CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2000-0384 2000-05-08 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure's MAC address, which could allow remote attackers to gain root access.
2 CVE-2007-1307 2007-03-07 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
3 CVE-2017-5689 +Priv 2017-05-02 2020-02-18
10.0
None Remote Low Not required Complete Complete Complete
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
4 CVE-2017-5682 2017-02-28 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.
5 CVE-2021-44228 502 Exec Code 2021-12-10 2022-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
6 CVE-2017-5712 119 Exec Code Overflow 2017-11-21 2018-05-11
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
7 CVE-2018-3679 Exec Code 2018-09-12 2019-10-03
8.3
None Local Network Low Not required Complete Complete Complete
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
8 CVE-2006-0081 399 DoS 2006-01-04 2016-12-20
7.8
None Remote Low Not required None None Complete
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title.
9 CVE-2009-1385 189 DoS 2009-06-04 2018-10-10
7.8
None Remote Low Not required None None Complete
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
10 CVE-2013-4786 255 2013-07-08 2020-10-29
7.8
None Remote Low Not required Complete None None
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
11 CVE-2018-3662 Exec Code 2018-08-01 2019-10-03
7.7
None Local Network Low ??? Complete Complete Complete
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
12 CVE-2009-0066 Bypass 2009-01-07 2009-01-08
7.6
None Remote High Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13 CVE-2016-1493 345 Exec Code 2016-01-29 2018-10-09
7.6
None Remote High Not required Complete Complete Complete
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
14 CVE-2000-0068 1999-12-14 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail.
15 CVE-2001-0903 2001-11-20 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Linear key exchange process in High-bandwidth Digital Content Protection (HDCP) System allows remote attackers to access data as plaintext, avoid device blacklists, clone devices, and create new device keyvectors by computing and using alternate key combinations for authentication.
16 CVE-2013-4219 189 DoS Exec Code Overflow 2013-08-25 2013-08-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c.
17 CVE-2017-5719 Exec Code 2017-11-21 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
18 CVE-2017-12865 119 DoS Exec Code Overflow 2017-08-29 2020-03-05
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
19 CVE-2019-0101 Bypass 2019-02-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
20 CVE-2019-0153 119 Overflow 2019-05-17 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
21 CVE-2019-0172 2019-05-17 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
22 CVE-2019-11107 20 2019-12-18 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
23 CVE-2019-11119 2019-06-13 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
24 CVE-2019-11131 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
25 CVE-2020-0594 125 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
26 CVE-2020-0595 416 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
27 CVE-2020-8752 787 2020-11-12 2020-11-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
28 CVE-2020-8758 119 Overflow 2020-09-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
29 CVE-2020-12315 22 Dir. Trav. 2020-11-12 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
30 CVE-2020-12338 2020-11-13 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
31 CVE-2021-33833 787 Overflow 2021-06-09 2022-01-25
7.5
None Remote Low Not required Partial Partial Partial
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
32 CVE-2000-0516 2000-06-06 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.
33 CVE-2006-6385 Exec Code Overflow 2006-12-08 2018-10-17
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incorrect function call in certain OID handlers.
34 CVE-2009-4419 16 Exec Code +Priv Bypass 2009-12-24 2017-08-17
7.2
None Local Low Not required Complete Complete Complete
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
35 CVE-2016-8101 264 +Priv 2016-10-10 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
36 CVE-2016-8102 264 2016-12-08 2016-12-23
7.2
None Local Low Not required Complete Complete Complete
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
37 CVE-2017-5683 +Priv 2017-04-04 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.
38 CVE-2017-5688 Exec Code 2017-05-31 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.
39 CVE-2017-5705 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
40 CVE-2017-5706 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
41 CVE-2017-5707 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
42 CVE-2017-5708 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
43 CVE-2017-5709 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
44 CVE-2017-5710 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
45 CVE-2017-5711 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
46 CVE-2017-5717 704 2017-12-12 2017-12-27
7.2
None Local Low Not required Complete Complete Complete
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
47 CVE-2017-5727 476 2018-02-02 2018-02-16
7.2
None Local Low Not required Complete Complete Complete
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
48 CVE-2017-5736 269 Exec Code 2018-03-20 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.
49 CVE-2018-3612 20 2018-05-10 2018-06-18
7.2
None Local Low Not required Complete Complete Complete
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
50 CVE-2018-3657 119 Exec Code Overflow 2018-09-12 2021-05-26
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
Total number of vulnerabilities : 503   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.