Search criteria
24 vulnerabilities found for integrated_performance_primitives by intel
FKIE_CVE-2024-28952
Vulnerability from fkie_nvd - Published: 2024-11-13 21:15 - Updated: 2025-09-02 15:33
Severity ?
Summary
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | integrated_performance_primitives | * | |
| microsoft | windows | - | |
| intel | oneapi_base_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C41C1BE-B5CC-46F5-B348-A2F790CD5C97",
"versionEndExcluding": "2021.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F4FB7C-C409-4756-AF08-13FA03213C34",
"versionEndExcluding": "2024.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada para alg\u00fan software Intel(R) IPP para Windows anterior a la versi\u00f3n 2021.12.0 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-28952",
"lastModified": "2025-09-02T15:33:39.227",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@intel.com",
"type": "Secondary"
}
]
},
"published": "2024-11-13T21:15:15.310",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@intel.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-28887
Vulnerability from fkie_nvd - Published: 2024-08-14 14:15 - Updated: 2024-09-12 18:51
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | integrated_performance_primitives | * | |
| intel | oneapi_base_toolkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FADEE936-7118-4205-BBBF-8EBF9CD0B272",
"versionEndExcluding": "2021.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6CF20E-ABCC-48E3-B4CC-625C383E50EC",
"versionEndExcluding": "2024.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": " La ruta de b\u00fasqueda no controlada en alg\u00fan software Intel(R) IPP anterior a la versi\u00f3n 2021.11 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"id": "CVE-2024-28887",
"lastModified": "2024-09-12T18:51:49.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "secure@intel.com",
"type": "Secondary"
}
]
},
"published": "2024-08-14T14:15:25.790",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-28823
Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:56
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
7.3 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:advisor_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2193AD3C-C7CF-47BC-B9C7-043A44263881",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268A0E9F-941F-4D2A-821D-4D1032458484",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:distribution_for_python_programming_language:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C06498-09B0-434E-A9AB-F90225AEDF94",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5449D057-151E-49F1-A4F3-9B59BCABAAED",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA34171F-6851-4C68-B9DD-E087DA9CD29D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6F5C5E-9330-4957-899F-EA81A7829FCE",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "309CC033-7419-45B0-B57E-EDB855D6ED8D",
"versionEndExcluding": "1.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:inspector_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFA075-DD70-416E-9591-827FAC2AD89F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD85FB58-421A-4959-97BD-437D9445767B",
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27AABCE-03AA-4A04-8950-A7B3AA41829C",
"versionEndExcluding": "2021.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09DEC669-B8A6-4E41-B34C-F6D2F710D96F",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B0E003-2303-4BAA-AAB5-E41672DD36A8",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E3234-E4F4-4A1A-92C8-7A71741A2280",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E84AA-7C56-4F06-9CBD-0F8265EA164B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86839DB5-6A37-456F-8527-E1D6CFF9592D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library_\\(onedpl\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F404777-A45E-4D04-A459-20440919DA6F",
"versionEndExcluding": "2022.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140E6A32-DD35-4BD9-8810-26359D76FEB7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F00829C-D33E-4BF6-A699-16C4E7A9E95B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D429AB0-77B9-4F05-B59B-95DFC3DF9D4F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7297C4CE-B6AB-4BBA-89DE-CA0865F8CCBB",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72297C84-0B91-4D8E-A87F-235E3DC346E1",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF1F97-F77D-496F-97F4-E2A706B6AB33",
"versionEndExcluding": "4.3.1.493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CF5D27-1C7C-4FDF-B3A0-4EE4047195C6",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B820BD-07FB-48AC-B3E4-F3DCAB991C9B",
"versionEndExcluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0158081D-D9FD-4918-ADCF-70AB92230B99",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D02EF185-A6E6-4820-A084-60AD061283A7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7158BB-56CF-40BA-85CF-0B622CC49617",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F034E3C1-6FA9-4F75-80AE-98857F323AA2",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:vtune_profiler_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21CFEA3C-4017-44FB-9A25-193FE8D65375",
