CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Intel : Security Vulnerabilities (CVSS score between 5 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-23098 835 2022-01-28 2022-09-29
5.0
None Remote Low Not required None None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
2 CVE-2022-23097 125 2022-01-28 2022-09-29
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
3 CVE-2022-23096 125 2022-01-28 2022-09-29
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
4 CVE-2022-21205 611 2022-02-09 2022-02-15
5.0
None Remote Low Not required Partial None None
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.
5 CVE-2021-45046 502 Exec Code +Info 2021-12-14 2022-10-06
5.1
None Remote High Not required Partial Partial Partial
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
6 CVE-2021-33833 787 Overflow 2021-06-09 2022-02-09
7.5
None Remote Low Not required Partial Partial Partial
ConnMan (aka Connection Manager) 1.30 through 1.39 has a stack-based buffer overflow in uncompress in dnsproxy.c via NAME, RDATA, or RDLENGTH (for A or AAAA).
7 CVE-2021-33097 367 2021-11-17 2021-11-22
6.0
None Remote Medium ??? Partial Partial Partial
Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access.
8 CVE-2021-26675 787 Exec Code Overflow 2021-02-09 2022-05-23
5.8
None Local Network Low Not required Partial Partial Partial
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.
9 CVE-2021-0194 2022-05-12 2022-07-12
6.5
None Remote Low ??? Partial Partial Partial
Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.
10 CVE-2021-0144 1188 2021-07-14 2022-02-24
7.2
None Local Low Not required Complete Complete Complete
Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.
11 CVE-2021-0126 20 2022-05-12 2022-05-21
5.2
None Local Network Low ??? Partial Partial Partial
Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.
12 CVE-2021-0114 1188 2021-08-16 2022-05-03
7.2
None Local Low Not required Complete Complete Complete
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
13 CVE-2021-0091 2022-02-09 2022-07-12
7.2
None Local Low Not required Complete Complete Complete
Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access.
14 CVE-2021-0013 20 DoS 2021-11-17 2021-11-19
5.0
None Remote Low Not required None None Partial
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access.
15 CVE-2020-24454 611 2020-11-12 2020-12-01
5.0
None Remote Low Not required Partial None None
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.
16 CVE-2020-12347 20 2020-11-12 2020-11-20
6.5
None Remote Low ??? Partial Partial Partial
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
17 CVE-2020-12339 2021-02-17 2021-02-22
6.5
None Remote Low ??? Partial Partial Partial
Insufficient control flow management in the API for the Intel(R) Collaboration Suite for WebRTC before version 4.3.1 may allow an authenticated user to potentially enable escalation of privilege via network access.
18 CVE-2020-12338 2020-11-13 2020-11-23
7.5
None Remote Low Not required Partial Partial Partial
Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
19 CVE-2020-12315 22 Dir. Trav. 2020-11-12 2020-11-20
7.5
None Remote Low Not required Partial Partial Partial
Path traversal in the Intel(R) EMA before version 1.3.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
20 CVE-2020-8758 2020-09-10 2023-05-22
7.5
None Remote Low Not required Partial Partial Partial
Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versions before 11.8.79, 11.12.79, 11.22.79, 12.0.68 and 14.0.39 may allow an unauthenticated user to potentially enable escalation of privilege via network access. On un-provisioned systems, an authenticated user may potentially enable escalation of privilege via local access.
21 CVE-2020-8754 125 2020-11-12 2023-05-22
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
22 CVE-2020-8753 125 2020-11-12 2023-05-22
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
23 CVE-2020-8752 787 2020-11-12 2023-05-22
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow an unauthenticated user to potentially enable escalation of privileges via network access.
24 CVE-2020-8749 125 2020-11-12 2023-05-22
5.8
None Local Network Low Not required Partial Partial Partial
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
25 CVE-2020-8747 125 DoS 2020-11-12 2023-05-22
6.4
None Remote Low Not required Partial None Partial
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.
26 CVE-2020-8688 20 DoS 2020-08-13 2020-08-19
5.0
None Remote Low Not required None None Partial
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access.
27 CVE-2020-8674 125 2020-06-15 2021-03-18
5.0
None Remote Low Not required Partial None None
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.
28 CVE-2020-0597 125 DoS 2020-06-15 2023-05-22
5.0
None Remote Low Not required None None Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.
29 CVE-2020-0596 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
30 CVE-2020-0595 416 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
31 CVE-2020-0594 125 2020-06-15 2021-03-18
7.5
None Remote Low Not required Partial Partial Partial
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
32 CVE-2020-0540 522 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
33 CVE-2020-0538 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.
34 CVE-2020-0536 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.
35 CVE-2020-0535 20 2020-06-15 2020-07-22
5.0
None Remote Low Not required Partial None None
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.
36 CVE-2020-0534 20 DoS 2020-06-15 2020-07-22
5.0
None Remote Low Not required None None Partial
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.
37 CVE-2019-11132 79 XSS 2019-12-18 2019-12-31
6.8
None Remote Medium Not required Partial Partial Partial
Cross site scripting in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow a privileged user to potentially enable escalation of privilege via network access.
38 CVE-2019-11131 2019-12-18 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
Logic issue in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
39 CVE-2019-11119 2019-06-13 2023-03-01
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
40 CVE-2019-11112 787 Mem. Corr. 2019-11-14 2022-03-31
7.2
None Local Low Not required Complete Complete Complete
Memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver before 26.20.100.6813 (DCH) or 26.20.100.6812 may allow an authenticated user to potentially enable escalation of privilege via local access.
41 CVE-2019-11107 20 2019-12-18 2020-01-02
7.5
None Remote Low Not required Partial Partial Partial
Insufficient input validation in the subsystem for Intel(R) AMT before version 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
42 CVE-2019-11088 20 2019-12-18 2019-12-31
5.8
None Local Network Low Not required Partial Partial Partial
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
43 CVE-2019-0173 Bypass 2019-08-19 2020-08-24
5.8
None Remote Medium Not required Partial Partial None
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access.
44 CVE-2019-0172 2019-05-17 2020-08-24
7.5
None Remote Low Not required Partial Partial Partial
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
45 CVE-2019-0169 787 DoS Overflow 2019-12-18 2020-02-11
5.8
None Local Network Low Not required Partial Partial Partial
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.
46 CVE-2019-0166 20 2019-12-18 2020-01-02
5.0
None Remote Low Not required Partial None None
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access.
47 CVE-2019-0155 2019-11-14 2022-04-22
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series; Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series; Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.
48 CVE-2019-0153 119 Overflow 2019-05-17 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
49 CVE-2019-0145 120 Overflow 2019-11-14 2023-02-24
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.
50 CVE-2019-0142 269 2019-11-14 2021-07-21
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in ilp60x64.sys driver for Intel(R) Ethernet 700 Series Controllers before version 1.33.0.0 may allow a privileged user to potentially enable escalation of privilege via local access.
Total number of vulnerabilities : 129   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.