Intel Quartus Prime
By the Year
In 2023 there have been 7 vulnerabilities in Intel Quartus Prime with an average score of 7.2 out of ten. Last year Quartus Prime had 8 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Quartus Prime in 2023 could surpass last years number. Last year, the average CVE base score was greater by 0.53
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 7 | 7.20 |
| 2022 | 8 | 7.73 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 6.60 |
| 2019 | 3 | 7.03 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Quartus Prime vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Intel Quartus Prime Security Vulnerabilities
Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-26888
4.1 - Medium
- February 16, 2023
Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.
XSS
Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-32570
7.8 - High
- February 16, 2023
Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
authentification
Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may
CVE-2022-34157
7.8 - High
- February 16, 2023
Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may
CVE-2022-37329
7.3 - High
- February 16, 2023
Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
DLL preloading
Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-26840
7.8 - High
- February 16, 2023
Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-33892
7.8 - High
- February 16, 2023
Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
Directory traversal
Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-33902
7.8 - High
- February 16, 2023
Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may
CVE-2022-27187
7.8 - High
- November 11, 2022
Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.
DLL preloading
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may
CVE-2022-27233
7.5 - High
- November 11, 2022
XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.
aka Blind XPath Injection
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2021-44454
7.8 - High
- February 09, 2022
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper Input Validation
Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21174
7.8 - High
- February 09, 2022
Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
AuthZ
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may
CVE-2022-21203
7.8 - High
- February 09, 2022
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper Preservation of Permissions
Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21204
7.8 - High
- February 09, 2022
Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect Default Permissions
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21205
7.5 - High
- February 09, 2022
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.
XXE
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may
CVE-2022-21220
7.8 - High
- February 09, 2022
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
XXE
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may
CVE-2020-24454
7.5 - High
- November 12, 2020
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.
XXE
Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may
CVE-2020-8767
5.5 - Medium
- November 12, 2020
Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.
Improper Handling of Exceptional Conditions
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may
CVE-2020-8737
6.8 - Medium
- November 12, 2020
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access.
Buffer Overflow
Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may
CVE-2019-14604
5.5 - Medium
- December 16, 2019
Null pointer dereference in the FPGA kernel driver for Intel(R) Quartus(R) Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable denial of service via local access.
NULL Pointer Dereference
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may
CVE-2019-14603
7.8 - High
- December 16, 2019
Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect Default Permissions
Improper directory permissions in the installer for Intel(R) Quartus(R) software may
CVE-2019-0171
7.8 - High
- May 17, 2019
Improper directory permissions in the installer for Intel(R) Quartus(R) software may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect Permission Assignment for Critical Resource
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0
CVE-2018-3683
7.8 - High
- July 10, 2018
Unquoted service paths in Intel Quartus Prime in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code.
Unquoted Search Path or Element
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Intel Quartus Prime or by Intel? Click the Watch button to subscribe.
