Bsdaemon

**Name of the Vulnerable Software and Affected Versions** Intel(R) SGX for 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics **Description** The issue is related to insufficient access control in the protected memory subsystem, which may allow a privileged user to potentially enable information disclosure via local access. This could lead to the exposure of protected information. **Recommendations** For Intel(R) SGX on 6th, 7th, 8th, 9th Generation Intel(R) Core(TM) Processor Families: update the microcode to ensure proper access control. For Intel(R) Xeon(R) Processor E3-1500 v5, v6 Families: apply the recommended configuration changes to restrict local access. For Intel(R) Xeon(R) E-2100 & E-2200 Processor Families with Intel(R) Processor Graphics: restrict access to sensitive information until a proper fix is applied.

**Name of the Vulnerable Software and Affected Versions** Intel(R) TXT for certain Intel(R) Core Processors and Intel(R) Xeon(R) Processors (affected versions not specified) **Description** The issue is related to insufficient memory protection, which may allow a privileged user to potentially enable escalation of privilege via local access. It is also described as a buffer overflow issue in the microcode of Intel Core and Intel Xeon processors, where exploitation could allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple QuickTime versions prior to 7.7.2 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted .pict file. **Recommendations** For versions prior to 7.7.2, update to version 7.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Oracle Solaris versions 8 through 10 **Description** The issue affects confidentiality, integrity, and availability, and is related to the CDE Calendar Manager Service Daemon and RPC. It is claimed by a reliable third party to be a buffer overflow in `rpc.cmsd` via long XDR-encoded ASCII strings in RPC call 10. **Recommendations** For Oracle Solaris versions 8 through 10, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SanDisk Cruzer Enterprise (affected versions not specified) **Description** The issue concerns the use of a fixed 256-bit key in SanDisk Cruzer Enterprise USB flash drives, which can be exploited by physically proximate attackers to access, read, or modify the drive's contents by determining and providing this key. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives (affected versions not specified) **Description** The issue allows physically proximate attackers to read or modify data on the USB flash drives by determining and providing a fixed 256-bit key used for obtaining access to the cleartext drive contents. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.