An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivanti Endpoint Manager 2019.1 and 2020.1 allows an authenticated attacker to gain remote code execution by uploading a malicious aspx file. The issue is caused by insufficient...
Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the...
Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITYSYSTEM’, the issue can be used to escalate...
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. Date published : 2020-11-12 https://www.amd.com/en/corporate/product-security
The Trusted Platform Modules (TPM) reference software may not properly track the number of times a failed shutdown happens. This can leave the TPM in a state where confidential key material in the TPM...
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks. In line with...
Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. Date published : 2020-11-12 https://security.netapp.com/advisory/ntap-20201113-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in Intel(R) TXE versions before 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Date published : 2020-11-12...
Incorrect default permissions in Windows(R) installer in Intel(R) AMT SDK versions before 14.0.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://security.netapp.com/advisory/ntap-20201113-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00391
Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430
Improper access control in the Intel(R) XTU before version 6.5.1.360 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00429
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00430
Improper permissions in the installer for the Intel(R) Battery Life Diagnostic Tool before version 1.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00431