VARIoT IoT vulnerabilities database

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. libssh2 Contains an integer overflow vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. libssh2 is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, perform unauthorized actions, cause denial-of-service conditions, retrieve sensitive information; other attacks may also be possible. It can execute remote commands and file transfers, and at the same time provide a secure transmission channel for remote programs. An integer overflow vulnerability exists in libssh2. The vulnerability is caused by the '_libssh2_transport_read()' function not properly checking the packet_length value from the server. CVE-2019-3855: Chris Coulson ld64 Available for: macOS Mojave 10.14.4 and later Impact: Compiling code without proper input validation could lead to arbitrary code execution with user privilege Description: Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. CVE-2019-8721: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8722: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8723: Pan ZhenPeng of Qihoo 360 Nirvan Team CVE-2019-8724: Pan ZhenPeng of Qihoo 360 Nirvan Team otool Available for: macOS Mojave 10.14.4 and later Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2019-8738: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team CVE-2019-8739: Pan ZhenPeng (@Peterpan0927) of Qihoo 360 Nirvan Team Installation note: Xcode 11.0 may be obtained from: https://developer.apple.com/xcode/downloads/ To check that the Xcode has been updated: * Select Xcode in the menu bar * Select About Xcode * The version after applying this update will be "11.0". 6) - i386, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: libssh2 security update Advisory ID: RHSA-2019:0679-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0679 Issue date: 2019-03-28 CVE Names: CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3863 ==================================================================== 1. Summary: An update for libssh2 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, noarch, ppc64le, s390x 3. Description: The libssh2 packages provide a library that implements the SSH2 protocol. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing these updated packages, all running applications using libssh2 must be restarted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm ppc64: libssh2-1.4.3-12.el7_6.2.ppc.rpm libssh2-1.4.3-12.el7_6.2.ppc64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm aarch64: libssh2-1.4.3-12.el7_6.2.aarch64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm ppc64le: libssh2-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-1.4.3-12.el7_6.2.s390.rpm libssh2-1.4.3-12.el7_6.2.s390x.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): aarch64: libssh2-debuginfo-1.4.3-12.el7_6.2.aarch64.rpm libssh2-devel-1.4.3-12.el7_6.2.aarch64.rpm noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm ppc64le: libssh2-debuginfo-1.4.3-12.el7_6.2.ppc64le.rpm libssh2-devel-1.4.3-12.el7_6.2.ppc64le.rpm s390x: libssh2-debuginfo-1.4.3-12.el7_6.2.s390.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.s390x.rpm libssh2-devel-1.4.3-12.el7_6.2.s390.rpm libssh2-devel-1.4.3-12.el7_6.2.s390x.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libssh2-1.4.3-12.el7_6.2.src.rpm x86_64: libssh2-1.4.3-12.el7_6.2.i686.rpm libssh2-1.4.3-12.el7_6.2.x86_64.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: libssh2-docs-1.4.3-12.el7_6.2.noarch.rpm x86_64: libssh2-debuginfo-1.4.3-12.el7_6.2.i686.rpm libssh2-debuginfo-1.4.3-12.el7_6.2.x86_64.rpm libssh2-devel-1.4.3-12.el7_6.2.i686.rpm libssh2-devel-1.4.3-12.el7_6.2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3855 https://access.redhat.com/security/cve/CVE-2019-3856 https://access.redhat.com/security/cve/CVE-2019-3857 https://access.redhat.com/security/cve/CVE-2019-3863 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXJznXNzjgjWX9erEAQiaLQ/+NOZQa78T9tZT0qw516dUqmfm8y03YJDd LDgRcAbSQIlYF59kO4SxBZ13APCc8ippJXzSeBS49AeQLdesjaj3bYnWXeAiDwIE wE2zqYhjBH3YUW8vmoP26sC4Ov8rijsevHQcn7PcRiTrR/gSdzU59LkxouyWokAC nFVzke+D7aQMFv6mo9EbEEH1Q85/WIfJKKB4XuCHM13L1ohLuVVQnsjxwZtq8hev FCQp1moLuyyvDGjEa0lhp05gqIoDGPccpAzlcbz/HWgkb/6nGOQeTsGkN4MPCqbA O5YilLdgg3/HASMhtWopCgLQucDI6UEdA4sqAmQFJT5sB19kfJVRDQYSKIim8Tno 7DICVw0x5p4YzexurImz5tORwsAhTsKt52Z32KEgaVfZLqBwdJP+l3mQaS4H9wZ7 z4hSB+EPaK6UbKJVq5D5/vhYJlQsSd8sDkLcz30UqNpY0o3LwqBK/8m8apikjxCu cdM0ykUZJsccAB0zwuteBP9dEvyUHFhSkpQgWDZIqHgOuE2jpCnIRpl3aRDgB+ND XkktDObjALWmIqg1Zs6+vLIDhGKG08ZNSpwaLZQrvFK59aGA/2BTDgupJh607Tv4 D/l/yO/KxEaUQa5zsFpej2gIfIFElzZc82/ZmWaViyALtpjJ/kKdC4Fzb5PlVIuH tLzz6XhldNU=R5e5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libssh2 (SSA:2019-077-01) New libssh2 packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz: Upgraded. Fixed several security issues. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libssh2-1.8.1-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libssh2-1.8.1-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libssh2-1.8.1-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libssh2-1.8.1-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 42862bdd55431f6c32f38250275b70fc libssh2-1.8.1-i586-1_slack14.2.txz Slackware x86_64 14.2 package: 3932a95faa37ee1575300fff666b1f4b libssh2-1.8.1-x86_64-1_slack14.2.txz Slackware -current package: a8a256fffd0ee22986b4a8ebeb1f6b68 l/libssh2-1.8.1-i586-1.txz Slackware x86_64 -current package: 14e5f9dd239afd45c3faa27fc02f7c25 l/libssh2-1.8.1-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libssh2-1.8.1-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4431-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 13, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libssh2 CVE ID : CVE-2019-3855 CVE-2019-3856 CVE-2019-3857 CVE-2019-3858 CVE-2019-3859 CVE-2019-3860 CVE-2019-3861 CVE-2019-3862 CVE-2019-3863 Debian Bug : 924965 Chris Coulson discovered several vulnerabilities in libssh2, a SSH2 client-side library, which could result in denial of service, information leaks or the execution of arbitrary code. For the stable distribution (stretch), these problems have been fixed in version 1.7.0-1+deb9u1. We recommend that you upgrade your libssh2 packages

