For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exists due to excessive logging of an invite email error message. Date published : 2020-08-13 https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13280.json https://gitlab.com/gitlab-org/gitlab/-/issues/28291
An issue was discovered on Spirent TestCenter and Avalanche appliance admin interface firmware. An attacker, who already has access to an SSH restricted shell, can achieve root access via shell metacharacters. The attacker can...
In C2 flame devices, there is a possible bypass of seccomp due to a missing configuration file. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...
Reliance on untrusted inputs in a security decision in some Intel(R) Thunderbolt(TM) controllers may allow unauthenticated user to potentially enable information disclosure via physical access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00411.html
Insufficient control flow management for some Intel(R) Wireless Bluetooth(R) products may allow an unprivileged user to potentially enable denial of service via adjacent access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00337.html
A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android’s Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if...
A buffer length validation vulnerability in Asylo versions prior to 0.6.0 allows an attacker to read data they should not have access to. The ‘enc_untrusted_recvfrom’ function generates a return value which is deserialized by...
An arbitrary memory overwrite vulnerability in the trusted memory of Asylo exists in versions prior to 0.6.0. As the ecall_restore function fails to validate the range of the output_len pointer, an attacker can manipulate...
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-08-12...
Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00406.html
Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00394.html
Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00392.html
Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00387.html
Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-08-12 https://security.netapp.com/advisory/ntap-20200814-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00386.html