Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
active management technology firmware vulnerabilities and exploits
(subscribe to this query)
4.6
CVSSv2
CVE-2019-0092
Insufficient input validation vulnerability in subsystem for Intel(R) AMT prior to 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Intel Active Management Technology Firmware
4.6
CVSSv2
CVE-2018-12190
Insufficient input validation in Intel(r) CSME subsystem prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE prior to 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.
Intel Trusted Execution Engine Firmware
Intel Converged Security Management Engine Firmware
4.6
CVSSv2
CVE-2018-12196
Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access.
Intel Converged Security Management Engine Firmware
4.6
CVSSv2
CVE-2018-12208
Buffer overflow in HECI subsystem in Intel(R) CSME prior to 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel(R) TXE version prior to 3.1.60 or 4.0.10, or Intel(R) Server Platform Services before version 5.00.04.012 may allow an unauthenticated user to potentially execute arbitrar...
Intel Server Platform Services Firmware
Intel Converged Security Management Engine Firmware
Intel Trusted Execution Engine Firmware
4.6
CVSSv2
CVE-2018-12185
Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
Intel Converged Security Management Engine Firmware
4.4
CVSSv2
CVE-2020-8755
Race condition in subsystem for Intel(R) CSME versions prior to 12.0.70 and 14.0.45, Intel(R) SPS versions before E5_04.01.04.400 and E3_05.01.04.200 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
Intel Converged Security And Management Engine
Intel Server Platform Services
4.3
CVSSv2
CVE-2019-11358
jQuery prior to 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
Jquery Jquery
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Drupal Drupal
Backdropcms Backdrop
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
Netapp Snapcenter -
Netapp Oncommand System Manager
Redhat Cloudforms 4.7
Redhat Virtualization Manager 4.3
Oracle Service Bus 12.1.3.0.0
Oracle Primavera Unifier 16.2
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Weblogic Server 12.1.3.0.0
Oracle Service Bus 11.1.1.9.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Primavera Unifier 16.1
119 Github repositories
4.3
CVSSv2
CVE-2018-3616
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology prior to 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
Intel Manageability Engine Firmware
Intel Active Management Technology Firmware
Intel Converged Security Management Engine Firmware
Siemens Simatic Field Pg M5 Firmware
Siemens Simatic Ipc427e Firmware
Siemens Simatic Ipc477e Firmware
Siemens Simatic Ipc547e Firmware
Siemens Simatic Pc547g Firmware
Siemens Simatic Ipc627d Firmware
Siemens Simatic Ipc647d Firmware
Siemens Simatic Ipc677d Firmware
Siemens Simatic Ipc827d Firmware
Siemens Simatic Ipc847d Firmware
Siemens Simatic Itp1000 Firmware
4.3
CVSSv2
CVE-2017-5697
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions prior to 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote malicious user to hijack users web clicks via attacker's crafted web pag...
Intel Active Management Technology Firmware
4
CVSSv2
CVE-2021-33068
Null pointer dereference in subsystem for Intel(R) AMT prior to 15.0.35 may allow an authenticated user to potentially enable denial of service via network access.
Intel Active Management Technology Firmware
Netapp Cloud Backup -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »