Vulnerabilities > Intel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-3665 | Information Exposure vulnerability in multiple products System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. | 5.6 |
| 2018-06-05 | CVE-2018-3691 | Unspecified vulnerability in Intel Integrated Performance Primitives Cryptography Some implementations in Intel Integrated Performance Primitives Cryptography Library before version 2018 U3.1 do not properly ensure constant execution time. | 4.7 |
| 2018-05-22 | CVE-2018-3640 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a. | 5.6 |
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 5.5 |
| 2018-05-15 | CVE-2018-3661 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Selview and Syscfg Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service. | 5.5 |
| 2018-05-15 | CVE-2018-3634 | Improper Input Validation vulnerability in Intel Online Connect Access 1.9.22.0 Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access. | 5.5 |
| 2018-05-15 | CVE-2018-3611 | Improper Input Validation vulnerability in Intel Graphics Driver Bounds check vulnerability in User Mode Driver in Intel Graphics Driver 15.40.x.4 and 21.20.x.x allows unprivileged user to cause a denial of service via local access. | 6.5 |
| 2018-04-03 | CVE-2017-5703 | Improper Privilege Management vulnerability in Intel products Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. | 6.0 |
| 2018-04-03 | CVE-2018-3689 | Unspecified vulnerability in Intel Software Guard Extensions AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. | 5.5 |
| 2018-03-27 | CVE-2018-9056 | Information Exposure vulnerability in multiple products Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. | 5.6 |