CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Intel : Security Vulnerabilities (CVSS score between 7 and 7.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-11119 20 2019-06-13 2019-06-24
7.5
None Remote Low Not required Partial Partial Partial
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.
2 CVE-2019-0172 264 2019-05-17 2019-05-20
7.5
None Remote Low Not required Partial Partial Partial
A logic issue in Intel Unite(R) Client for Android prior to version 4.0 may allow a remote attacker to potentially enable escalation of privilege via network access.
3 CVE-2019-0153 119 Overflow 2019-05-17 2019-05-28
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in subsystem in Intel(R) CSME 12.0.0 through 12.0.34 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
4 CVE-2019-0126 264 DoS 2019-05-17 2019-06-06
7.2
None Local Low Not required Complete Complete Complete
Insufficient access control in silicon reference firmware for Intel(R) Xeon(R) Scalable Processor, Intel(R) Xeon(R) Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
5 CVE-2019-0119 119 DoS Overflow 2019-05-17 2019-06-06
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow vulnerability in system firmware for Intel(R) Xeon(R) Processor D Family, Intel(R) Xeon(R) Scalable Processor, Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access.
6 CVE-2019-0098 264 2019-05-17 2019-06-19
7.2
None Local Low Not required Complete Complete Complete
Logic bug vulnerability in subsystem for Intel(R) CSME before version 12.0.35, Intel(R) TXE before 3.1.65, 4.0.15 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
7 CVE-2018-12220 264 Exec Code 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
8 CVE-2018-12216 20 Exec Code 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access.
9 CVE-2018-12214 119 Exec Code Overflow Mem. Corr. 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Potential memory corruption in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access.
10 CVE-2018-12205 264 2019-03-14 2019-04-29
7.2
None Local Low Not required Complete Complete Complete
Improper certificate validation in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core(tm) Processor, 7th Generation Intel(R) Core(tm) Processor may allow an unauthenticated user to potentially enable an escalation of privilege via physical access.
11 CVE-2018-12204 264 2019-03-14 2019-04-30
7.2
None Local Low Not required Complete Complete Complete
Improper memory initialization in Platform Sample/Silicon Reference firmware Intel(R) Server Board, Intel(R) Server System and Intel(R) Compute Module may allow privileged user to potentially enable an escalation of privilege via local access.
12 CVE-2018-12203 264 DoS Exec Code 2019-03-14 2019-04-03
7.2
None Local Low Not required Complete Complete Complete
Denial of service vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel Core Processor, 7th Generation Intel Core Processor may allow privileged user to potentially execute arbitrary code via local access.
13 CVE-2018-12202 264 2019-03-14 2019-04-03
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation vulnerability in Platform Sample/ Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor may allow privileged user to potentially leverage existing features via local access.
14 CVE-2018-12201 119 Exec Code Overflow 2019-03-14 2019-04-03
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow vulnerability in Platform Sample / Silicon Reference firmware for 8th Generation Intel(R) Core Processor, 7th Generation Intel(R) Core Processor, Intel(R) Pentium(R) Silver J5005 Processor, Intel(R) Pentium(R) Silver N5000 Processor, Intel(R) Celeron(R) J4105 Processor, Intel(R) Celeron(R) J4005 Processor, Intel Celeron(R) N4100 Processor and Intel(R) Celeron N4000 Processor may allow privileged user to potentially execute arbitrary code via local access.
15 CVE-2018-12199 119 Exec Code Overflow 2019-03-14 2019-04-23
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in an OS component in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 and Intel TXE version before 3.1.60 or 4.0.10 may allow a privileged user to potentially execute arbitrary code via physical access.
16 CVE-2018-12192 287 Bypass 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Logic bug in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before version SPS_E5_04.00.04.393.0 may allow an unauthenticated user to potentially bypass MEBx authentication via physical access.
17 CVE-2018-12191 264 Exec Code 2019-03-14 2019-04-04
7.2
None Local Low Not required Complete Complete Complete
Bounds check in Kernel subsystem in Intel CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20, or Intel(R) Server Platform Services before versions 4.00.04.383 or SPS 4.01.02.174, or Intel(R) TXE before versions 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially execute arbitrary code via physical access.
18 CVE-2018-3669 254 2018-09-12 2019-01-11
7.8
None Remote Low Not required None None Complete
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network.
19 CVE-2018-3657 119 Exec Code Overflow 2018-09-12 2018-12-20
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
20 CVE-2018-3641 264 2018-04-03 2018-05-15
7.5
None Remote Low Not required Partial Partial Partial
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
21 CVE-2018-3638 264 Exec Code 2018-04-03 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.
22 CVE-2018-3632 119 Overflow Mem. Corr. 2018-07-10 2019-03-28
7.2
None Local Low Not required Complete Complete Complete
Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.
