Vulnerabilities > Intel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-11 | CVE-2022-37345 | Improper Authentication vulnerability in Intel products Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-11-11 | CVE-2022-38099 | Improper Input Validation vulnerability in Intel products Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-09-20 | CVE-2022-26873 | Out-of-bounds Write vulnerability in multiple products A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. | 8.2 |
| 2022-09-20 | CVE-2022-40246 | Out-of-bounds Write vulnerability in Intel products A potential attacker can write one byte by arbitrary address at the time of the PEI phase (only during S3 resume boot mode) and influence the subsequent boot stages. | 7.2 |
| 2022-09-20 | CVE-2022-40250 | Out-of-bounds Write vulnerability in multiple products An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. | 8.8 |
| 2022-09-20 | CVE-2022-40261 | Classic Buffer Overflow vulnerability in multiple products An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system (OS) and completely isolated from it. | 8.2 |
| 2022-09-20 | CVE-2022-40262 | Out-of-bounds Write vulnerability in multiple products A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. | 8.2 |
| 2022-08-18 | CVE-2022-27493 | Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. | 7.8 |
| 2022-08-18 | CVE-2022-28858 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
| 2022-08-18 | CVE-2022-32579 | Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | 7.2 |