Improper input validation in BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf https://security.netapp.com/advisory/ntap-20201113-0001/
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://security.netapp.com/advisory/ntap-20201113-0001/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358
Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://security.netapp.com/advisory/ntap-20201113-0001/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00358
Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access....
Improper buffer restrictions in the Intel(R) Unite Client for Windows* before version 4.2.13064 may allow an authenticated user to potentially enable information disclosure via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00350
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00427
Improper input validation in the firmware for Intel(R) Server Board S2600ST and S2600WF families may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2020-11-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00439
A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. Date published : 2020-11-11 https://support.lenovo.com/us/en/product_security/LEN-49266
Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access...
In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. Date published : 2020-11-11 https://support.lenovo.com/us/en/product_security/LEN-49266
The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 are vulnerable to Prototype Pollution via loadPackageDefinition. Date published : 2020-11-11 https://github.com/grpc/grpc-node/pull/1605 https://github.com/grpc/grpc-node/pull/1606
All versions of package express-validators are vulnerable to Regular Expression Denial of Service (ReDoS) when validating specifically-crafted invalid urls. Date published : 2020-11-11 https://snyk.io/vuln/SNYK-JS-EXPRESSVALIDATORS-1017404
Server-side request forgery vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers trigger server-side DNS requests to arbitrary domains via carefully constructed XML files loaded by an ePO...
External entity attack vulnerability in the ePO extension in McAfee MVISION Endpoint prior to 20.11 allows remote attackers to gain control of a resource or trigger arbitrary code execution via improper input validation of...