"versionEndExcluding": "2023.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-28823",
"lastModified": "2024-11-21T07:56:05.053",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:26.530",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-27391
Vulnerability from fkie_nvd - Published: 2023-08-11 03:15 - Updated: 2024-11-21 07:52
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:advisor_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2193AD3C-C7CF-47BC-B9C7-043A44263881",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:cpu_runtime_for_opencl_applications:*:*:*:*:*:*:*:*",
"matchCriteriaId": "268A0E9F-941F-4D2A-821D-4D1032458484",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:distribution_for_python_programming_language:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01C06498-09B0-434E-A9AB-F90225AEDF94",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5449D057-151E-49F1-A4F3-9B59BCABAAED",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA34171F-6851-4C68-B9DD-E087DA9CD29D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6F5C5E-9330-4957-899F-EA81A7829FCE",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "309CC033-7419-45B0-B57E-EDB855D6ED8D",
"versionEndExcluding": "1.19.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:inspector_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EFA075-DD70-416E-9591-827FAC2AD89F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD85FB58-421A-4959-97BD-437D9445767B",
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ipp_cryptography:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27AABCE-03AA-4A04-8950-A7B3AA41829C",
"versionEndExcluding": "2021.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09DEC669-B8A6-4E41-B34C-F6D2F710D96F",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B0E003-2303-4BAA-AAB5-E41672DD36A8",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB4E3234-E4F4-4A1A-92C8-7A71741A2280",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8E84AA-7C56-4F06-9CBD-0F8265EA164B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86839DB5-6A37-456F-8527-E1D6CFF9592D",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library_\\(onedpl\\):*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F404777-A45E-4D04-A459-20440919DA6F",
"versionEndExcluding": "2022.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "140E6A32-DD35-4BD9-8810-26359D76FEB7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F00829C-D33E-4BF6-A699-16C4E7A9E95B",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D429AB0-77B9-4F05-B59B-95DFC3DF9D4F",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7297C4CE-B6AB-4BBA-89DE-CA0865F8CCBB",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72297C84-0B91-4D8E-A87F-235E3DC346E1",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installer:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BFF1F97-F77D-496F-97F4-E2A706B6AB33",
"versionEndExcluding": "4.3.1.493",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2CF5D27-1C7C-4FDF-B3A0-4EE4047195C6",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B820BD-07FB-48AC-B3E4-F3DCAB991C9B",
"versionEndExcluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0158081D-D9FD-4918-ADCF-70AB92230B99",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D02EF185-A6E6-4820-A084-60AD061283A7",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FB7158BB-56CF-40BA-85CF-0B622CC49617",
"versionEndExcluding": "2023.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F034E3C1-6FA9-4F75-80AE-98857F323AA2",
"versionEndExcluding": "2021.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:vtune_profiler_for_oneapi:*:*:*:*:*:*:*:*",
"matchCriteriaId": "21CFEA3C-4017-44FB-9A25-193FE8D65375",
"versionEndExcluding": "2023.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-27391",
"lastModified": "2024-11-21T07:52:48.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-11T03:15:21.893",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-22355
Vulnerability from fkie_nvd - Published: 2023-05-10 14:15 - Updated: 2024-11-21 07:44
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:advisor:*:*:*:*:*:oneapi:*:*",
"matchCriteriaId": "ACFF62CB-DC95-4A03-8886-E3DE682ECF45",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:cpu_runtime:*:*:*:*:*:opencl:*:*",
"matchCriteriaId": "65B36180-4945-4A43-B2AD-B917C6FA052C",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:distribution_for_python:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1CF57C55-C87E-428C-9634-158AA00C4717",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:dpc\\+\\+_compatibility_tool:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EFA35C90-15A8-492A-82AA-EB90B5A64CC3",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:embree_ray_tracing_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B39BDDD-5AED-4E02-A856-330F54E7660A",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:fortran_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0160EA22-BD65-4674-97A0-D10CE4171895",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:implicit_spmd_program_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC2A97B-1E5D-4076-BC33-2137275B80EB",
