Intel Quartus Prime

Intel Quartus Prime Uncontrolled Search Path before 23.1.1 Patch 1.01std
CVE-2024-42405 - February 12, 2025

Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel(R) Quartus(R) Prime Pro Edition: Uncontrolled Search Path Privilege Escalation Vulnerability
CVE-2024-38383 7.8 - High - November 13, 2024

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel(R) Quartus(R) Prime Standard Edition: Uncontrolled Search Path Privilege Escalation Vulnerabil
CVE-2024-38668 7.8 - High - November 13, 2024

Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime Pro Uncontrolled Search Path (Prior to v24.1) Escalation Risk
CVE-2024-22184 7.8 - High - August 14, 2024

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition Design Software before version 24.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel HLS Compiler 23.3 Uncontrolled Search Path Local Priv Escalation
CVE-2024-23907 7.8 - High - August 14, 2024

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime Pro Uncontrolled Search Path (before 23.4) PrivEsc via Local Access
CVE-2024-21777 7.3 - High - May 16, 2024

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro Edition Design software before version 23.4 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime Lite <23.1 Priv Esc via Improper Cond Check
CVE-2024-21809 7.3 - High - May 16, 2024

Improper conditions check for some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Check for Unusual or Exceptional Conditions

Intel Quartus Prime Lite < 23.1 Uncontrolled Search Path Priv Esc
CVE-2024-21837 7.3 - High - May 16, 2024

Uncontrolled search path in some Intel(R) Quartus(R) Prime Lite Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime V23.1 PrivEsc via Uncontrolled Search Path
CVE-2024-21862 7.3 - High - May 16, 2024

Uncontrolled search path in some Intel(R) Quartus(R) Prime Standard Edition Design software before version 23.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime Pro v<22.4 Randomness Flaw in Linux
CVE-2023-24478 5.5 - Medium - August 15, 2023

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to potentially enable information disclosure via local access.

Use of Insufficiently Random Values

Intel Quartus Prime: Uncontrolled Search Path Element Privilege Escalation
CVE-2023-24016 7.3 - High - August 11, 2023

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus Prime Pro (v<22.3) Uncontrolled Search Path PrivEsc
CVE-2022-41693 7.8 - High - May 10, 2023

Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Unquoted Search Path or Element

Intel Quartus Prime Pro Privilege Escalation via Improper Neutralization
CVE-2022-26840 7.8 - High - February 16, 2023

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-26888: XSS in Intel Quartus Prime enabling local info disclosure
CVE-2022-26888 4.1 - Medium - February 16, 2023

Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

XSS

Intel Quartus Prime PrivEsc via Improper Auth on Pro/Std Edition
CVE-2022-32570 7.8 - High - February 16, 2023

Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

authentification

Intel FPGA SDK for OpenCL Improper AC Escalation <22.1
CVE-2022-34157 7.8 - High - February 16, 2023

Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.

Intel Quartus Prime Uncontrolled Search Path Priv Esc
CVE-2022-37329 7.3 - High - February 16, 2023

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Path traversal in Intel Quartus Prime enables privilege escalation
CVE-2022-33892 7.8 - High - February 16, 2023

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Directory traversal

CVE-2022-33902: Priv Escal via Insufficient CF in Intel Quartus Prime
CVE-2022-33902 7.8 - High - February 16, 2023

Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Intel Quartus Standard <21.1 Uncontrolled Search Path Priv Escalation
CVE-2022-27187 7.8 - High - November 11, 2022

Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

DLL preloading

Intel Quartus XML injection in Prime Programmer
CVE-2022-27233 7.5 - High - November 11, 2022

XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

aka Blind XPath Injection

Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21204 7.8 - High - February 09, 2022

Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Default Permissions

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21220 7.8 - High - February 09, 2022

Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

XXE

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21205 7.5 - High - February 09, 2022

Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.

XXE

Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may
CVE-2022-21203 7.8 - High - February 09, 2022

Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Preservation of Permissions

Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2021-44454 7.8 - High - February 09, 2022

Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Input Validation

Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21174 7.8 - High - February 09, 2022

Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may
CVE-2020-24454 7.5 - High - November 12, 2020

Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.

XXE

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may
CVE-2020-8767 - November 12, 2020

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may
CVE-2020-8737 - November 12, 2020

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access.

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may
CVE-2019-14604 - December 16, 2019

Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may
CVE-2019-14603 - December 16, 2019

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

Improper directory permissions in the installer for Intel(R) Quartus(R) software may
CVE-2019-0171 7.8 - High - May 17, 2019

Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.

Incorrect Permission Assignment for Critical Resource

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0
CVE-2018-3683 7.8 - High - July 10, 2018

Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.

Unquoted Search Path or Element