Vulnerabilities > Intel > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-11 | CVE-2017-5722 | Improper Privilege Management vulnerability in Intel products Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage. | 7.5 |
| 2017-10-11 | CVE-2017-5721 | Improper Input Validation vulnerability in Intel products Insufficient input validation in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to execute arbitrary code via manipulation of memory. | 7.5 |
| 2017-10-11 | CVE-2017-5701 | Unspecified vulnerability in Intel products Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery. high complexity intel | 7.1 |
| 2017-10-11 | CVE-2017-5700 | Insufficiently Protected Credentials vulnerability in Intel products Insufficient protection of password storage in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows local attackers to bypass Administrator and User passwords via access to password storage. | 8.4 |
| 2017-08-09 | CVE-2015-2291 | Improper Input Validation vulnerability in Intel products (1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call. | 7.8 |
| 2017-04-04 | CVE-2017-5683 | Unspecified vulnerability in Intel Hardware Accelerated Execution Manager 6.0.4 Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access. | 7.8 |
| 2017-03-07 | CVE-2017-5681 | Unspecified vulnerability in Intel Quickassist Technology Engine 0.5.18 The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack. | 7.5 |
| 2017-02-28 | CVE-2017-5682 | Unspecified vulnerability in Intel products Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. | 7.3 |
| 2017-02-27 | CVE-2017-5927 | Information Exposure vulnerability in multiple products Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. | 7.5 |
| 2017-02-27 | CVE-2017-5926 | Information Exposure vulnerability in multiple products Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. | 7.5 |