Intel Server_platform_services_firmware
15 CVEs affecting Intel Server_platform_services_firmware. Latest disclosed: 2022-11-11. Critical: 0, High: 7.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-3643 | High | 8.2 | 2018-09-12 | A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8… |
CVE-2017-5709 | High | 7.8 | 2017-11-21 | Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecifie… |
CVE-2017-5706 | High | 7.8 | 2017-11-21 | Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code. |
CVE-2018-12208 | High | 7.6 | 2019-03-14 | Buffer overflow in HECI subsystem in Intel(R) CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version before 3.1.60 or 4.0.10, or… |
CVE-2018-12191 | High | 7.6 | 2019-03-14 | Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00… |
CVE-2022-29466 | High | 7.3 | 2022-11-11 | Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of ser… |
CVE-2018-3655 | High | 7.3 | 2018-09-12 | A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firm… |
CVE-2019-0099 | Medium | 6.8 | 2019-05-17 | Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially en… |
CVE-2018-12192 | Medium | 6.8 | 2019-03-14 | Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_0… |
CVE-2018-12147 | Medium | 6.7 | 2019-06-13 | Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted… |
CVE-2022-29515 | Medium | 6.0 | 2022-11-11 | Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentiall… |
CVE-2018-12198 | Medium | 6.0 | 2019-03-14 | Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially… |
CVE-2019-11090 | Medium | 5.9 | 2019-12-18 | Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70… |
CVE-2022-26074 | Medium | 4.4 | 2022-08-18 | Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to pote… |
CVE-2019-11109 | Medium | 4.4 | 2019-12-18 | Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileg… |