Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-03	CVE-2021-42059	Out-of-bounds Write vulnerability in multiple products An issue was discovered in Insyde InsydeH2O Kernel 5.0 before 05.08.41, Kernel 5.1 before 05.16.41, Kernel 5.2 before 05.26.41, Kernel 5.3 before 05.35.41, and Kernel 5.4 before 05.42.20. local low complexity insyde siemens CWE-787	6.7
2021-06-16	CVE-2020-27339	Improper Input Validation vulnerability in multiple products In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the CommBuffer and CommBufferSize parameters, allowing callers to corrupt either the firmware or the OS memory. local low complexity insyde siemens CWE-20	6.7
2021-06-09	CVE-2020-12357	Improper Initialization vulnerability in multiple products Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. local low complexity intel netapp siemens CWE-665	6.7
2021-06-09	CVE-2020-24506	Out-of-bounds Read vulnerability in multiple products Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access. local low complexity intel siemens CWE-125	4.4
2021-06-09	CVE-2020-24507	Improper Initialization vulnerability in multiple products Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. local low complexity intel siemens CWE-665	4.4
2021-06-09	CVE-2020-8670	Race Condition vulnerability in multiple products Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. local high complexity intel siemens netapp CWE-362	6.4
2021-06-09	CVE-2020-8703	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32 and 15.0.22 may allow a privileged user to potentially enable escalation of privilege via local access. local low complexity intel netapp siemens CWE-119	6.7
2021-06-09	CVE-2020-8704	Race Condition vulnerability in multiple products Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged user to potentially enable escalation of privilege via local access. local high complexity intel siemens CWE-362	6.4
2020-11-12	CVE-2020-8745	Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25 , Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. low complexity intel siemens	6.8
2020-11-12	CVE-2020-8698	Exposure of Resource to Wrong Sphere vulnerability in multiple products Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. local low complexity intel netapp fedoraproject debian siemens CWE-668	5.5