VYPR

Vendor CVEs

Intel

All CVEs

2,130 total · sorted by risk
  • CVE-2017-5689CriKEVMay 2, 2017
    risk 0.86cvss 9.8epss 0.92

    An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged…

  • CVE-2015-2291HigKEVAug 9, 2017
    risk 0.72cvss 7.8epss 0.09

    (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c)…

  • CVE-2024-22476CriMay 16, 2024
    risk 0.71cvss 10.0epss 0.33

    Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.

  • CVE-2016-8027CriMar 14, 2017
    risk 0.65cvss 10.0epss 0.06

    SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without…

  • CVE-2018-12171CriSep 12, 2018
    risk 0.64cvss 9.8epss 0.02

    Privilege escalation in Intel Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.

  • CVE-2018-3641CriApr 3, 2018
    risk 0.64cvss 9.8epss 0.01

    Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.

  • CVE-2017-5719CriNov 21, 2017
    risk 0.64cvss 9.8epss 0.02

    A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows a network attacker to remotely execute code as a local user.

  • CVE-2017-12865CriAug 29, 2017
    risk 0.64cvss 9.8epss 0.06

    Stack-based buffer overflow in "dnsproxy.c" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.

  • CVE-2018-3679CriSep 12, 2018
    risk 0.62cvss 9.6epss 0.01

    Escalation of privilege in Reference UI in Intel Data Center Manager SDK 5.0 and before may allow an unauthorized remote unauthenticated user to potentially execute code via administrator privileges.

  • CVE-2026-20794CriMay 12, 2026
    risk 0.60cvss epss 0.00

    Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local…

  • CVE-2017-5738CriNov 16, 2017
    risk 0.59cvss 9.1epss 0.02

    Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure.

  • CVE-2017-5691CriJul 26, 2017
    risk 0.59cvss 9.0epss 0.01

    Incorrect check in Intel processors from 6th and 7th Generation Intel Core Processor Families, Intel Xeon E3-1500M v5 and v6 Product Families, and Intel Xeon E3-1200 v5 and v6 Product Families allows compromised system firmware to impact SGX security via incorrect early system…

  • CVE-2013-4786HigJul 8, 2013
    risk 0.58cvss 7.5epss 0.82

    The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.

  • CVE-2026-20887HigMay 12, 2026
    risk 0.57cvss epss 0.00

    Improper access control for some Intel Vision software for all versions within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable remote code execution. This…

  • CVE-2025-35990HigMay 12, 2026
    risk 0.57cvss epss 0.00

    Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack…

  • CVE-2024-36324HigFeb 11, 2026
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary code execution.

  • CVE-2025-24325HigAug 12, 2025
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2013-3307HigJul 11, 2025
    risk 0.57cvss 8.3epss 0.06

    Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.

  • CVE-2024-36242HigNov 13, 2024
    risk 0.57cvss 8.8epss 0.00

    Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-23918HigNov 13, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper conditions check in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.

  • CVE-2024-21976HigNov 12, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution.

  • CVE-2024-21810HigAug 14, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-21807HigAug 14, 2024
    risk 0.57cvss 8.8epss 0.00

    Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2018-3672HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.00

    Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls.

  • CVE-2018-3670HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.00

    Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow.

  • CVE-2018-3666HigAug 1, 2018
    risk 0.57cvss 8.8epss 0.00

    Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow.

  • CVE-2018-3628HigJul 10, 2018
    risk 0.57cvss 8.8epss 0.01

    Buffer overflow in HTTP handler in Intel Active Management Technology in Intel Converged Security Manageability Engine Firmware 3.x, 4.x, 5.x, 6.x, 7.x, 8.x, 9.x, 10.x, and 11.x may allow an attacker to execute arbitrary code via the same subnet.

  • CVE-2017-5736HigMar 20, 2018
    risk 0.57cvss 8.8epss 0.00

    An elevation of privilege in Intel Software Guard Extensions Platform Software Component before 1.9.105.42329 allows a local attacker to execute arbitrary code as administrator.

