CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-5927 200 +Info 2017-02-27 2017-03-01
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
2 CVE-2017-5926 200 +Info 2017-02-27 2017-03-01
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
3 CVE-2017-5925 200 +Info 2017-02-27 2017-03-01
5.0
None Remote Low Not required Partial None None
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR.
4 CVE-2017-5754 200 +Info 2018-01-04 2018-01-12
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
5 CVE-2017-5753 200 +Info 2018-01-04 2018-01-12
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
6 CVE-2017-5738 264 DoS 2017-11-16 2017-12-04
6.4
None Remote Low Not required Partial None Partial
Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.
7 CVE-2017-5729 19 2017-11-21 2017-12-12
5.8
None Remote Medium Not required None Partial Partial
Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and Tri-Band Wireless-AC Products allows remote attacker to replay frames via channel-based man-in-the-middle.
8 CVE-2017-5722 264 Bypass 2017-10-10 2017-11-03
4.4
None Local Medium Not required Partial Partial Partial
Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.
9 CVE-2017-5721 20 Exec Code 2017-10-10 2017-11-03
4.4
None Local Medium Not required Partial Partial Partial
Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory.
10 CVE-2017-5719 284 Exec Code 2017-11-21 2017-12-08
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
11 CVE-2017-5717 704 2017-12-12 2017-12-27
7.2
None Local Low Not required Complete Complete Complete
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
12 CVE-2017-5715 200 +Info 2018-01-04 2018-01-12
4.7
None Local Medium Not required Complete None None
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
13 CVE-2017-5712 119 Exec Code Overflow 2017-11-21 2017-12-20
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege.
14 CVE-2017-5711 119 Exec Code Overflow 2017-11-21 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
15 CVE-2017-5710 264 2017-11-21 2017-12-29
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
16 CVE-2017-5709 264 2017-11-21 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
17 CVE-2017-5708 264 2017-11-21 2017-12-29
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
18 CVE-2017-5707 119 Exec Code Overflow 2017-11-21 2017-12-29
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
19 CVE-2017-5706 119 Exec Code Overflow 2017-11-21 2017-12-20
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
20 CVE-2017-5705 119 Exec Code Overflow 2017-11-21 2017-12-29
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
21 CVE-2017-5701 264 2017-10-10 2017-11-03
4.4
None Local Medium Not required Partial Partial Partial
Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.
22 CVE-2017-5700 255 Bypass 2017-10-10 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
23 CVE-2017-5697 20 2017-06-14 2017-06-27
4.3
None Remote Medium Not required None Partial None
Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page.
24 CVE-2017-5695 20 DoS 2017-08-09 2017-08-25
2.1
None Local Low Not required None None Partial
Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF036P, LBF010P, LSMG200, LSF031E, LSF036E, LSMG100, LSF031E, LSF036E, LSDG200, LSF031D, LSF036D allows local users to cause a denial of service via unspecified vectors.
25 CVE-2017-5694 19 DoS 2017-08-09 2017-08-21
4.9
None Local Low Not required None None Complete
Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.
26 CVE-2017-5691 264 2017-07-26 2017-09-15
9.3
None Remote Medium Not required Complete Complete Complete
Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system state.
27 CVE-2017-5689 264 +Priv 2017-05-02 2017-11-09
10.0
None Remote Low Not required Complete Complete Complete
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
28 CVE-2017-5688 264 Exec Code 2017-05-31 2017-06-09
7.2
None Local Low Not required Complete Complete Complete
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.
29 CVE-2017-5686 284 2017-04-03 2017-04-11
2.1
None Local Low Not required Partial None None
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information.
30 CVE-2017-5685 284 2017-04-03 2017-04-11
2.1
None Local Low Not required Partial None None
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.
31 CVE-2017-5684 284 2017-04-03 2017-04-11
2.1
None Local Low Not required Partial None None
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information.
32 CVE-2017-5683 264 +Priv 2017-04-04 2017-04-11
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.
33 CVE-2017-5682 264 2017-02-28 2017-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.
34 CVE-2017-5681 320 2017-03-07 2017-03-09
5.0
None Remote Low Not required Partial None None
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.
35 CVE-2016-8106 20 DoS 2017-01-09 2017-07-26
4.3
None Remote Medium Not required None None Partial
A Denial of Service in Intel Ethernet Controller's X710/XL710 with Non-Volatile Memory Images before version 5.05 allows a remote attacker to stop the controller from processing network traffic working under certain network use conditions.
36 CVE-2016-8105 DoS 2017-02-27 2017-03-02
6.1
None Local Network Low Not required None None Complete
Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations.
37 CVE-2016-8104 119 DoS Overflow 2016-12-08 2016-12-27
2.1
None Local Low Not required None None Partial
Buffer overflow in Intel PROSet/Wireless Software and Drivers in versions before 19.20.3 allows a local user to crash iframewrk.exe causing a potential denial of service.
38 CVE-2016-8103 264 2016-12-08 2016-12-27
6.8
None Local Low Single system Complete Complete Complete
SMM call out in all Intel Branded NUC Kits allows a local privileged user to access the System Management Mode and take full control of the platform.
39 CVE-2016-8102 264 2016-12-08 2016-12-22
7.2
None Local Low Not required Complete Complete Complete
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
40 CVE-2016-8101 264 +Priv 2016-10-10 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
41 CVE-2016-8100 200 +Info 2016-10-10 2016-12-02
2.1
None Local Low Not required Partial None None
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
42 CVE-2016-5672 20 +Info 2016-07-31 2016-08-16
5.8
None Remote Medium Not required Partial Partial None
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate.
43 CVE-2016-5647 264 DoS +Priv 2016-12-13 2016-12-22
4.6
None Local Low Not required Partial Partial Partial
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request.
44 CVE-2016-1493 345 Exec Code 2016-01-29 2016-02-25
7.6
None Remote High Not required Complete Complete Complete
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
45 CVE-2015-2291 20 DoS Exec Code 2017-08-09 2017-08-24
7.2
None Local Low Not required Complete Complete Complete
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
46 CVE-2014-8272 1 Exec Code 2014-12-19 2015-02-05
5.0
None Remote Low Not required None Partial None
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
47 CVE-2014-3735 119 DoS Overflow 2014-05-19 2014-06-03
4.3
None Remote Medium Not required None None Partial
ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.
48 CVE-2014-2536 22 Dir. Trav. 2014-03-18 2014-04-01
4.3
None Remote Medium Not required Partial None None
Directory traversal vulnerability in McAfee Cloud Identity Manager 3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1, and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote authenticated users to read an unspecified file containing a hash of the administrator password via unknown vectors.
49 CVE-2013-5740 Exec Code Bypass 2013-09-12 2014-07-11
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) before 1.2, as used by the Intel QM77, QS77, Q77 Express, C216, Q67 Express, C202, C204, and C206 chipsets and Mobile Intel QM67 and QS67 chipsets, when the measured launch environment (MLE) is invoked, allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.
50 CVE-2013-4786 255 2013-07-08 2016-08-22
7.8
None Remote Low Not required Complete None None
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Total number of vulnerabilities : 100   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.