CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-45046 502 Exec Code +Info 2021-12-14 2021-12-27
5.1
None Remote High Not required Partial Partial Partial
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
2 CVE-2021-44228 502 Exec Code 2021-12-10 2022-01-24
9.3
None Remote Medium Not required Complete Complete Complete
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
3 CVE-2021-33833 787 Overflow 2021-06-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
4 CVE-2021-33097 367 2021-11-17 2021-11-22
6.0
None Remote Medium ??? Partial Partial Partial
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.
5 CVE-2021-26675 787 Exec Code Overflow 2021-02-09 2021-07-12
5.8
None Local Network Low Not required Partial Partial Partial
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
6 CVE-2021-0013 20 DoS 2021-11-17 2021-11-19
5.0
None Remote Low Not required None None Partial
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access.
7 CVE-2020-24454 611 2020-11-12 2020-12-01
5.0
None Remote Low Not required Partial None None
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.
8 CVE-2020-12347 20 2020-11-12 2020-11-20
6.5
None Remote Low ??? Partial Partial Partial
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
9 CVE-2020-12339 2021-02-17 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
10 CVE-2020-12338 2020-11-13 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
11 CVE-2020-12315 22 Dir. Trav. 2020-11-12 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
12 CVE-2020-8758 119 Overflow 2020-09-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
13 CVE-2020-8754 125 2020-11-12 2020-11-18
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
14 CVE-2020-8753 125 2020-11-12 2020-11-24
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
15 CVE-2020-8752 787 2020-11-12 2020-11-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
16 CVE-2020-8749 125 2020-11-12 2020-11-18
5.8
None Local Network Low Not required Partial Partial Partial
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
17 CVE-2020-8747 125 DoS 2020-11-12 2020-11-18
6.4
None Remote Low Not required Partial None Partial
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
18 CVE-2020-8688 20 DoS 2020-08-13 2020-08-19
5.0
None Remote Low Not required None None Partial
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access.
19 CVE-2020-8674 125 2020-06-15 2021-03-18
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
20 CVE-2020-0597 125 DoS 2020-06-15 2021-03-18
5.0
None Remote Low Not required None None Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
21 CVE-2020-0596 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
22 CVE-2020-0595 416 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
23 CVE-2020-0594 125 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
24 CVE-2020-0540 522 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
25 CVE-2020-0538 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.
26 CVE-2020-0536 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.
27 CVE-2020-0535 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
28 CVE-2020-0534 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.
29 CVE-2019-11132 79 XSS 2019-12-18 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.
30 CVE-2019-11131 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
31 CVE-2019-11119 2019-06-13 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
32 CVE-2019-11112 269 Mem. Corr. 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.
33 CVE-2019-11107 20 2019-12-18 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
34 CVE-2019-11088 20 2019-12-18 2019-12-31
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
35 CVE-2019-0173 Bypass 2019-08-19 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
36 CVE-2019-0172 2019-05-17 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
37 CVE-2019-0169 787 DoS Overflow 2019-12-18 2020-02-11
5.8
None Local Network Low Not required Partial Partial Partial
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
38 CVE-2019-0166 20 2019-12-18 2020-01-02
5.0
None Remote Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
39 CVE-2019-0155 269 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
40 CVE-2019-0153 119 Overflow 2019-05-17 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
41 CVE-2019-0145 120 Overflow 2019-11-14 2021-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
42 CVE-2019-0142 269 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
43 CVE-2019-0140 120 Overflow 2019-11-14 2021-05-03
5.8
None Local Network Low Not required Partial Partial Partial
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access.
44 CVE-2019-0132 20 DoS 2019-05-17 2021-07-21
5.0
None Remote Low Not required None None Partial
Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access.
45 CVE-2019-0102 384 2019-02-18 2020-07-28
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
46 CVE-2019-0101 Bypass 2019-02-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
47 CVE-2019-0098 2019-05-17 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
48 CVE-2019-0096 787 2019-05-17 2019-06-20
5.2
None Local Network Low ??? Partial Partial Partial
Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access.
49 CVE-2019-0091 94 2019-05-17 2019-06-20
7.2
None Local Low Not required Complete Complete Complete
Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
50 CVE-2018-12220 Exec Code 2019-03-14 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
Total number of vulnerabilities : 125   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.