CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2018-12192 287 Bypass 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.
352 CVE-2018-12191 119 Exec Code Overflow 2019-03-14 2020-09-10
7.2
None Local Low Not required Complete Complete Complete
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
353 CVE-2018-12190 20 2019-03-14 2019-05-01
4.6
None Local Low Not required Partial Partial Partial
Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access.
354 CVE-2018-12189 754 2019-03-14 2019-10-03
2.1
None Local Low Not required None Partial None
Unhandled exception in Content Protection subsystem in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before 3.1.60 or 4.0.10 may allow privileged user to potentially modify data via local access.
355 CVE-2018-12188 20 2019-03-14 2019-03-21
2.1
None Local Low Not required None Partial None
Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access.
356 CVE-2018-12187 20 DoS 2019-03-14 2019-04-23
5.0
None Remote Low Not required None None Partial
Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access.
357 CVE-2018-12185 20 Exec Code 2019-03-14 2019-03-21
4.6
None Local Low Not required Partial Partial Partial
Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
358 CVE-2018-12175 276 2018-09-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access.
359 CVE-2018-12174 787 Overflow 2018-11-14 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access.
360 CVE-2018-12169 287 Bypass 2018-09-21 2018-12-20
4.6
None Local Low Not required Partial Partial Partial
Platform sample code firmware in 4th Generation Intel Core Processor, 5th Generation Intel Core Processor, 6th Generation Intel Core Processor, 7th Generation Intel Core Processor and 8th Generation Intel Core Processor contains a logic error which may allow physical attacker to potentially bypass firmware authentication.
361 CVE-2018-12168 732 Exec Code 2018-09-12 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in file permissions in Intel Computing Improvement Program before version 2.2.0.03942 may allow an authenticated user to potentially execute code as administrator via local access.
362 CVE-2018-12163 427 2018-09-12 2019-10-03
6.8
None Remote Medium Not required Partial Partial Partial
A DLL injection vulnerability in the Intel IoT Developers Kit 4.0 installer may allow an authenticated user to potentially escalate privileges using file modification via local access.
363 CVE-2018-12162 732 Exec Code 2018-09-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Directory permissions in the Intel OpenVINO Toolkit for Windows before version 2018.1.265 may allow an authenticated user to potentially execute code using default directory permissions via local access.
364 CVE-2018-12161 200 +Info 2018-10-10 2019-01-24
4.3
None Remote Medium Not required Partial None None
Insufficient session validation in the webserver component of the Intel Rapid Web Server 3 may allow an unauthenticated user to potentially disclose information via network access.
365 CVE-2018-12160 427 Exec Code 2018-09-12 2020-08-24
4.6
None Local Low Not required Partial Partial Partial
DLL injection vulnerability in software installer for Intel Data Center Migration Center Software v3.1 and before may allow an authenticated user to potentially execute code using default directory permissions via local access.
366 CVE-2018-12159 119 DoS Overflow 2019-02-18 2019-02-20
2.1
None Local Low Not required None None Partial
Buffer overflow in the command-line interface for Intel(R) PROSet Wireless v20.50 and before may allow an authenticated user to potentially enable denial of service via local access.
367 CVE-2018-12158 200 DoS +Info 2018-10-10 2019-10-03
5.6
None Local Low Not required Partial None Complete
Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access.
368 CVE-2018-12155 200 +Info 2018-12-05 2019-10-03
2.1
None Local Low Not required Partial None None
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
369 CVE-2018-12154 835 DoS 2018-10-15 2019-10-30
2.1
None Local Low Not required None None Partial
Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user to potentially create an infinite loop and crash an application via local access.
370 CVE-2018-12153 20 DoS 2018-10-10 2019-10-30
4.9
None Local Low Not required None None Complete
Denial of Service in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unprivileged user from a virtual machine guest to potentially crash the host system via local access.
371 CVE-2018-12152 119 Exec Code Overflow 2018-10-10 2019-10-30
4.6
None Local Low Not required Partial Partial Partial
Pointer corruption in Unified Shader Compiler in Intel Graphics Drivers before 10.18.x.5056 (aka 15.33.x.5056), 10.18.x.5057 (aka 15.36.x.5057) and 20.19.x.5058 (aka 15.40.x.5058) may allow an unauthenticated remote user to potentially execute arbitrary WebGL code via local access.
372 CVE-2018-12151 119 DoS Overflow 2018-09-12 2018-10-30
2.1
None Local Low Not required None None Partial
Buffer overflow in installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially cause a buffer overflow potentially leading to a denial of service via local access.
373 CVE-2018-12150 119 Exec Code Overflow 2018-09-12 2018-11-07
4.6
None Local Low Not required Partial Partial Partial
Escalation of privilege in Installer for Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially execute code or disclose information as administrator via local access.
374 CVE-2018-12149 119 Overflow 2018-09-12 2018-11-07
2.1
None Local Low Not required None None Partial
Buffer overflow in input handling in Intel Extreme Tuning Utility before 6.4.1.21 may allow an authenticated user to potentially deny service to the application via local access.
375 CVE-2018-12148 732 Exec Code 2018-09-12 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in file permissions in Intel Driver and Support Assistant before 3.5.0.1 may allow an authenticated user to potentially execute code as administrator via local access.
376 CVE-2018-12147 20 2019-06-13 2020-08-24
7.2
None Local Low Not required Complete Complete Complete
Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, IntelĀ® Server Platform Services before version 4.0 and IntelĀ® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access.
377 CVE-2018-12131 732 2018-10-10 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Permissions in the driver pack installers for Intel NVMe before version 4.0.0.1007 and Intel RSTe before version 4.7.0.2083 may allow an authenticated user to potentially escalate privilege via local access.
378 CVE-2018-10932 119 Overflow 2018-08-21 2019-10-09
3.3
None Local Network Low Not required None Partial None
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal.
379 CVE-2018-9056 200 +Info 2018-03-27 2020-05-05
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope.
380 CVE-2018-3705 732 DoS 2018-12-14 2019-10-03
2.1
None Local Low Not required None None Partial
Improper directory permissions in the installer for the Intel(R) System Defense Utility (all versions) may allow authenticated users to potentially enable a denial of service via local access.
381 CVE-2018-3704 732 2018-12-14 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Improper directory permissions in the installer for the Intel Parallel Studio before 2019 Gold may allow authenticated users to potentially enable an escalation of privilege via local access.
382 CVE-2018-3701 732 2019-05-17 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Improper directory permissions in the installer for Intel(R) PROSet/Wireless WiFi Software version 20.100 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access.
383 CVE-2018-3699 79 XSS 2018-11-14 2018-12-31
4.3
None Remote Medium Not required None Partial None
Cross-site scripting in the Intel RAID Web Console v3 for Windows may allow an unauthenticated user to elevate privilege via remote access.
384 CVE-2018-3698 +Priv 2018-11-14 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.
385 CVE-2018-3697 732 2018-11-14 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.
386 CVE-2018-3696 287 +Priv Bypass 2018-11-14 2018-12-31
2.1
None Local Low Not required Partial None None
Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access.
387 CVE-2018-3693 Overflow 2018-07-10 2021-11-19
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
388 CVE-2018-3691 2018-06-05 2019-10-03
1.9
None Local Medium Not required Partial None None
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
389 CVE-2018-3688 428 Exec Code 2018-07-10 2018-09-06
4.6
None Local Low Not required Partial Partial Partial
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
390 CVE-2018-3687 428 Exec Code 2018-07-10 2018-09-05
4.6
None Local Low Not required Partial Partial Partial
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
391 CVE-2018-3686 94 Exec Code 2018-09-12 2018-11-07
4.6
None Local Low Not required Partial Partial Partial
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.
392 CVE-2018-3684 428 Exec Code 2018-07-10 2018-09-05
4.6
None Local Low Not required Partial Partial Partial
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
393 CVE-2018-3683 428 Exec Code 2018-07-10 2018-09-05
4.6
None Local Low Not required Partial Partial Partial
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
394 CVE-2018-3679 Exec Code 2018-09-12 2019-10-03
8.3
None Local Network Low Not required Complete Complete Complete
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
395 CVE-2018-3672 Exec Code 2018-08-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
396 CVE-2018-3671 2018-08-01 2019-10-03
2.7
None Local Network Low ??? Partial None None
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.
397 CVE-2018-3670 119 Exec Code Overflow 2018-08-01 2018-10-01
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
398 CVE-2018-3668 428 Exec Code 2018-07-10 2018-09-05
4.6
None Local Low Not required Partial Partial Partial
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
399 CVE-2018-3667 1188 Exec Code 2018-07-10 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.
400 CVE-2018-3666 Exec Code Overflow 2018-08-01 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
Total number of vulnerabilities : 503   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.