Filtered by vendor Intel
Subscribe
Total
1542 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26558 | 5 Bluetooth, Debian, Fedoraproject and 2 more | 34 Bluetooth Core Specification, Debian Linux, Fedora and 31 more | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
| Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification 2.1 through 5.2 may permit a nearby man-in-the-middle attacker to identify the Passkey used during pairing (in the Passkey authentication procedure) by reflection of the public key and the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. The attack methodology determines the Passkey value one bit at a time. | |||||
| CVE-2020-26140 | 5 Alfa, Arista, Cisco and 2 more | 388 Awus036h, Awus036h Firmware, C-100 and 385 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. | |||||
| CVE-2020-24588 | 8 Arista, Cisco, Debian and 5 more | 350 C-100, C-100 Firmware, C-110 and 347 more | 2024-11-21 | 2.9 LOW | 3.5 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | |||||
| CVE-2020-24587 | 6 Arista, Cisco, Debian and 3 more | 332 C-100, C-100 Firmware, C-110 and 329 more | 2024-11-21 | 1.8 LOW | 2.6 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | |||||
| CVE-2020-24586 | 5 Arista, Debian, Ieee and 2 more | 44 C-200, C-200 Firmware, C-230 and 41 more | 2024-11-21 | 2.9 LOW | 3.5 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. | |||||
| CVE-2020-24525 | 1 Intel | 46 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 43 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24516 | 1 Intel | 179 B460, Celeron 6305, Celeron 6305e and 176 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.17, 14.1.53, 14.5.32, 15.0.22 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-24515 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-24514 | 1 Intel | 4 Realsense Id F450, Realsense Id F450 Firmware, Realsense Id F455 and 1 more | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2020-24513 | 3 Debian, Intel, Siemens | 71 Debian Linux, Atom C3308, Atom C3336 and 68 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24512 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24509 | 1 Intel | 1 Server Platform Services | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-24507 | 2 Intel, Siemens | 409 B150, B250, B360 and 406 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24506 | 2 Intel, Siemens | 220 B360, B365, B460 and 217 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14.1.53 and 14.5.32 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24505 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24504 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-24503 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24502 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-24501 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||