"versionEndExcluding": "1.18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:inspector:*:*:*:*:*:oneapi:*:*",
"matchCriteriaId": "FDDBD13A-D43F-4855-912A-D1AD78C42B63",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1200A0B0-FE28-424D-B225-5A9FBA381F59",
"versionEndExcluding": "2021.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives_cryptography:*:*:*:*:*:*:*:*",
"matchCriteriaId": "92634595-EBED-490B-8C5D-E0628B5671C1",
"versionEndExcluding": "2021.6.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:mpi_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "73AD7DE0-4634-4760-863D-705CEFF0D531",
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_base_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F68C74-6AEB-4586-A9A1-2AA4CABC992D",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_data_analytics_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDFCC4E-E137-40BA-B6A3-9650D8FB9DA9",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_deep_neural_network_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12E76EDE-CA0D-4861-80EE-A7A860F2F6AE",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+\\/c\\+\\+_compiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91F934F2-5D53-449D-8033-31C01BF99A1E",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_dpc\\+\\+_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF697BE5-6DDE-40AD-853F-CA1C05638E1C",
"versionEndExcluding": "2022.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6728C973-7E1D-46EB-BE07-E572A09B5D96",
"versionEndExcluding": "2023.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_hpc_toolkit:2023.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0726E01-A9D7-4D32-92C5-4D7673A7DDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_iot_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "04049E09-EA46-4270-844A-722AD33E9305",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_math_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "42A7BFFF-DEB1-42F4-984F-3462DEF40A41",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_rendering_toolkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9962AA12-66F5-4545-88FE-2EF3A671E904",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_threading_building_blocks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85C9E5C6-95FA-4C62-B18A-13FAE13E3AD5",
"versionEndExcluding": "2021.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_toolkit_and_component_software_installers:*:*:*:*:*:*:*:*",
"matchCriteriaId": "850130A2-4C4D-4E0A-A5B6-62619B673290",
"versionEndExcluding": "4.3.0.251",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:oneapi_video_processing_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06201FF4-6ED4-4E41-A356-738A4E5F8AEC",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_image_denoise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "65B820BD-07FB-48AC-B3E4-F3DCAB991C9B",
"versionEndExcluding": "1.4.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:open_volume_kernel_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7C18F6-10F1-49DC-93BC-C5A0A170F404",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA13265-18CF-46A0-89FE-2249E9DAF597",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:ospray_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BABB997-985A-4BAC-93CA-FB7CD0CE545F",
"versionEndExcluding": "2023.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7E18CB-DCAF-4EA3-95BE-4FF68783E2C8",
"versionEndExcluding": "2021.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:vtune_profiler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B852D3CA-B710-4686-9414-5D0FDEF0C4B3",
"versionEndExcluding": "2023.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"id": "CVE-2023-22355",
"lastModified": "2024-11-21T07:44:37.140",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "secure@intel.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-10T14:15:27.240",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "secure@intel.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-12155
Vulnerability from fkie_nvd - Published: 2018-12-05 21:29 - Updated: 2024-11-21 03:44
Severity ?
Summary
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | integrated_performance_primitives | * | |
| intel | integrated_performance_primitives | 2019 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1A7F24-DDA8-48D2-BBBE-AF231E78FB08",
"versionEndExcluding": "2019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "231F4E62-83E7-414D-ADDB-1B1C90A7814B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Filtrado de datos en las bibliotecas criptogr\u00e1ficas de Intel IPP en versiones anteriores a la 2019 update1 podr\u00edan permitir que un usuario autenticado habilite la divulgaci\u00f3n de informaci\u00f3n mediante acceso local."
}
],
"id": "CVE-2018-12155",
"lastModified": "2024-11-21T03:44:40.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T21:29:00.467",
"references": [
{
"source": "secure@intel.com",
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-5682
Vulnerability from fkie_nvd - Published: 2017-02-28 19:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.
