CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44228 502 Exec Code 2021-12-10 2022-01-20
9.3
None Remote Medium Not required Complete Complete Complete
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
2 CVE-2021-33833 787 Overflow 2021-06-09 2021-07-12
7.5
None Remote Low Not required Partial Partial Partial
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
3 CVE-2021-33097 367 2021-11-17 2021-11-22
6.0
None Remote Medium ??? Partial Partial Partial
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.
4 CVE-2020-12347 20 2020-11-12 2020-11-20
6.5
None Remote Low ??? Partial Partial Partial
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
5 CVE-2020-12339 2021-02-17 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
6 CVE-2020-12338 2020-11-13 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
7 CVE-2020-12315 22 Dir. Trav. 2020-11-12 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
8 CVE-2020-8758 119 Overflow 2020-09-10 2021-07-21
7.5
None Remote Low Not required Partial Partial Partial
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
9 CVE-2020-8752 787 2020-11-12 2020-11-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
10 CVE-2020-8747 125 DoS 2020-11-12 2020-11-18
6.4
None Remote Low Not required Partial None Partial
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
11 CVE-2020-0595 416 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
12 CVE-2020-0594 125 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
13 CVE-2019-11132 79 XSS 2019-12-18 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.
14 CVE-2019-11131 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
15 CVE-2019-11119 2019-06-13 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
16 CVE-2019-11112 269 Mem. Corr. 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.
17 CVE-2019-11107 20 2019-12-18 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
18 CVE-2019-0172 2019-05-17 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
19 CVE-2019-0155 269 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
20 CVE-2019-0153 119 Overflow 2019-05-17 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
21 CVE-2019-0145 120 Overflow 2019-11-14 2021-05-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
22 CVE-2019-0142 269 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
23 CVE-2019-0101 Bypass 2019-02-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Authentication bypass in the Intel Unite(R) solution versions 3.2 through 3.3 may allow an unauthenticated user to potentially enable escalation of privilege to the Intel Unite(R) Solution administrative portal via network access.
24 CVE-2019-0098 2019-05-17 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
25 CVE-2019-0091 94 2019-05-17 2019-06-20
7.2
None Local Low Not required Complete Complete Complete
Code injection vulnerability in installer for Intel(R) CSME before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 and Intel(R) TXE 3.1.65, 4.0.15 may allow an unprivileged user to potentially enable escalation of privilege via local access.
26 CVE-2018-12220 Exec Code 2019-03-14 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
27 CVE-2018-12216 20 Exec Code 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.
28 CVE-2018-12214 119 Exec Code Overflow Mem. Corr. 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
29 CVE-2018-12199 119 Exec Code Overflow 2019-03-14 2019-04-23
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.
30 CVE-2018-12192 287 Bypass 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.
31 CVE-2018-12191 119 Exec Code Overflow 2019-03-14 2020-09-10
7.2
None Local Low Not required Complete Complete Complete
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
32 CVE-2018-12168 732 Exec Code 2018-09-12 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.
33 CVE-2018-12163 427 2018-09-12 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
34 CVE-2018-12148 732 Exec Code 2018-09-12 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
35 CVE-2018-12147 20 2019-06-13 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
36 CVE-2018-3679 Exec Code 2018-09-12 2019-10-03
8.3
None Local Network Low Not required Complete Complete Complete
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
37 CVE-2018-3672 Exec Code 2018-08-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
38 CVE-2018-3670 119 Exec Code Overflow 2018-08-01 2018-10-01
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
39 CVE-2018-3666 Exec Code Overflow 2018-08-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
40 CVE-2018-3662 Exec Code 2018-08-01 2019-10-03
7.7
None Local Network Low ??? Complete Complete Complete
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
41 CVE-2018-3657 119 Exec Code Overflow 2018-09-12 2021-05-26
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
42 CVE-2018-3612 20 2018-05-10 2018-06-18
7.2
None Local Low Not required Complete Complete Complete
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
43 CVE-2017-12865 119 DoS Exec Code Overflow 2017-08-29 2020-03-05
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
44 CVE-2017-5738 200 DoS +Info 2017-11-16 2019-10-03
6.4
None Remote Low Not required Partial None Partial
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.
45 CVE-2017-5736 269 Exec Code 2018-03-20 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.
46 CVE-2017-5727 476 2018-02-02 2018-02-16
7.2
None Local Low Not required Complete Complete Complete
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
47 CVE-2017-5719 Exec Code 2017-11-21 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
48 CVE-2017-5717 704 2017-12-12 2017-12-27
7.2
None Local Low Not required Complete Complete Complete
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
49 CVE-2017-5712 119 Exec Code Overflow 2017-11-21 2018-05-11
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
50 CVE-2017-5711 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
Total number of vulnerabilities : 82   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.