Security Advisory - Intel SSD Vulnerabilities
2022-07-08 | Security Advisory
Potential security vulnerabilities in some Intel Optane SSD and Intel Optane SSD Data Center (DC) products may allow escalation of privilege, denial of service or information disclosure. CVE-2021-33078 Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Pr...
Security Advisory - Some Vulnerabilities Published In Intel 2021.2 IPU
2022-03-31 | Security Advisory
On February 8th, Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege with local access. INTEL-SA-00589:CVE-2021-33120 Out of bounds read under complex microarchitectura...
Security Advisory - Some Vulnerabilities Published In Intel 2021.1 IPU
2021-09-14 | Security Advisory
On June 8th, Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege with local access. Intel-TA-00463:CVE-2020-8670 CVE-2020-8700 CVE-2020-12359 CVE-2020-12358 CVE-2021-00...
Security Advisory - Intel Processors And SPS Vulnerabilities
2021-02-03 | Security Advisory
On November 10th, Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege with local access or physical access. INTEL-SA-00381:Potential security vulnerabilities in some In...
Security Notice - Statement On Some AMI MegaRAC BMC Vulnerabilities
2022-12-07 | Security Notices
Eclypsium Research has discovered and reported 3 vulnerabilities(CVE-2022-40259、CVE-2022-40242、CVE-2022-2827) in AMI MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. The BMC&C vulnerabilities range in severity from Medium to Cri...
Security Notice - Statement On Spring Framework RCE Vulnerability
2022-04-01 | Security Notices
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is ...
Security Notice - Statement On Apache Log4j2 Vulnerability CVE-2021-44228
2021-12-13 | Security Notices
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when messa...
Security Notice - Statement On Ripple20 Vulnerabilities
2020-06-23 | Security Notices
The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabi...
Security Advisory - Intel SRBDS Vulnerabilities
2020-08-18 | Security Advisory
Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure. intel-sa-00320:CVE-2020-0543 A new domain bypass transient execution attack known as special register buffer data sampling (SRBDS) may allow d...
Security Advisory – Intel SPS local DOS
2020-08-18 | Security Advisory
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel® TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_...
Security Advisory - The L1D vulnerabilities of Intel processor
2020-05-22 | Security Advisory
On January 27, 2020, intel released a security update that disclosed two security vulnerabilities of Intel processors that could lead to information disclosure. CVE numbers are CVE-2020-0548 and CVE-2020-0549. Intel will be providing fixes in future microcode updates. The vulnerability details are a...
Security Notice - Statement On Some Vulnerabilities Published In Intel 2021.1 IPU
2021-06-10 | Security Notices
On June 8th, Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege with local access. Intel-TA-00463:CVE-2020-8670 CVE-2020-8700 CVE-2020-12359 CVE-2020-12358 CVE-2021-00...
Security Advisory - The “VoltJockey” and other vulnerabilities of Intel processor
2020-03-10 | Security Advisory
On December 10, 2019, Intel disclosed several potential security vulnerabilities. The intel processor vulnerabilities(CVE-2019-11157 and CVE-2019-14607) may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these ...
Security Notice - Statement On Some Intel Processors And SPS Vulnerabilities
2020-11-14 | Security Notices
On November 10th, Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege with local access or physical access. INTEL-SA-00381:Potential security vulnerabilities in some In...
Security Notice - Statement On Grub2 Vulnerability Aka BootHole
2020-08-01 | Security Notices
On July 29th, a researcher disclosed a vulnerability in Linux GRUB2 bootloaders called “BootHole” (CVE-2020-10713). An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or mo...
Security Notice - Statement On intel-sa-00295
2020-07-02 | Security Notices
Potential security vulnerabilities in Intel Converged Security and Manageability Engine (CSME), Intel Server Platform Services (SPS), Intel Trusted Execution Engine (TXE), Intel Active Management Technology (AMT), Intel Standard Manageability (ISM) and Intel Dynamic Application Loader (DAL) may allo...
Security Advisory - Intel TSX Asynchronous Abort (TAA) Vulnerability
2020-03-10 | Security Advisory
On November 12, 2019, Intel disclosed several potential security vulnerabilities. These potential security vulnerabilities may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. The...
Security Notice - Statement On Intel SRBDS Vulnerabilities
2020-06-15 | Security Notices
Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure. intel-sa-00320:CVE-2020-0543 A new domain bypass transient execution attack known as special register buffer data sampling (SRBDS) may allow d...
Security Notice - Statement On Intel CSME and Processor LVI vulnerabilities
2020-03-12 | Security Notices
Intel reported potential security vulnerabilities in some Intel Processors that may allow an authenticated user to potentially enable information disclosure or escalation of privilege via a side channel with local access or physical access. intel-sa-00330:CVE-2020-0550 Improper data forwarding in so...
Security Notice - Statement on the Side Channel Vulnerabilities "MDS" of Chips
2019-05-30 | Security Notices
On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), Intel unified this series of vulnerabilities into Microarchitectural Data Sampling vulnerabilities. The exploitation of these vulnerabilities requires an attac...
Security Advisory - The Side Channel Vulnerabilities "MDS" of Chips
2019-06-11 | Security Advisory
On May 14, 2019, Intel disclosed four new side channel vulnerabilities (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091), Intel unified this series of vulnerabilities into Microarchitectural Data Sampling vulnerabilities. The exploitation of these vulnerabilities requires an attac...
Security Notice - Statement on BMC ASPEED and some other security vulnerabilities
2019-07-07 | Security Notices
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMCs physical address space from the host (or from the network in unusual cases where the BMC console ua...
Security Advisory - BMC ASPEED and some other security vulnerabilities
2019-07-11 | Security Advisory
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMCs physical address space from the host (or from the network in unusual cases where the BMC console ua...
Security Notice - Statement on Intel TSX Asynchronous Abort (TAA)
2019-11-15 | Security Notices
On November 12, 2019, Intel disclosed several potential security vulnerabilities. These potential security vulnerabilities may allow escalation of privilege, denial of service or information disclosure. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. The...