References
| URL | Tags | ||
|---|---|---|---|
| secure@intel.com | http://www.securityfocus.com/bid/96482 | Third Party Advisory, VDB Entry | |
| secure@intel.com | https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96482 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070&languageid=en-fr | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | advisor | 2017 | |
| intel | cryptography_for_intel_integrated_performance_primitives | 2017 | |
| intel | data_analytics_acceleration_library | 2017 | |
| intel | inspector | 2017 | |
| intel | integrated_performance_primitives | 2017 | |
| intel | math_kernel_library | 2017 | |
| intel | mpi_library | 2017 | |
| intel | parallel_studio_xe | 2017 | |
| intel | system_studio | 2017 | |
| intel | threading_building_blocks | 2017 | |
| intel | trace_analyzer_and_collector | 2017 | |
| intel | vtune_amplifier | 2017 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:advisor:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "83E6F5FC-D325-4C8C-82E9-82B5FFCEB083",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:cryptography_for_intel_integrated_performance_primitives:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "91AFB020-6F26-4D0D-A373-5E6341975421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:data_analytics_acceleration_library:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B40F7BDC-1317-480B-9B23-1F13758543D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:inspector:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "D9644872-437C-4AD5-9D7C-811E527CC13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "B67785D4-D084-4C3E-81E6-B6C5BD110885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:math_kernel_library:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "7B94882E-342F-4D87-A0D2-6F0C9282B096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:mpi_library:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "6B60FA44-7160-4D1A-98AE-744FC2C91B88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:parallel_studio_xe:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "E9DFA92D-02DD-4623-A7A5-B7780CE24996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:system_studio:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "1314F593-5448-4458-A7FF-A479909C0147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:threading_building_blocks:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "096729CA-6729-480D-BEDD-B294DCB3B789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:trace_analyzer_and_collector:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "73D61D38-EC35-4C15-996C-28484709A42D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:intel:vtune_amplifier:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A8F80A-95C3-44A1-BB71-8E1A3581B8D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
},
{
"lang": "es",
"value": "Intel PSET Application Install wrapper de Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer y Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library y Intel Threading Building Blocks en versiones anteriores a 2017 Update 2 permite a un atacante iniciar un proceso con privilegios escalados."
}
],
"id": "CVE-2017-5682",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-28T19:59:00.160",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96482"
},
{
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-8100
Vulnerability from fkie_nvd - Published: 2016-10-10 16:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
References
| URL | Tags | ||
|---|---|---|---|
| secure@intel.com | http://www.securityfocus.com/bid/93484 | Third Party Advisory, VDB Entry | |
| secure@intel.com | https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93484 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060&languageid=en-fr | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| intel | integrated_performance_primitives | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:integrated_performance_primitives:*:*:*:*:*:*:*:*",
"matchCriteriaId": "955708C3-A669-4AB7-8DCD-E620775EF331",
"versionEndIncluding": "9.0.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
},
{
"lang": "es",
"value": "Intel Integrated Performance Primitives (tambi\u00e9n conocido como IPP) Cryptography en versiones anteriores a 9.0.4 hace m\u00e1s f\u00e1cil para los usuarios locales descubrir las claves privadas RSA a trav\u00e9s un ataque de canal lateral."
}
],
"id": "CVE-2016-8100",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-10T16:59:03.577",
"references": [
{
"source": "secure@intel.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"source": "secure@intel.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
],
"sourceIdentifier": "secure@intel.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-28952 (GCVE-0-2024-28952)
Vulnerability from cvelistv5 – Published: 2024-11-13 21:08 – Updated: 2024-11-14 19:45
VLAI?
Summary
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) IPP software for Windows |
Affected:
before version 2021.12.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:ipp_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipp_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2021.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:11:29.126816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:45:54.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) IPP software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2021.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T21:08:12.272Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-28952",
"datePublished": "2024-11-13T21:08:12.272Z",
"dateReserved": "2024-04-19T03:00:02.641Z",
"dateUpdated": "2024-11-14T19:45:54.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28887 (GCVE-0-2024-28887)
Vulnerability from cvelistv5 – Published: 2024-08-14 13:45 – Updated: 2024-08-14 16:17
VLAI?
Summary
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) IPP software |
Affected:
before version 2021.11
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:ipp_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipp_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2021.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:15:25.168889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:17:22.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) IPP software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2021.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:45:17.115Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-28887",
"datePublished": "2024-08-14T13:45:17.115Z",
"dateReserved": "2024-03-15T03:00:05.703Z",
"dateUpdated": "2024-08-14T16:17:22.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28823 (GCVE-0-2023-28823)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-15 19:05
VLAI?
