| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-23098 |
835 |
|
|
2022-01-28 |
2022-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received. |
|
2 |
CVE-2022-21205 |
611 |
|
|
2022-02-09 |
2022-02-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
3 |
CVE-2021-45046 |
502 |
|
Exec Code +Info |
2021-12-14 |
2022-10-06 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default. |
|
4 |
CVE-2021-26675 |
787 |
|
Exec Code Overflow |
2021-02-09 |
2022-05-23 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. |
|
5 |
CVE-2021-0126 |
20 |
|
|
2022-05-12 |
2022-05-21 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. |
|
6 |
CVE-2021-0013 |
20 |
|
DoS |
2021-11-17 |
2021-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. |
|
7 |
CVE-2020-24454 |
611 |
|
|
2020-11-12 |
2020-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. |
|
8 |
CVE-2020-8754 |
125 |
|
|
2020-11-12 |
2020-11-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
9 |
CVE-2020-8753 |
125 |
|
|
2020-11-12 |
2020-11-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
10 |
CVE-2020-8749 |
125 |
|
|
2020-11-12 |
2020-11-18 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
|
11 |
CVE-2020-8688 |
20 |
|
DoS |
2020-08-13 |
2020-08-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticated user to potentially enable denial of service via network access. |
|
12 |
CVE-2020-8674 |
125 |
|
|
2020-06-15 |
2021-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
13 |
CVE-2020-0597 |
125 |
|
DoS |
2020-06-15 |
2021-03-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access. |
|
14 |
CVE-2020-0596 |
20 |
|
|
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
15 |
CVE-2020-0540 |
522 |
|
|
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
16 |
CVE-2020-0538 |
20 |
|
DoS |
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access. |
|
17 |
CVE-2020-0536 |
20 |
|
|
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
18 |
CVE-2020-0535 |
20 |
|
|
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
19 |
CVE-2020-0534 |
20 |
|
DoS |
2020-06-15 |
2020-07-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access. |
|
20 |
CVE-2019-11088 |
20 |
|
|
2019-12-18 |
2019-12-31 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient input validation in subsystem in Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
|
21 |
CVE-2019-0173 |
|
|
Bypass |
2019-08-19 |
2020-08-24 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Authentication bypass in the web console for Intel(R) Raid Web Console 2 all versions may allow an unauthenticated attacker to potentially enable disclosure of information via network access. |
|
22 |
CVE-2019-0169 |
787 |
|
DoS Overflow |
2019-12-18 |
2020-02-11 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. |
|
23 |
CVE-2019-0166 |
20 |
|
|
2019-12-18 |
2020-01-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Insufficient input validation in the subsystem for Intel(R) AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. |
|
24 |
CVE-2019-0140 |
120 |
|
Overflow |
2019-11-14 |
2021-05-03 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in firmware for Intel(R) Ethernet 700 Series Controllers before version 7.0 may allow an unauthenticated user to potentially enable an escalation of privilege via an adjacent access. |
|
25 |
CVE-2019-0132 |
|
|
DoS |
2019-05-17 |
2022-04-27 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Data Corruption in Intel Unite(R) Client before version 3.3.176.13 may allow an unauthenticated user to potentially cause a denial of service via network access. |
|
26 |
CVE-2019-0102 |
384 |
|
|
2019-02-18 |
2020-07-28 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
|
Insufficient session authentication in web server for Intel(R) Data Center Manager SDK before version 5.0.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. |
|
27 |
CVE-2019-0096 |
787 |
|
|
2019-05-17 |
2019-06-20 |
5.2 |
None |
Local Network |
Low |
??? |
Partial |
Partial |
Partial |
|
Out of bound write vulnerability in subsystem for Intel(R) AMT before versions 11.8.65, 11.11.65, 11.22.65, 12.0.35 may allow an authenticated user to potentially enable escalation of privilege via adjacent network access. |
|
28 |
CVE-2018-12187 |
20 |
|
DoS |
2019-03-14 |
2019-04-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. |
|
29 |
CVE-2018-12158 |
200 |
|
DoS +Info |
2018-10-10 |
2019-10-03 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. |
|
30 |
CVE-2018-3658 |
772 |
|
DoS |
2018-09-12 |
2021-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access. |
|
31 |
CVE-2018-3615 |
203 |
|
|
2018-08-14 |
2020-08-24 |
5.4 |
None |
Local |
Medium |
Not required |
Complete |
Partial |
None |
|
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. |
|
32 |
CVE-2017-5927 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
33 |
CVE-2017-5926 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
34 |
CVE-2017-5925 |
200 |
|
+Info |
2017-02-27 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. |
|
35 |
CVE-2017-5681 |
|
|
|
2017-03-07 |
2019-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. |
|
36 |
CVE-2016-5672 |
310 |
|
+Info |
2016-08-01 |
2018-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. |
|
37 |
CVE-2014-8272 |
|
1
|
Exec Code |
2014-12-19 |
2015-02-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. |
|
38 |
CVE-2007-5938 |
189 |
|
DoS |
2007-12-06 |
2017-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization. |
|
39 |
CVE-2007-0661 |
|
|
DoS |
2007-02-01 |
2011-03-08 |
5.4 |
None |
Local Network |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. |
|
40 |
CVE-2006-3992 |
|
|
Exec Code Mem. Corr. |
2006-08-05 |
2011-03-08 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption. |
|
41 |
CVE-2004-2600 |
|
|
+Info |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. |
|
42 |
CVE-2000-0989 |
|
|
DoS Exec Code Overflow |
2000-12-19 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. |
|
43 |
CVE-2000-0882 |
|
|
DoS |
2000-11-14 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed ICMP packet, which causes the CPU to crash. |
|
44 |
CVE-2000-0764 |
|
|
DoS |
2000-10-20 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. |
|
45 |
CVE-2000-0451 |
|
|
DoS |
2000-05-19 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. |
|
46 |
CVE-1999-1566 |
|
|
DoS Overflow |
1999-05-08 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters. |
