Filtered by vendor Intel
Subscribe
Total
656 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-5710 | 1 Intel | 1 Trusted Execution Engine Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Multiple privilege escalations in kernel in Intel Trusted Execution Engine Firmware 3.0 allows unauthorized process to access privileged content via unspecified vector. | |||||
CVE-2017-5705 | 1 Intel | 1 Manageability Engine Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Multiple buffer overflows in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code. | |||||
CVE-2017-5708 | 1 Intel | 1 Manageability Engine Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. | |||||
CVE-2017-5709 | 1 Intel | 1 Server Platform Services Firmware | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Multiple privilege escalations in kernel in Intel Server Platform Services Firmware 4.0 allows unauthorized process to access privileged content via unspecified vector. | |||||
CVE-2017-5926 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
CVE-2017-5682 | 1 Intel | 12 Advisor, Cryptography For Intel Integrated Performance Primitives, Data Analytics Acceleration Library and 9 more | 2023-12-10 | 9.3 HIGH | 7.3 HIGH |
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. | |||||
CVE-2016-5647 | 1 Intel | 1 Graphics Driver | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request. | |||||
CVE-2017-5925 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
CVE-2017-5681 | 1 Intel | 1 Quickassist Technology Engine | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. | |||||
CVE-2017-5683 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. | |||||
CVE-2017-5927 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
CVE-2016-8102 | 1 Intel | 1 Wireless Bluetooth Drivers | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | |||||
CVE-2016-5672 | 1 Intel | 1 Crosswalk | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x before 22.51.549.0 interprets a user's acceptance of one invalid X.509 certificate to mean that all invalid X.509 certificates should be accepted without prompting, which makes it easier for man-in-the-middle attackers to spoof SSL servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-8101 | 1 Intel | 1 Solid-state Drive Toolbox | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors. | |||||
CVE-2016-1493 | 1 Intel | 1 Driver Update Utility | 2023-12-10 | 7.6 HIGH | 7.5 HIGH |
Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file. | |||||
CVE-2013-4786 | 2 Intel, Oracle | 2 Intelligent Platform Management Interface, Fujitsu M10 Firmware | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. |