  • CVE-2015-8989HigMar 14, 2017
    risk 0.57cvss 8.8epss 0.01

    Unsalted password vulnerability in the Enterprise Manager (web portal) component in Intel Security McAfee Vulnerability Manager (MVM) 7.5.8 and earlier allows attackers to more easily decrypt user passwords via brute force attacks against the database.

  • CVE-2015-8988HigMar 14, 2017
    risk 0.57cvss 8.8epss 0.01

    Unquoted executable path vulnerability in Client Management and Gateway components in McAfee (now Intel Security) ePO Deep Command (eDC) 2.2 and 2.1 allows authenticated users to execute a command of their choice via dropping a malicious file for the path.

  • CVE-2025-32008HigFeb 10, 2026
    risk 0.56cvss 8.6epss 0.00

    Out-of-bounds write in the firmware for the Intel(R) AMT and Intel(R) Standard Manageability within Ring 3: User Applications may allow a denial of service. Network adversary with an unauthenticated user combined with a low complexity attack may enable denial of service. This…

  • CVE-2015-1142857HigJan 23, 2018
    risk 0.56cvss 8.6epss 0.02

    On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before…

  • CVE-2016-8024HigMar 14, 2017
    risk 0.56cvss 8.1epss 0.09

    Improper neutralization of CRLF sequences in HTTP headers vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to obtain sensitive information via the server HTTP response spoofing.

  • CVE-2016-8023HigMar 14, 2017
    risk 0.56cvss 8.1epss 0.09

    Authentication bypass by assumed-immutable data vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote unauthenticated attacker to bypass server authentication via a crafted authentication cookie.

  • CVE-2016-8020HigMar 14, 2017
    risk 0.56cvss 8.0epss 0.11

    Improper control of generation of code vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to execute arbitrary code via a crafted HTTP request parameter.

  • CVE-2026-20738HigMay 12, 2026
    risk 0.55cvss epss 0.00

    Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may…

  • CVE-2024-36352HigSep 6, 2025
    risk 0.55cvss 8.4epss 0.00

    Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.

  • CVE-2025-20101HigMay 13, 2025
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds read for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

  • CVE-2024-38665HigNov 13, 2024
    risk 0.55cvss 8.4epss 0.00

    Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2024-34023HigNov 13, 2024
    risk 0.55cvss 8.4epss 0.00

    Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.

  • CVE-2017-5700HigOct 11, 2017
    risk 0.55cvss 8.4epss 0.00

    Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage.

  • CVE-2026-20879HigMay 12, 2026
    risk 0.54cvss epss 0.00

    Out-of-bounds write for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data…

  • CVE-2026-20751HigMay 12, 2026
    risk 0.54cvss epss 0.00

    Out-of-bounds read for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data…

  • CVE-2018-3624HigApr 5, 2018
    risk 0.54cvss 8.3epss 0.01

    Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, XMM73xx, XMM74xx and Sofia 3G/R allows remote attacker to potentially execute arbitrary code via an adjacent network.

  • CVE-2017-5717HigDec 12, 2017
    risk 0.54cvss 7.8epss 0.01

    Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.

  • CVE-2025-25210HigFeb 10, 2026
    risk 0.53cvss 8.2epss 0.00

    Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation…

  • CVE-2025-35971HigNov 11, 2025
    risk 0.53cvss 8.2epss 0.00

    Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial…

  • CVE-2025-32091HigNov 11, 2025
    risk 0.53cvss 8.2epss 0.00

    Incorrect default permissions in some firmware for the Intel(R) Arc(TM) B-series GPUs within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege.…

  • CVE-2025-30255HigNov 11, 2025
    risk 0.53cvss 8.2epss 0.00

    Out-of-bounds write for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable denial…

  • CVE-2025-20093HigAug 12, 2025
    risk 0.53cvss 8.2epss 0.00

    Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Page 1 of 43