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.1.493
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:05:28.498960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:05:50.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.1.493"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:17.988Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28823",
"datePublished": "2023-08-11T02:37:17.988Z",
"dateReserved": "2023-04-07T03:00:04.506Z",
"dateUpdated": "2024-10-15T19:05:50.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27391 (GCVE-0-2023-27391)
Vulnerability from cvelistv5 – Published: 2023-08-11 02:37 – Updated: 2024-10-15 15:08
VLAI?
Summary
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.1.493
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T15:08:31.237109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:08:54.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.1.493"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:17.469Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27391",
"datePublished": "2023-08-11T02:37:17.469Z",
"dateReserved": "2023-04-07T03:00:04.388Z",
"dateUpdated": "2024-10-15T15:08:54.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22355 (GCVE-0-2023-22355)
Vulnerability from cvelistv5 – Published: 2023-05-10 13:17 – Updated: 2025-01-24 17:36
VLAI?
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.0.251
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T17:36:23.211884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T17:36:46.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.0.251"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:14.480Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22355",
"datePublished": "2023-05-10T13:17:14.480Z",
"dateReserved": "2023-01-07T04:00:03.309Z",
"dateUpdated": "2025-01-24T17:36:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12155 (GCVE-0-2018-12155)
Vulnerability from cvelistv5 – Published: 2018-12-05 21:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Intel Integrated Performance Primitives |
Affected:
before 2019 update 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Integrated Performance Primitives",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "before 2019 update 1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T18:06:08",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Integrated Performance Primitives",
"version": {
"version_data": [
{
"version_value": "before 2019 update 1"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-25662",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12155",
"datePublished": "2018-12-05T21:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:57.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5682 (GCVE-0-2017-5682)
Vulnerability from cvelistv5 – Published: 2017-02-28 19:00 – Updated: 2024-08-05 15:11
VLAI?
Summary
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2 |
Affected:
Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-02T10:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2017-5682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
"version": {
"version_data": [
{
"version_value": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-5682",
"datePublished": "2017-02-28T19:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8100 (GCVE-0-2016-8100)
Vulnerability from cvelistv5 – Published: 2016-10-10 16:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "93484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93484"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8100",
"datePublished": "2016-10-10T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28952 (GCVE-0-2024-28952)
Vulnerability from nvd – Published: 2024-11-13 21:08 – Updated: 2024-11-14 19:45
VLAI?
Summary
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) IPP software for Windows |
Affected:
before version 2021.12.0
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:ipp_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipp_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2021.12.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:11:29.126816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:45:54.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) IPP software for Windows",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2021.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T21:08:12.272Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01140.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-28952",
"datePublished": "2024-11-13T21:08:12.272Z",
"dateReserved": "2024-04-19T03:00:02.641Z",
"dateUpdated": "2024-11-14T19:45:54.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28887 (GCVE-0-2024-28887)
Vulnerability from nvd – Published: 2024-08-14 13:45 – Updated: 2024-08-14 16:17
VLAI?
Summary
Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) IPP software |
Affected:
before version 2021.11
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:intel:ipp_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ipp_software",
"vendor": "intel",
"versions": [
{
"lessThan": "2021.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28887",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-14T16:15:25.168889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T16:17:22.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) IPP software",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 2021.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) IPP software before version 2021.11 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-14T13:45:17.115Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01129.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2024-28887",
"datePublished": "2024-08-14T13:45:17.115Z",
"dateReserved": "2024-03-15T03:00:05.703Z",
"dateUpdated": "2024-08-14T16:17:22.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28823 (GCVE-0-2023-28823)
Vulnerability from nvd – Published: 2023-08-11 02:37 – Updated: 2024-10-15 19:05
VLAI?