The receiver (aka bridge) component of Fujitsu Wireless Keyboard Set LX901 GK900 devices allows Keystroke Injection. This occurs because it accepts unencrypted 2.4 GHz packets, even though all legitimate communication uses AES encryption. Fujitsu Wireless Keyboard Set LX901 The device contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fujitsu Wireless Keyboard Set LX901 is prone to a security-bypass vulnerability. Successfully exploiting this issue will allow an attacker to perform replay attacks. This may lead to other attacks. receiver is its receiver component. An attacker could exploit this vulnerability to inject keystrokes

CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser. CircuitWerkes Sicon-8 Contains an information disclosure vulnerability.Information may be obtained. CircuitWerkes Sicon-8 is a full-featured dial-up launch site controller produced by CircuitWerkes in the United States. The product supports recording voice responses, etc. A security vulnerability exists in CircuitWerkes Sicon-8. An attacker could exploit this vulnerability to read all configured tags and retrieve the state of the tag interface

Topvision CC8800 CMTS C-E devices allow remote attackers to obtain sensitive information via a direct request for /WebContent/startup.tar.gz with userName=admin in a cookie. Topvision CC8800 CMTS C-E The device contains an information disclosure vulnerability.Information may be obtained. Topvision CC8800 is a L2 C-DOCSIS coaxial access device produced by China Topvision Technology Co., Ltd. Security vulnerabilities exist in Topvision CC8800 series products

In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast. yast2-printer Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. yast2-printer is a printer configuration module. There is a security vulnerability in yast2-printer 4.0.2 and earlier versions. An attacker could exploit this vulnerability to execute code as root

Cobham Satcom Sailor 800 and 900 devices contained a vulnerability that allowed for arbitrary writing of content to the system's configuration file. This was exploitable via multiple attack vectors depending on the device's configuration. Further analysis also indicated this vulnerability could be leveraged to achieve a Denial of Service (DoS) condition, where the device would require a factory reset to return to normal operation. Cobham Satcom Sailor 800 and 900 The device contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. An access control error vulnerability exists in CobhamSatcomSailor800 and 900. Business

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file. CobhamSatcomSailor800 and CobhamSatcomSailor900 are both a shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor800 and 900. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained persistent XSS, which could be exploited by an unauthenticated threat actor via the /index.lua?pageID=Phone%20book name field. Cobham Satcom Sailor 250 and 500 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. A cross-site scripting vulnerability exists in CobhamSatcomSailor250 and 500 with firmware versions prior to 1.25. A remote attacker can exploit this vulnerability to inject executable JavaScript code with the help of the name field

