| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak attack and obtain root privileges by overwriting the /etc/shadow file. |
| Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the vulnerability of disclosing the private key in clear-text when changing the parameters of the request. |
| OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; because some files on the Content Server filesystem are security-sensitive, this leads to privilege escalation. |
| A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. |
| PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression. |
| The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. |
| bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to bfd_getl32. |
| Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. |
| Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. |
| dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, does not validate the DW_AT_name data type, which allows remote attackers to cause a denial of service (bfd_hash_hash NULL pointer dereference, or out-of-bounds access, and application crash) via a crafted ELF file, related to scan_unit_for_symbols and parse_comp_unit. |
| The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information. |
| The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information. |
| There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code. |
| Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state. |
| Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors. |
| Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. |
| Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges. |
| Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. |
| A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user. |
| Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. |
