Security Vulnerabilities - CVEs Published In August 2019
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
CVSS Score
7.6
EPSS Score
0.005
Published
2019-08-19
Insufficient session validation in system firmware for Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2019-08-19
Improper permissions in the software installer for Intel(R) Authenticate before 3.8 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
6.7
EPSS Score
0.0
Published
2019-08-19
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-19
Improper file verification in IntelĀ® Driver & Support Assistant before 19.7.30.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-19
Improper permissions in the installer for Intel(R) Remote Displays SDK before version 2.0.1 R2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.0
Published
2019-08-19
Insufficient access control in hardware abstraction in SEMA driver for Intel(R) Computing Improvement Program before version 2.4.0.04733 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-19
Insufficient access control in a hardware abstraction driver for Intel(R) Processor Identification Utility for Windows before version 6.1.0731 may allow an authenticated user to potentially enable escalation of privilege, denial of service or information disclosure via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2019-08-19
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents.
CVSS Score
5.3
EPSS Score
0.004
Published
2019-08-19
Pivotal Apps Manager, included in Pivotal Application Service versions 2.3.x prior to 2.3.16, 2.4.x prior to 2.4.12, 2.5.x prior to 2.5.8, and 2.6.x prior to 2.6.3, makes a request to the /cloudapplication endpoint via Spring actuator, and subsequent requests via unsecured http. An adjacent unauthenticated user could eavesdrop on the network traffic and gain access to the unencrypted token allowing the attacker to read the type of access a user has over an app. They may also modify the logging level, potentially leading to lost information that would otherwise have been logged.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-08-19