Cobham Satcom Sailor 250 and 500 devices before 1.25 contained an unauthenticated password reset vulnerability. This could allow modification of any user account's password (including the default "admin" account), without prior knowledge of their password. All that is required is knowledge of the username and attack vector (/index.lua?pageID=Administration usernameAdmChange, passwordAdmChange1, and passwordAdmChange2 fields). Cobham Satcom Sailor 250 and 500 The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSatcomSailor250 and CobhamSatcomSailor500 are both shipborne maritime satellite broadband terminal equipment from Cobham, UK. There are security holes in CobhamSatcomSailor250 and 500 using firmware versions prior to 1.25

Opening a specially crafted LCDS LAquis SCADA before 4.3.1.71 ELS file may result in a write past the end of an allocated buffer, which may allow an attacker to execute remote code in the context of the current process. LCDS LAquis SCADA ELS File Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of ELS files. LCDS LAquis SCADA is a SCADA (Data Acquisition and Monitoring Control) system from LCDS, Brazil. The system is mainly used for data acquisition and process control of devices with communication technology. There is an out-of-bounds write vulnerability in LCDS LAquis SCADA. LAquis SCADA is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. LAquis SCADA 4.1.0.4150 is vulnerable; other versions may also be vulnerable

Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access. Intel CSME and TXE Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Content Protection subsystem is one of the content protection subsystems. A local attacker could exploit this vulnerability to modify data. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10

Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access. Intel CSME and TXE Contains an input validation vulnerability.Information may be tampered with. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Attacks in close physical proximity exploit this vulnerability to modify data. Intel CSME before 11.8.60, before 11.11.60, before 11.22.60, before 12.0.20; Intel TXE before 3.1.60, before 4.0.10

Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. A security vulnerability exists in Intel AMT due to the program's failure to perform adequate input validation. An attacker could exploit this vulnerability to cause a denial of service. The following versions are affected: Intel AMT prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20

Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Intel(R) CSME Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Converged Security and Management Engine (CSME) is a security management engine of Intel Corporation. Intel AMT is one of the active management technology modules. A security vulnerability exists in Intel AMT in Intel CSME due to the program's failure to perform adequate input validation. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20

Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Intel(R) CSME , TXE , Server Platform Services Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). The HECI subsystem is one of the host embedded controller interface subsystems. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10; Intel Server Platform Services earlier than 5.00.04.012

Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access. Intel CSME and TXE Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Both Intel Converged Security and Management Engine (CSME) and Intel TXE are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Buffer overflow vulnerabilities exist in OS components in Intel CSME and Intel TXE. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel TXE prior to 3.1.60, prior to 4.0.10

Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access. Platform Sample and Silicon Reference The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. are all products of Intel Corporation of the United States. The 8th Generation Intel Core Processor is an eighth generation Core series central processing unit (CPU). 7th Generation Intel Core Processor is a seventh generation Core series central processing unit (CPU). Intel Pentium Silver J5005 Processor is a Pentium series processor. A buffer overflow vulnerability exists in the Platform Sample/Silicon Reference firmware in several Intel products. A local attacker could exploit this vulnerability to execute arbitrary code

Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Windows for Intel(R) Graphics Driver Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Graphics Driver for Windows is a graphics card driver for Windows platform developed by Intel Corporation. Kernel Mode Driver is one of the kernel mode drivers. A local attacker could exploit this vulnerability to cause a denial of service. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access. Windows for Intel(R) Graphics Driver Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel Graphics Driver for Windows is a graphics card driver for Windows platform developed by Intel Corporation. The igdkm64.sys file in the Windows-based Intel Graphics Driver has an out-of-bounds read vulnerability. A local attacker could exploit this vulnerability to cause a denial of service. The following versions are affected: Intel Graphics Driver prior to 10.18.x.5059, prior to 10.18.x.5057, prior to 20.19.x.5063, prior to 21.20.x.5064, prior to 24.20.100.6373

Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Service operation interruption (DoS) * Privilege escalation. Intel(R) CSME , Server Platform Services , TXE Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Converged Security and Management Engine (CSME) and others are products of Intel Corporation of the United States. Intel Converged Security and Management Engine is a security management engine. Intel Server Platform Services is a server platform service program. Intel TXE is a trusted execution engine with hardware authentication function used in CPU (Central Processing Unit). Kernel subsystem is one of the kernel subsystems. Security vulnerabilities exist in the Kernel subsystem in Intel CSME, Intel Server Platform Services, and Intel TXE. An attacker in physical proximity could exploit this vulnerability to execute arbitrary code. The following products and versions are affected: Intel CSME prior to 11.8.60, prior to 11.11.60, prior to 11.22.60, prior to 12.0.20; Intel Server Platform Services prior to 4.00.04.383, prior to 4.01.02.174; Intel TXE version before 3.1.60, version before 4.0.10