Intel Security Vulnerabilities
Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM).
7.8CVSS
7.3AI Score
0.0004EPSS
Logic issue in variable service module for EDK II/UDK2018/UDK2017/UDK2015 may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access.
7.8CVSS
7.3AI Score
0.001EPSS
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.
6.4CVSS
5.6AI Score
0.0005EPSS
Bleichenbacher-style side channel vulnerability in TLS implementation in Intel Active Management Technology before 12.0.5 may allow an unauthenticated user to potentially obtain the TLS session key via the network.
5.9CVSS
5.9AI Score
0.005EPSS
Information disclosure vulnerability in storage media in systems with Intel Optane memory module with Whole Disk Encryption may allow an attacker to recover data via physical access.
4.6CVSS
4.3AI Score
0.001EPSS
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.
5.6CVSS
6.5AI Score
0.003EPSS
Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.
6.5CVSS
6.2AI Score
0.001EPSS
Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.
8.3CVSS
8.6AI Score
0.023EPSS
Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and 1.9.6 (Windows) may generate code that is susceptible to a side channel potentially allowing a local user to access unauthorized information.
4.7CVSS
6.2AI Score
0.0004EPSS
Logic bug in Intel Converged Security Management Engine 11.x may allow an attacker to execute arbitrary code via local privileged access.
8.2CVSS
8.1AI Score
0.0004EPSS
Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.
8.8CVSS
8.9AI Score
0.003EPSS
Buffer overflow in event handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to cause a denial of service via the same subnet.
6.5CVSS
7.2AI Score
0.001EPSS
Memory corruption in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 6.x / 7.x / 8.x / 9.x / 10.x / 11.0 / 11.5 / 11.6 / 11.7 / 11.10 / 11.20 could be triggered by an attacker with local administrator permission on the system.
6.7CVSS
7.4AI Score
0.0004EPSS
Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access.
5.5CVSS
5.4AI Score
0.0004EPSS
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
7.8CVSS
7.3AI Score
0.001EPSS
Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.
7.8CVSS
7.7AI Score
0.0004EPSS
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store ...
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
5.6CVSS
5.6AI Score
0.003EPSS
Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
9.8CVSS
8.9AI Score
0.002EPSS
A vulnerability in Power Management Controller firmware in systems using specific Intel(R) Converged Security and Management Engine (CSME) before version 11.8.55, 11.11.55, 11.21.55, 12.0.6 or Intel(R) Server Platform Services firmware before version 4.x.04 may allow an attacker with administrative...
8.2CVSS
8.1AI Score
0.001EPSS
Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
7.8CVSS
7.5AI Score
0.0004EPSS
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.
5.6CVSS
6.5AI Score
0.0004EPSS
DLL injection vulnerability in the installation executables (Autorun.exe and Setup.exe) for Intel's wireless drivers and related software in Intel Dual Band Wireless-AC, Tri-Band Wireless-AC and Wireless-AC family of products allows a local attacker to cause escalation of privilege via remote code ...
7.8CVSS
8AI Score
0.001EPSS
Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector.
7.8CVSS
7.4AI Score
0.0004EPSS
Existing UEFI setting restrictions for DCI (Direct Connect Interface) in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces.
7.6CVSS
7.2AI Score
0.001EPSS
A vulnerability in a subsystem in Intel CSME before version 11.21.55, Intel Server Platform Services before version 4.0 and Intel Trusted Execution Engine Firmware before version 3.1.55 may allow an unauthenticated user to potentially modify or disclose information via physical access.
7.3CVSS
6.4AI Score
0.003EPSS
Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access.
6.7CVSS
6.7AI Score
0.001EPSS
Multiple memory leaks in Intel AMT in Intel CSME firmware versions before 12.0.5 may allow an unauthenticated user with Intel AMT provisioned to potentially cause a partial denial of service via network access.
5.3CVSS
5.4AI Score
0.009EPSS
A vulnerability in Intel PTT module in Intel CSME firmware before version 12.0.5 and Intel TXE firmware before version 4.0 may allow an unauthenticated user to potentially disclose information via physical access.
6.8CVSS
6.2AI Score
0.001EPSS
Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service.
5.5CVSS
5.5AI Score
0.0004EPSS
Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root.
8CVSS
8.1AI Score
0.0004EPSS
Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information.
5.7CVSS
5.4AI Score
0.0004EPSS
System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel.
5.6CVSS
6AI Score
0.001EPSS
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.
8.8CVSS
8.5AI Score
0.0004EPSS
Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation.
7.8CVSS
7.9AI Score
0.0004EPSS
Unquoted service paths in Intel Processor Diagnostic Tool (IPDT) before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code.
7.8CVSS
8.2AI Score
0.0004EPSS
A STOP error (BSoD) in the ibtfltcoex.sys driver for Intel Centrino Wireless N and Intel Centrino Advanced N adapters may allow an unauthenticated user to potentially send a malformed L2CAP Connection Request is sent to the Intel Bluetooth device via the network.
7.5CVSS
7.5AI Score
0.001EPSS
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.
8.8CVSS
8.7AI Score
0.0004EPSS
Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information.
5.7CVSS
5.5AI Score
0.0004EPSS
Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.
8.8CVSS
8.5AI Score
0.0004EPSS
Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.
9.6CVSS
9.4AI Score
0.006EPSS
BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS.
8.2CVSS
8.1AI Score
0.0004EPSS
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
7.8CVSS
7.7AI Score
0.0004EPSS
Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
7.8CVSS
7.7AI Score
0.0004EPSS
Code injection vulnerability in INTEL-SA-00086 Detection Tool before version 1.2.7.0 may allow a privileged user to potentially execute arbitrary code via local access.
6.7CVSS
6.7AI Score
0.0004EPSS
Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code.
7.8CVSS
7.7AI Score
0.0004EPSS
Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
7.8CVSS
7.7AI Score
0.0004EPSS
AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM.
5.5CVSS
5.5AI Score
0.0004EPSS
Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time.
4.7CVSS
6.4AI Score
0.0004EPSS
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.
5.6CVSS
6.3AI Score
0.001EPSS