CVE-2018-12147 (converged_security_management_engine_firmware, server_platform_services_firmware, trusted_execution_engine_firmware)

Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel? Server Platform Services before version 4.0 and Intel? Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.

View Full Alert

CVE-2017-8252 (ipq4019_firmware, ipq8074_firmware, mdm9150_firmware, mdm9206_firmware, mdm9607_firmware, mdm9615_firmware, mdm9635m_firmware, mdm9640_firmware, mdm9650_firmware, mdm9655_firmware, msm8909w_firmware, msm8996au_firmware, qc_215_firmware, qca8081_firmware, qcs605_firmware, sd_205_firmware, sd_210_firmware, sd_212_firmware, sd_410_firmware, sd_412_firmware, sd_415_firmware, sd_425_firmware, sd_427_firmware, sd_429_firmware, sd_430_firmware, sd_435_firmware, sd_439_firmware, sd_450_firmware, sd_615_firmware, sd_616_firmware, sd_625_firmware, sd_632_firmware, sd_636_firmware, sd_650_firmware, sd_652_firmware, sd_670_firmware, sd_675_firmware, sd_710_firmware, sd_712_firmware, sd_820_firmware, sd_820a_firmware, sd_835_firmware, sd_845_firmware, sd_850_firmware, sd_855_firmware, sd_8cx_firmware, sda660_firmware, sdm439_firmware, sdm630_firmware, sdm660_firmware, sdx20_firmware, sdx24_firmware, sm7150_firmware, snapdragon_high_med_2016_firmware, sxr1130_firmware)
Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon…
CVE-2013-7471 (dir-300_firmware, dir-600_firmware, dir-645_firmware, dir-845_firmware, dir-865_firmware)
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injection via shell metacharacters…
CVE-2016-10760 (swr-300a_firmware, swr-300b_firmware, swr-300bg_firmware, swr-300c_firmware)
On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. View Full Alert

Related Posts