Intel

Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may

CVE-2022-36287 4.3 - Medium - February 16, 2023

Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.

Improper Handling of Exceptional Conditions

Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may

CVE-2022-41614 5.5 - Medium - February 16, 2023

Insufficiently protected credentials in the Intel(R) ON Event Series Android application before version 2.0 may allow an authenticated user to potentially enable information disclosure via local access.

Insufficiently Protected Credentials

Improper access control in the Intel(R) OFU software before version 14.1.28 may

CVE-2021-33104 5.5 - Medium - February 16, 2023

Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access.

Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may

CVE-2022-21163 7.8 - High - February 16, 2023

Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may

CVE-2022-27234 6.5 - Medium - February 16, 2023

Server-side request forgery in the CVAT software maintained by Intel(R) before version 2.0.1 may allow an authenticated user to potentially enable information disclosure via network access.

XSPA

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may

CVE-2022-36369 7.8 - High - February 16, 2023

Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may

CVE-2022-36397 7.8 - High - February 16, 2023

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may

CVE-2022-37340 7.3 - High - February 16, 2023

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may

CVE-2022-38056 5.3 - Medium - February 16, 2023

Improper neutralization in the Intel(R) EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access.

Uncontrolled search path in some Intel(R) Network Adapter installer software may

CVE-2022-41314 7.8 - High - February 16, 2023

Uncontrolled search path in some Intel(R) Network Adapter installer software may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may

CVE-2022-32575 7.8 - High - February 16, 2023

Out-of-bounds write in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Memory Corruption

Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may

CVE-2022-34843 7.8 - High - February 16, 2023

Integer overflow in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Integer Overflow or Wraparound

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may

CVE-2022-34864 7.8 - High - February 16, 2023

Out-of-bounds read in the Intel(R) Trace Analyzer and Collector software before version 2021.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Out-of-bounds Read

Improper access control in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-29514 9.8 - Critical - February 16, 2023

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-30692 7.5 - High - February 16, 2023

Improper conditions check in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable denial of service via network access.

Improper Check for Unusual or Exceptional Conditions

Improper access control in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-31476 5.5 - Medium - February 16, 2023

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-32971 7.2 - High - February 16, 2023

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access.

authentification

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-33190 7.8 - High - February 16, 2023

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Input Validation

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-33946 7.8 - High - February 16, 2023

Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

authentification

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-33964 9.8 - Critical - February 16, 2023

Improper input validation in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Improper Input Validation

Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may

CVE-2022-34346 7.8 - High - February 16, 2023

Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Out-of-bounds Read

Improper access control in the Intel(R) SUR software before version 2.4.8902 may

CVE-2022-34854 7.8 - High - February 16, 2023

Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access.

NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may

CVE-2022-35883 5.5 - Medium - February 16, 2023

NULL pointer dereference in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

NULL Pointer Dereference

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may

CVE-2022-36289 5.5 - Medium - February 16, 2023

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access.

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may

CVE-2022-27170 7.8 - High - February 16, 2023

Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may

CVE-2022-34841 7.8 - High - February 16, 2023

Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Buffer Overflow

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-26888 4.1 - Medium - February 16, 2023

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

XSS

Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may

CVE-2022-30339 4.4 - Medium - February 16, 2023

Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access.

Out-of-bounds Read

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-32570 7.8 - High - February 16, 2023

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

authentification

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may

CVE-2022-34157 7.8 - High - February 16, 2023

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may

CVE-2022-36348 7.8 - High - February 16, 2023

Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may

CVE-2022-36794 4.4 - Medium - February 16, 2023

Improper condition check in some Intel(R) SPS firmware before version SPS_E3_06.00.03.300.0 may allow a privileged user to potentially enable denial of service via local access.

Improper Check for Unusual or Exceptional Conditions

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may

CVE-2022-37329 7.3 - High - February 16, 2023

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may

CVE-2022-30530 7.8 - High - February 16, 2023

Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.

Description: Race condition in the Intel(R) DSA software before version 22.4.26 may

CVE-2022-32764 7 - High - February 16, 2023

Description: Race condition in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.

Race Condition

Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may

CVE-2022-34153 7.8 - High - February 16, 2023

Improper initialization in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Initialization

Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may

CVE-2022-36278 7.8 - High - February 16, 2023

Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Always-Incorrect Control Flow Implementation

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may

CVE-2022-36398 7.8 - High - February 16, 2023

Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may

CVE-2022-25905 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may

CVE-2022-25992 7.8 - High - February 16, 2023

Insecure inherited permissions in the Intel(R) oneAPI Toolkits oneapi-cli before version 0.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may

CVE-2022-26032 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may

CVE-2022-26052 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may

CVE-2022-26062 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may

CVE-2022-26076 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may

CVE-2022-26345 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may

CVE-2022-26421 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may

CVE-2022-26425 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may

CVE-2022-26512 7.3 - High - February 16, 2023

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-26840 7.8 - High - February 16, 2023

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-33892 7.8 - High - February 16, 2023

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Directory traversal

Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-33902 7.8 - High - February 16, 2023

Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may

CVE-2022-38136 7.3 - High - February 06, 2023

Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler for Windows and Intel Fortran Compiler for Windows before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may

CVE-2022-40196 7.8 - High - February 06, 2023

Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 and Intel C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may

CVE-2022-41342 7.8 - High - February 06, 2023

Improper buffer restrictions in the Intel(R) C++ Compiler Classic before version 2021.7.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access.

Buffer Overflow

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may

CVE-2022-26047 6.5 - Medium - November 11, 2022

Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.

