ALT-PU-2021-1996-1 — firmware-intel-ucode

BDU:2021-03383

LOW3.3

Уязвимость микропрограммного обеспечения процессоров Intel, связанная с раскрытием информации через несоответствие, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2021-07-06Modified: 2024-09-16

CVSS 3.xLOW 3.3

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

References

BDU:2021-03384

MEDIUM6.5

Уязвимость микропрограммного обеспечения процессоров Intel, связанная с отсутствием защиты служебных данных, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2021-07-06Modified: 2024-09-16

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N

References

BDU:2021-03385

MEDIUM6.5

Уязвимость микропрограммного обеспечения процессоров Intel, связанная с ошибками в настройках безопасности, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2021-07-06Modified: 2024-09-16

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVSS 2.0MEDIUM 4.9

CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2020-24511

MEDIUM6.5

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: 2021-06-09Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

CVE-2020-24512

LOW3.3

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: 2021-06-09Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xLOW 3.3

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References

CVE-2020-24513

MEDIUM6.5

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Published: 2021-06-09Modified: 2024-11-21

CVSS 2.0LOW 2.1

CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

References

CVE-2021-24489

MEDIUM4.8

The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.

Published: 2021-10-25Modified: 2024-11-21

CVSS 2.0LOW 3.5

CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References

Package update firmware-intel-ucode in branch sisyphus

Closed issues (7)

Уязвимость микропрограммного обеспечения процессоров Intel, связанная с ошибками в настройках безопасности, позволяющая нарушителю раскрыть защищаемую информацию

Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

The Request a Quote WordPress plugin before 2.3.9 does not sanitise, validate or escape some of its settings in the admin dashboard, leading to authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed.