CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2018-3665 200 +Info 2018-06-21 2021-06-09
4.7
None Local Medium Not required Complete None None
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
402 CVE-2018-3663 2018-08-01 2019-10-03
2.7
None Local Network Low ??? Partial None None
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.
403 CVE-2018-3662 Exec Code 2018-08-01 2019-10-03
7.7
None Local Network Low ??? Complete Complete Complete
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
404 CVE-2018-3661 119 DoS Overflow 2018-05-15 2018-06-19
2.1
None Local Low Not required None None Partial
Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.
405 CVE-2018-3659 2018-09-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
406 CVE-2018-3658 772 DoS 2018-09-12 2021-05-26
5.0
None Remote Low Not required None None Partial
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
407 CVE-2018-3657 119 Exec Code Overflow 2018-09-12 2021-05-26
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
408 CVE-2018-3655 2018-09-12 2019-10-03
3.6
None Local Low Not required Partial Partial None
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
409 CVE-2018-3652 200 +Info 2018-07-10 2020-04-28
4.6
None Local Low Not required Partial Partial Partial
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
410 CVE-2018-3650 20 Bypass 2018-08-01 2018-11-19
4.6
None Local Low Not required Partial Partial Partial
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
411 CVE-2018-3646 2018-08-14 2020-08-24
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
412 CVE-2018-3643 Exec Code 2018-09-12 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative privileges to uncover certain platform secrets via local access or to potentially execute arbitrary code.
413 CVE-2018-3640 203 2018-05-22 2020-08-24
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
414 CVE-2018-3639 203 Bypass 2018-05-22 2021-08-13
2.1
None Local Low Not required Partial None None
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
415 CVE-2018-3635 269 DoS 2018-11-14 2021-03-26
4.6
None Local Low Not required Partial Partial Partial
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
416 CVE-2018-3634 20 DoS 2018-05-15 2019-08-21
4.9
None Local Low Not required None None Complete
Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.
417 CVE-2018-3621 200 +Info 2018-11-14 2018-12-13
3.3
None Local Network Low Not required Partial None None
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
418 CVE-2018-3620 203 2018-08-14 2020-08-24
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
419 CVE-2018-3619 200 +Info 2018-07-10 2020-04-28
2.1
None Local Low Not required Partial None None
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
420 CVE-2018-3616 2018-09-12 2021-05-26
4.3
None Remote Medium Not required Partial None None
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
421 CVE-2018-3615 203 2018-08-14 2020-08-24
5.4
None Local Medium Not required Complete Partial None
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
422 CVE-2018-3612 20 2018-05-10 2018-06-18
7.2
None Local Low Not required Complete Complete Complete
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
423 CVE-2018-3611 20 DoS 2018-05-15 2018-06-22
4.0
None Remote Low ??? None None Partial
Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access.
424 CVE-2018-3610 119 DoS Overflow 2018-01-09 2019-10-03
3.6
None Local Low Not required Partial None Partial
SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition.
425 CVE-2017-12865 119 DoS Exec Code Overflow 2017-08-29 2020-03-05
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
426 CVE-2017-5927 200 +Info 2017-02-27 2017-03-02
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
427 CVE-2017-5926 200 +Info 2017-02-27 2017-03-02
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
428 CVE-2017-5925 200 +Info 2017-02-27 2017-03-02
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
429 CVE-2017-5754 200 +Info 2018-01-04 2021-11-19
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
430 CVE-2017-5753 203 2018-01-04 2021-11-23
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
431 CVE-2017-5738 200 DoS +Info 2017-11-16 2019-10-03
6.4
None Remote Low Not required Partial None Partial
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.
432 CVE-2017-5736 269 Exec Code 2018-03-20 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.
433 CVE-2017-5727 476 2018-02-02 2018-02-16
7.2
None Local Low Not required Complete Complete Complete
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
434 CVE-2017-5719 Exec Code 2017-11-21 2019-10-03
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
435 CVE-2017-5717 704 2017-12-12 2017-12-27
7.2
None Local Low Not required Complete Complete Complete
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
436 CVE-2017-5715 203 2018-01-04 2021-08-16
1.9
None Local Medium Not required Partial None None
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
437 CVE-2017-5712 119 Exec Code Overflow 2017-11-21 2018-05-11
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
438 CVE-2017-5711 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
439 CVE-2017-5710 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
440 CVE-2017-5709 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
441 CVE-2017-5708 2017-11-21 2019-10-03
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
442 CVE-2017-5707 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
443 CVE-2017-5706 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
444 CVE-2017-5705 119 Exec Code Overflow 2017-11-21 2018-05-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
445 CVE-2017-5704 522 2018-07-10 2019-10-03
2.1
None Local Low Not required Partial None None
Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges.
446 CVE-2017-5703 269 DoS 2018-04-03 2019-10-03
3.6
None Local Low Not required None Partial Partial
Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service.
447 CVE-2017-5698 2017-09-05 2019-10-03
4.9
None Local Low Not required None Complete None
Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology firmware versions 11.0.25.3001 and 11.0.26.3000 anti-rollback will not prevent upgrading to firmware version 11.6.x.1xxx which is vulnerable to CVE-2017-5689 and can be performed by a local user with administrative privileges.
448 CVE-2017-5697 20 2017-06-14 2017-06-27
4.3
None Remote Medium Not required None Partial None
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.
449 CVE-2017-5696 426 2018-01-18 2018-02-07
6.8
None Remote Medium Not required Partial Partial Partial
Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, and 21.20.x.x allows unprivileged user to elevate privileges via local access.
450 CVE-2017-5692 125 DoS 2018-08-01 2018-10-11
2.1
None Local Low Not required None None Partial
Out-of-bounds read condition in older versions of some Intel Graphics Driver for Windows code branches allows local users to perform a denial of service attack.
Total number of vulnerabilities : 503   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.