Improper Input Validation

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may

CVE-2022-26341 8.8 - High - November 11, 2022

Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.

Insufficiently Protected Credentials

Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may

CVE-2021-33159 6.7 - Medium - November 11, 2022

Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow a privileged user to potentially enable escalation of privilege via local access.

authentification

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may

CVE-2022-26028 7.3 - High - November 11, 2022

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may

CVE-2022-26086 7.3 - High - November 11, 2022

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may

CVE-2021-26251 6.5 - Medium - November 11, 2022

Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.

Improper Input Validation

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may

CVE-2022-26508 7.5 - High - November 11, 2022

Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

authentification

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may

CVE-2022-29486 9.8 - Critical - November 11, 2022

Improper buffer restrictions in the Hyperscan library maintained by Intel(R) all versions downloaded before 04/29/2022 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Buffer Overflow

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may

CVE-2022-29515 5.5 - Medium - November 11, 2022

Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.

Memory Leak

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may

CVE-2022-29893 8.8 - High - November 11, 2022

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.

authentification

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may

CVE-2022-30297 7.8 - High - November 11, 2022

Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged user to potentially enable escalation of privilege via local access.

XSS

Uncontrolled search path element in the Intel(R) Glorp software may

CVE-2022-30548 7.8 - High - November 11, 2022

Uncontrolled search path element in the Intel(R) Glorp software may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may

CVE-2022-30691 5.5 - Medium - November 11, 2022

Uncontrolled resource consumption in the Intel(R) Support Android application before version 22.02.28 may allow an authenticated user to potentially enable denial of service via local access.

Resource Exhaustion

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may

CVE-2022-33942 8.8 - High - November 11, 2022

Protection mechanism failure in the Intel(R) DCM software before version 5.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may

CVE-2022-26845 9.8 - Critical - November 11, 2022

Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

authentification

Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may

CVE-2022-27497 7.5 - High - November 11, 2022

Null pointer dereference in firmware for Intel(R) AMT before version 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable denial of service via network access.

NULL Pointer Dereference

Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may

CVE-2022-27499 4.4 - Medium - November 11, 2022

Premature release of resource during expected lifetime in the Intel(R) SGX SDK software may allow a privileged user to potentially enable information disclosure via local access.

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may

CVE-2022-27638 7.8 - High - November 11, 2022

Uncontrolled search path element in the Intel(R) Advanced Link Analyzer Pro before version 22.2 and Standard edition software before version 22.1.1 STD may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may

CVE-2022-29466 5.5 - Medium - November 11, 2022

Improper input validation in firmware for Intel(R) SPS before version SPS_E3_04.01.04.700.0 may allow an authenticated user to potentially enable denial of service via local access.

Improper Input Validation

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may

CVE-2022-36367 4.4 - Medium - November 11, 2022

Incorrect default permissions in the Intel(R) Support Android application before version v22.02.28 may allow a privileged user to potentially enable information disclosure via local access.

Incorrect Default Permissions

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may

CVE-2021-33064 7.8 - High - November 11, 2022

Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may

CVE-2022-27187 7.8 - High - November 11, 2022

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may

CVE-2022-27233 7.5 - High - November 11, 2022

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

aka Blind XPath Injection

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may

CVE-2022-30944 5.5 - Medium - August 18, 2022

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

Insufficiently Protected Credentials

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may

CVE-2022-30601 9.8 - Critical - August 18, 2022

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

Insufficiently Protected Credentials

Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may

CVE-2022-28697 6.8 - Medium - August 18, 2022

Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-21225 8 - High - August 18, 2022

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may

CVE-2022-22730 9.8 - Critical - August 18, 2022

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

authentification

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may

CVE-2022-21152 5.5 - Medium - August 18, 2022

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may

CVE-2022-21148 7.8 - High - August 18, 2022

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Privilege Management

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may

CVE-2022-25966 7.8 - High - August 18, 2022

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Privilege Management

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-23182 8.8 - High - August 18, 2022

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

AuthZ

Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may

CVE-2021-44470 5.5 - Medium - August 18, 2022

Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.

Incorrect Default Permissions

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-24378 5.5 - Medium - August 18, 2022

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

Improper Initialization

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may

CVE-2022-23403 5.5 - Medium - August 18, 2022

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

Improper Input Validation

Improper access control in the Intel(R) HAXM software before version 7.7.1 may

CVE-2022-21812 7.8 - High - August 18, 2022

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

AuthZ

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may

CVE-2022-30296 7.5 - High - August 18, 2022

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

Insufficiently Protected Credentials

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may

CVE-2022-26844 7.8 - High - August 18, 2022

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Insufficiently Protected Credentials

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may

CVE-2022-29507 5.5 - Medium - August 18, 2022

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

Insufficiently Protected Credentials

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may

CVE-2022-25899 9.8 - Critical - August 18, 2022

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

AuthZ

Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may

CVE-2022-25841 7.8 - High - August 18, 2022

Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may

CVE-2022-27500 5.5 - Medium - August 18, 2022

Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access.

Incorrect Default Permissions

Improper access control in the Intel(R) DSA software for before version 22.2.14 may

CVE-2022-26017 8 - High - August 18, 2022

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

AuthZ

Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may

CVE-2022-26344 7.8 - High - August 18, 2022

Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may

CVE-2022-26074 4.4 - Medium - August 18, 2022

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

Insufficient Cleanup

Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may

CVE-2022-21807 7.8 - High - August 18, 2022

Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading