| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-24436 |
203 |
|
|
2022-06-15 |
2022-06-28 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. |
|
2 |
CVE-2022-23098 |
835 |
|
|
2022-01-28 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. |
|
3 |
CVE-2022-23097 |
125 |
|
|
2022-01-28 |
2022-09-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read. |
|
4 |
CVE-2022-23096 |
125 |
|
|
2022-01-28 |
2022-09-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read. |
|
5 |
CVE-2022-22139 |
427 |
|
|
2022-05-12 |
2022-05-23 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
6 |
CVE-2022-21226 |
125 |
|
|
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. |
|
7 |
CVE-2022-21220 |
611 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
8 |
CVE-2022-21218 |
755 |
|
|
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. |
|
9 |
CVE-2022-21205 |
611 |
|
|
2022-02-09 |
2022-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
10 |
CVE-2022-21204 |
276 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
11 |
CVE-2022-21203 |
281 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
12 |
CVE-2022-21174 |
863 |
|
|
2022-02-09 |
2022-02-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
13 |
CVE-2022-21166 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
14 |
CVE-2022-21157 |
863 |
|
|
2022-02-09 |
2022-02-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. |
|
15 |
CVE-2022-21156 |
824 |
|
DoS |
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. |
|
16 |
CVE-2022-21153 |
863 |
|
|
2022-02-09 |
2022-02-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. |
|
17 |
CVE-2022-21133 |
125 |
|
DoS |
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. |
|
18 |
CVE-2022-21128 |
269 |
|
|
2022-05-12 |
2022-05-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
19 |
CVE-2022-21127 |
459 |
|
|
2022-06-15 |
2023-01-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
20 |
CVE-2022-21125 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
21 |
CVE-2022-21123 |
459 |
|
|
2022-06-15 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|
22 |
CVE-2022-0002 |
|
|
|
2022-03-11 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
|
23 |
CVE-2022-0001 |
|
|
|
2022-03-11 |
2022-08-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. |
|
24 |
CVE-2021-45046 |
502 |
|
Exec Code +Info |
2021-12-14 |
2022-10-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. |
|
25 |
CVE-2021-44454 |
20 |
|
|
2022-02-09 |
2022-02-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
26 |
CVE-2021-33833 |
787 |
|
Overflow |
2021-06-09 |
2022-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA). |
|
27 |
CVE-2021-33166 |
276 |
|
|
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. |
|
28 |
CVE-2021-33150 |
|
|
|
2022-03-11 |
2022-03-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
|
29 |
CVE-2021-33147 |
754 |
|
|
2022-02-09 |
2022-02-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. |
|
30 |
CVE-2021-33137 |
787 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
31 |
CVE-2021-33135 |
400 |
|
DoS |
2022-05-12 |
2022-05-24 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access. |
|
32 |
CVE-2021-33129 |
276 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
33 |
CVE-2021-33119 |
|
|
|
2022-02-09 |
2022-07-12 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. |
|
34 |
CVE-2021-33118 |
863 |
|
|
2021-11-17 |
2021-11-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
35 |
CVE-2021-33108 |
20 |
|
|
2022-05-12 |
2022-05-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access. |
|
36 |
CVE-2021-33107 |
522 |
|
|
2022-02-09 |
2022-07-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. |
|
37 |
CVE-2021-33106 |
190 |
|
Overflow |
2021-11-17 |
2021-11-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
38 |
CVE-2021-33101 |
427 |
|
|
2022-02-09 |
2022-02-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
39 |
CVE-2021-33097 |
367 |
|
|
2021-11-17 |
2021-11-22 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. |
|
40 |
CVE-2021-33073 |
400 |
|
DoS |
2021-11-17 |
2021-11-22 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. |
|
41 |
CVE-2021-33071 |
276 |
|
|
2021-11-17 |
2021-11-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
42 |
CVE-2021-33068 |
476 |
|
DoS |
2022-02-09 |
2022-02-15 |
4.0 |
None |
Remote |
Low |
??? |
None |
None |
Partial |
|
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. |
|
43 |
CVE-2021-33062 |
276 |
|
|
2021-11-17 |
2021-11-22 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |
|
44 |
CVE-2021-33059 |
20 |
|
|
2021-11-17 |
2021-12-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. |
|
45 |
CVE-2021-33058 |
863 |
|
|
2021-11-17 |
2021-12-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access. |
|
46 |
CVE-2021-26676 |
|
|
+Info |
2021-02-09 |
2022-05-06 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. |
|
47 |
CVE-2021-26675 |
787 |
|
Exec Code Overflow |
2021-02-09 |
2022-05-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
|
48 |
CVE-2021-26314 |
668 |
|
|
2021-06-09 |
2022-06-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. |
|
49 |
CVE-2021-26313 |
203 |
|
Exec Code Bypass |
2021-06-09 |
2022-08-01 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Potential speculative code store bypass in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution of overwritten instructions, may cause an incorrect speculation and could result in data leakage. |
|
50 |
CVE-2021-26258 |
|
|
|
2022-05-12 |
2022-07-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. |