23 CVE-2018-3612 20 2018-05-10 2018-06-18
7.2
None Local Low Not required Complete Complete Complete
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
24 CVE-2017-5727 476 2018-02-02 2018-02-16
7.2
None Local Low Not required Complete Complete Complete
Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, 15.45.x.x, 15.46.x.x allows unprivileged user to elevate privileges via local access.
25 CVE-2017-5719 284 Exec Code 2017-11-21 2017-12-08
7.5
None Remote Low Not required Partial Partial Partial
A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.
26 CVE-2017-5717 704 2017-12-12 2017-12-27
7.2
None Local Low Not required Complete Complete Complete
Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.
27 CVE-2017-5711 119 Exec Code Overflow 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
28 CVE-2017-5710 264 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector.
29 CVE-2017-5709 264 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector.
30 CVE-2017-5708 264 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector.
31 CVE-2017-5707 119 Exec Code Overflow 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Trusted Execution Engine Firmware 3.0 allow attacker with local access to the system to execute arbitrary code.
32 CVE-2017-5706 119 Exec Code Overflow 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Server Platform Services Firmware 4.0 allow attacker with local access to the system to execute arbitrary code.
33 CVE-2017-5705 119 Exec Code Overflow 2017-11-21 2018-05-10
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code.
34 CVE-2017-5700 255 Bypass 2017-10-10 2017-11-03
7.2
None Local Low Not required Complete Complete Complete
Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.
35 CVE-2017-5693 400 DoS 2018-07-31 2018-10-03
7.8
None Remote Low Not required None None Complete
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network attacker to create a denial of service via crafted network traffic.
36 CVE-2017-5688 264 Exec Code 2017-05-31 2017-06-09
7.2
None Local Low Not required Complete Complete Complete
There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.
37 CVE-2017-5683 264 +Priv 2017-04-04 2017-04-11
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.
38 CVE-2016-8102 264 2016-12-08 2016-12-22
7.2
None Local Low Not required Complete Complete Complete
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges.
39 CVE-2016-8101 264 +Priv 2016-10-10 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.
40 CVE-2016-1493 345 Exec Code 2016-01-29 2018-10-09
7.6
None Remote High Not required Complete Complete Complete
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
41 CVE-2015-2291 20 DoS Exec Code 2017-08-09 2017-08-24
7.2
None Local Low Not required Complete Complete Complete
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
42 CVE-2013-4786 255 2013-07-08 2018-05-09
7.8
None Remote Low Not required Complete None None
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
43 CVE-2013-4219 189 DoS Exec Code Overflow 2013-08-24 2013-08-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in the Intel WiMAX Network Service through 1.5.2 for Intel Wireless WiMAX Connection 2400 devices allow remote attackers to cause a denial of service (component crash) or possibly execute arbitrary code via an L5 connection with a crafted PDU value that triggers a heap-based buffer overflow within (1) L5SocketsDispatcher.c or (2) L5Connector.c.
44 CVE-2011-5174 119 Exec Code Overflow Bypass 2012-09-15 2017-11-09
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT Authenticated Code Modules (ACM) in Intel Q67 Express, C202, C204, C206 Chipsets, and Mobile Intel QM67, and QS67 Chipset before 2nd_gen_i5_i7_SINIT_51.BIN Express; Intel Q57, 3450 Chipsets and Mobile Intel QM57 and QS57 Express Chipset before i5_i7_DUAL_SINIT_51.BIN and i7_QUAD_SINIT_51.BIN; Mobile Intel GM45, GS45, and PM45 Express Chipset before GM45_GS45_PM45_SINIT_51.BIN; Intel Q35 Express Chipsets before Q35_SINIT_51.BIN; and Intel 5520, 5500, X58, and 7500 Chipsets before SINIT ACM 1.1 allows local users to bypass the Trusted Execution Technology protection mechanism and perform other unspecified SINIT ACM functions via unspecified vectors.
45 CVE-2011-2604 399 DoS 2011-06-30 2011-07-12
7.1
None Remote Medium Not required None None Complete
The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote attackers to cause a denial of service (system crash) via a crafted web page that is visited with Google Chrome or Mozilla Firefox, as demonstrated by the lots-of-polys-example.html test page in the Khronos WebGL SDK.
46 CVE-2009-4419 16 Exec Code +Priv Bypass 2009-12-24 2017-08-16
7.2
Admin Local Low Not required Complete Complete Complete
Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded.
47 CVE-2009-1385 189 DoS 2009-06-04 2018-10-10
7.8
None Remote Low Not required None None Complete
Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.
48 CVE-2009-0066 Bypass 2009-01-07 2009-01-08
7.6
Admin Remote High Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Intel system software for Trusted Execution Technology (TXT) allow attackers to bypass intended loader integrity protections, as demonstrated by exploitation of tboot. NOTE: as of 20090107, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
49 CVE-2008-2707 264 DoS 2008-06-16 2017-08-07
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.
50 CVE-2007-0686 DoS Mem. Corr. 2007-02-02 2017-10-18
7.1
None Remote Medium Not required None None Complete
The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
Total number of vulnerabilities : 56   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.