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.1.493
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T13:51:38.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28823",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T19:05:28.498960Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:05:50.922Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.1.493"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:17.988Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-28823",
"datePublished": "2023-08-11T02:37:17.988Z",
"dateReserved": "2023-04-07T03:00:04.506Z",
"dateUpdated": "2024-10-15T19:05:50.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27391 (GCVE-0-2023-27391)
Vulnerability from nvd – Published: 2023-08-11 02:37 – Updated: 2024-10-15 15:08
VLAI?
Summary
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-284 - Improper access control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.1.493
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"tags": [
"x_transferred"
],
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-27391",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T15:08:31.237109Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T15:08:54.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.1.493"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-284",
"description": "Improper access control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-11T02:37:17.469Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html",
"url": "http://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00890.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-27391",
"datePublished": "2023-08-11T02:37:17.469Z",
"dateReserved": "2023-04-07T03:00:04.388Z",
"dateUpdated": "2024-10-15T15:08:54.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22355 (GCVE-0-2023-22355)
Vulnerability from nvd – Published: 2023-05-10 13:17 – Updated: 2025-01-24 17:36
VLAI?
Summary
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.
Severity ?
6.7 (Medium)
CWE
- escalation of privilege
- CWE-427 - Uncontrolled search path
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel(R) oneAPI Toolkit and component software installers |
Affected:
before version 4.3.0.251
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
"tags": [
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-22355",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-24T17:36:23.211884Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-24T17:36:46.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) oneAPI Toolkit and component software installers",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version 4.3.0.251"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "escalation of privilege",
"lang": "en"
},
{
"cweId": "CWE-427",
"description": "Uncontrolled search path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-10T13:17:14.480Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2023-22355",
"datePublished": "2023-05-10T13:17:14.480Z",
"dateReserved": "2023-01-07T04:00:03.309Z",
"dateUpdated": "2025-01-24T17:36:46.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12155 (GCVE-0-2018-12155)
Vulnerability from nvd – Published: 2018-12-05 21:00 – Updated: 2024-08-05 08:30
VLAI?
Summary
Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access.
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Intel Corporation | Intel Integrated Performance Primitives |
Affected:
before 2019 update 1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:57.506Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Integrated Performance Primitives",
"vendor": "Intel Corporation",
"versions": [
{
"status": "affected",
"version": "before 2019 update 1"
}
]
}
],
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-18T18:06:08",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Integrated Performance Primitives",
"version": {
"version_data": [
{
"version_value": "before 2019 update 1"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Data leakage in cryptographic libraries for Intel IPP before 2019 update1 release may allow an authenticated user to potentially enable information disclosure via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00202.html"
},
{
"name": "http://support.lenovo.com/us/en/solutions/LEN-25662",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/solutions/LEN-25662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2018-12155",
"datePublished": "2018-12-05T21:00:00",
"dateReserved": "2018-06-11T00:00:00",
"dateUpdated": "2024-08-05T08:30:57.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-5682 (GCVE-0-2017-5682)
Vulnerability from nvd – Published: 2017-02-28 19:00 – Updated: 2024-08-05 15:11
VLAI?
Summary
Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges.
Severity ?
No CVSS data available.
CWE
- Escalation of Privilege
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2 |
Affected:
Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:11:48.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96482"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
}
]
}
],
"datePublic": "2017-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escalation of Privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-02T10:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96482"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2017-5682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2",
"version": {
"version_data": [
{
"version_value": "Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, Intel Threading Building Blocks Before 2017 Update 2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00070\u0026languageid=en-fr"
},
{
"name": "96482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96482"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2017-5682",
"datePublished": "2017-02-28T19:00:00",
"dateReserved": "2017-02-01T00:00:00",
"dateUpdated": "2024-08-05T15:11:48.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-8100 (GCVE-0-2016-8100)
Vulnerability from nvd – Published: 2016-10-10 16:00 – Updated: 2024-08-06 02:13
VLAI?
Summary
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:13:21.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "93484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "93484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93484"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2016-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93484"
},
{
"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr",
"refsource": "CONFIRM",
"url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00060\u0026languageid=en-fr"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2016-8100",
"datePublished": "2016-10-10T16:00:00",
"dateReserved": "2016-09-09T00:00:00",
"dateUpdated": "2024-08-06T02:13:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}