Security Advisory


Intel
  • INTEL-SA-00241/CVE-2019-11090 – Cryptographic timing conditions in the subsystem for Intel(R) PTT before versions xxx; Intel(R) TXE xxx; Intel(R) SPS before versions xxx may allow an unauthenticated user to potentially enable information disclosure via network access.
  • INTEL-SA-00233/CVE-2018-12126 – Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
  • INTEL-SA-00238/CVE-2019-0162 – Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.
  • INTEL-SA-00106/CVE-2018-3691 – Intel Integrated Performance Primitives Cryptography Library before version 2018 U2.1 does not properly ensure constant execution time.
  • INTEL-SA-00135 – Intel SGX SDK and Platform Software (PSW) utilize the Intel IPP Cryptography Library.  Vulnerabilities in this library have been reported that may enable a local attacker utilizing software-based side channels to recover certain cryptographic keys.
  • INTEL-SA-00202/CVE-2018-12155 – Data leakage in cryptographic libraries for Intel(R) IPP before 2019 update 1 release may allow an authenticated user to potentially enable information disclosure via local access.
STMicroelectronics
  • CVE-2019-16863 - STMicroelectronics ST33TPH* TPM 2.0 devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
WolfSSL
  • CVE-2019-19960 In wolfSSL before 4.3.0, wc_ecc_mulmod_ex does not properly resist side-channel attacks.
  • CVE-2019-19961
  • CVE-2019-19962 In wolfSSL before 4.3.0 mishandles calls to wc_SignatureGenerateHash, leading to fault injection in RSA cryptography.
  • CVE-2019-19963 In wolfSSL before 4.3.0, DSA signing uses the BEEA algorithm during modular inversion of the nonce without blinding, leading to a side-channel attack against the nonce.
Ahnlab
  • CVE-2013-3947 – AhnLab V3 Internet Security MedCoreD.sys 0xA3350014 IOCTL Handling Local Buffer Overflow
Agnitum
  • OSVDB 96208 – Agnitum Outpost Security Suite Pro acx.exe Service Named Pipe common_handler Interface Command 17h Component Registration Local Traversal Privilege Escalation
  • OSVDB 96209 – Agnitum Outpost Security Suite Pro Sandbox.sys Driver 80000208 IOCTL Buffer Allocation Handling Local Buffer Overflow
Avira
  • OSVDB 98976 – Avira Internet Security avipbb.sys Driver Trusted Process Control Code Execution Restriction Bypass Weakness
  • OSVDB 98971 – Avira Internet Security avipbb.sys Driver Control Code 0x222450 Local Buffer Overflow Weakness