denial of service via local access. References from NVD indicate a CVSSv3.1 base score of 5.5 (Medium...
CVE-2019-11089
Intel Graphics Driver Kernel Mode module vulnerable to insufficient input validation before version 25.20.100.6519, potentially enabling local denial of service by an authenticated user. Affected products include Intel Graphics Driver on Windows and Linux (Kernel Mode Driver). Remediation: update...
CVE-2020-27730
CVE-2020-27730 affects the NGINX Controller Agent : versions 1.0.1, 2.0.0–2.9.0, and 3.0.0–3.9.0 do not use absolute paths when invoking system utilities, enabling a local attacker to escalate privileges to root and execute arbitrary code. Public disclosures from Red Hat and F5 corroborate the vu...
CVE-2021-0091
CVE-2021-0091 is an Intel processor firmware vulnerability described as improper access control that could allow a local attacker to escalate privileges. Public documents in the set identify affected platforms (e.g., some Intel firmware on targeted hardware such as IBM QRadar-related components a...
CVE-2020-15852
CVE-2020-15852 affects Linux kernel 5.5–5.7.9 (and Xen via 4.13.x for x86 PV guests). The issue stems from mishandling of tss_invalidate_io_bitmap, causing desynchronization between TSS I/O bitmaps and Xen, which may let an attacker gain I/O port permissions of an unrelated task. Public advisorie...
CVE-2020-24486
CVE-2020-24486 is an Intel firmware vulnerability caused by improper input validation in the firmware of some Intel processors. An authenticated local attacker could potentially cause a denial of service. The issue is described in Intel’s advisory as part of a family of firmware vulnerabilities; ...
CVE-2021-0093
CVE-2021-0093: Incorrect default permissions in the firmware for some Intel processors may allow a local privileged user to cause a denial of service. The CVE is linked with multiple vendor advisories (IBM QRadar, F5 advisories, HP/Intel BIOS updates, and IBM/NCSC notes) that reference vulnerable...
CVE-2020-25221
CVE-2020-25221 affects Linux kernel 5.7.x and 5.8.x before 5.8.7. The vulnerability arises in get_gate_page() implemented in mm/gup.c, due to incorrect reference counting of the backing struct page for the vsyscall page, causing a refcount underflow. It can be triggered by any 64-bit process that...
CVE-2020-8670
CVE-2020-8670 is a race-condition flaw in Intel processor firmware that could allow a local privileged attack. No public exploits are known in the provided documents. Affected data indicates local access is required, with INTEL-SA advisories (INTEL-SA-00463) and related mitigations referenced by ...
CVE-2020-8738
CVE-2020-8738 is tied to Intel BIOS platform sample code with an improper conditions check that may allow a locally authenticated user to escalate privileges on certain Intel processors. The CVE is detailed in Intel advisory Intel-SA-00390, which also covers related CVEs (8739, 8740, 8764) and ma...
CVE-2020-0590
CVE-2020-0590 describes improper input validation in BIOS firmware for some Intel processors, potentially allowing privilege escalation via local access for an authenticated user. Public documents identify the vulnerability and note mitigations via BIOS updates. Affected platforms span multiple I...
CVE-2020-8700
Affected software/hardware: Intel processors firmware. Root cause: Improper input validation in the firmware. Impact: Privilege escalation via local access by a privileged user; confidentiality, integrity, and availability may be affected (CVSS v3.1 base 6.7). Exploitation info: Not detailed in t...
CVE-2019-14590
CVE-2019-14590 affects Intel Graphics Driver (Windows/Linux) prior to 26.20.100.7209. The issue is improper access control in the API, which could allow an authenticated local attacker to disclose information. Affected components include Intel Graphics Driver APIs; root cause is access-control we...
CVE-2020-12360
CVE-2020-12360 describes an out-of-bounds read in the firmware of some Intel processors that could allow a local, authenticated attacker to escalate privileges. Affected items include various Intel-enabled systems where firmware/UEFI code handles memory bounds improperly. Mitigations are vendor-s...
CVE-2023-28656
CVE-2023-28656 – NGINX Management Suite : An authenticated attacker may bypass authorization to access configuration objects outside their assigned environment, a control-plane issue with no data-plane exposure reported. The vulnerability affects NGINX Management Suite components (NGINX Instance ...
CVE-2021-0107
CVE-2021-0107: Unchecked return value in the firmware for Intel processors can allow a local attacker to escalate privileges. Documented impact indicates local access is required and the consequence is elevated privileges, not remote code execution. Affected items include Intel processor firmware...
CVE-2020-12359
CVE-2020-12359 concerns Intel processor firmware with insufficient control flow management. The vulnerability could allow an unauthenticated user to escalate privileges via physical access. Connected sources tie this to Intel processor firmware issues and list remediation paths in affected IBM Cl...
CVE-2020-8703
The CVE-2020-8703 issue is an Intel CSME subsystem vulnerability caused by improper buffer restrictions. Affected firmwares include Intel CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22, potentially allowing a privileged user to escalate ...
CVE-2020-5867
The CVE-2020-5867 issue affects the NGINX Controller Agent installer script (install.sh) used by the NGINX Controller. In versions prior to 3.3.0, it uses HTTP instead of HTTPS to check and install packages, creating a MITM risk where malicious packages could be forged and installed on affected N...
CVE-2020-5865
The CVE-2020-5865 issue affects NGINX Controller versions prior to 3.3.0, where the Controller communicates with its Postgres database over unencrypted channels. This enables man-in-the-middle interception of data in transit and, as described in the advisory, could allow an attacker to modify use...