| Month | Quarter | Year |
|---|---|---|
| #56 | #103 | #N/A |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2019-11091 | CWE-200 | Information Leak / Disclosure | 5.6 |
|
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
|
|||
| CVE-2018-3641 | CWE-264 | Permissions, Privileges, and Access Control | 9.8 |
|
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
|
|||
| CVE-2018-3640 | CWE-200 | Information Leak / Disclosure | 5.6 |
|
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
|
|||
| CVE-2018-3639 | CWE-200 | Information Leak / Disclosure | 5.5 |
|
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
|
|||
| CVE-2018-3634 | CWE-20 | Input Validation | 5.5 |
|
Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.
|
|||
| CVE-2018-3632 | CWE-119 | Buffer Errors | 6.7 |
|
Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.
|
|||
| CVE-2018-3629 | CWE-119 | Buffer Errors | 6.5 |
|
Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.
|
|||
| CVE-2018-3628 | CWE-119 | Buffer Errors | 8.8 |
|
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.
|
|||
| CVE-2018-3627 | CWE-264 | Permissions, Privileges, and Access Control | 8.2 |
|
Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
|
|||
| CVE-2018-3619 | CWE-200 | Information Leak / Disclosure | 4.6 |
|
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
|
|||