Monthly Archive: May 2022

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. Date published : 2022-05-13 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size. Date published : 2022-05-12 https://github.com/jerryscript-project/jerryscript/issues/4793 https://github.com/jerryscript-project/jerryscript/pull/4794

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351. A specially-crafted XLS file can cause a use-after-free condition, resulting in remote code execution. An attacker...

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0002/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00648.html

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. Date published : 2022-05-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00603.html

Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access. Date published : 2022-05-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00595.html

Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0001/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00586.html

Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. Date published : 2022-05-12 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00549.html

Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. Date published : 2022-05-12 https://security.netapp.com/advisory/ntap-20220818-0003/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html

Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access. Date...

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access. Date published...