Vulnerabilities > Intel > Server Platform Services Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-11-11 CVE-2022-29466 Improper Input Validation vulnerability in Intel Server Platform Services Firmware
Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.
local
low complexity
intel CWE-20
5.5
2022-11-11 CVE-2022-29515 Memory Leak vulnerability in Intel Server Platform Services Firmware
Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.
local
low complexity
intel CWE-401
5.5
2022-08-18 CVE-2022-26074 Incomplete Cleanup vulnerability in Intel Server Platform Services Firmware
Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.
local
low complexity
intel CWE-459
4.4
2019-12-18 CVE-2019-11109 Logic issue in the subsystem for Intel(R) SPS before versions SPS_E5_04.01.04.275.0, SPS_SoC-X_04.00.04.100.0 and SPS_SoC-A_04.00.04.191.0 may allow a privileged user to potentially enable denial of service via local access.
local
low complexity
intel f5
4.4
2019-12-18 CVE-2019-11090 Race Condition vulnerability in Intel products
Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel(R) TXE 3.1.70 and 4.0.20; Intel(R) SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.
network
high complexity
intel CWE-362
5.9
2019-06-13 CVE-2018-12147 Improper Input Validation vulnerability in Intel products
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
local
low complexity
intel CWE-20
6.7
2019-05-17 CVE-2019-0099 Unspecified vulnerability in Intel Server Platform Services Firmware
Insufficient access control vulnerability in subsystem in Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
low complexity
intel
6.8
2019-03-14 CVE-2018-12198 Improper Input Validation vulnerability in Intel Server Platform Services Firmware
Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access.
local
low complexity
intel CWE-20
6.0
2019-03-14 CVE-2018-12192 Improper Authentication vulnerability in Intel products
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.
low complexity
intel CWE-287
6.8