Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-0164

Summary
Assigner-intel
Assigner Org ID-6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At-13 Jun, 2019 | 15:36
Updated At-04 Aug, 2024 | 17:44
Rejected At-
Credits

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:intel
Assigner Org ID:6dda929c-bb53-4a77-a76d-48e79601a1ce
Published At:13 Jun, 2019 | 15:36
Updated At:04 Aug, 2024 | 17:44
Rejected At:
▼CVE Numbering Authority (CNA)

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Affected Products
Vendor
n/a
Product
Intel(R) Turbo Boost Max Technology 3.0
Versions
Affected
  • 1.0.0.1035 and before
Problem Types
TypeCWE IDDescription
textN/AEscalation of Privilege
Type: text
CWE ID: N/A
Description: Escalation of Privilege
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/108770
vdb-entry
x_refsource_BID
https://support.lenovo.com/us/en/product_security/LEN-27841
x_refsource_CONFIRM
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/108770
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-27841
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/108770
vdb-entry
x_refsource_BID
x_transferred
https://support.lenovo.com/us/en/product_security/LEN-27841
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/108770
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-27841
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@intel.com
Published At:13 Jun, 2019 | 16:29
Updated At:02 Mar, 2023 | 16:12

Improper permissions in the installer for Intel(R) Turbo Boost Max Technology 3.0 driver version 1.0.0.1035 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.3HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Primary2.04.4MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.3
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.4
Base severity: MEDIUM
Vector:
AV:L/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
Intel Corporation
intel
>>turbo_boost_max_technology_3.0>>Versions up to 1.0.0.1035(inclusive)
cpe:2.3:a:intel:turbo_boost_max_technology_3.0:*:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p410_firmware>>-
cpe:2.3:o:lenovo:thinkstation_p410_firmware:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p410>>-
cpe:2.3:h:lenovo:thinkstation_p410:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p510_firmware>>-
cpe:2.3:o:lenovo:thinkstation_p510_firmware:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p510>>-
cpe:2.3:h:lenovo:thinkstation_p510:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p710_firmware>>-
cpe:2.3:o:lenovo:thinkstation_p710_firmware:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p710>>-
cpe:2.3:h:lenovo:thinkstation_p710:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p910_firmware>>-
cpe:2.3:o:lenovo:thinkstation_p910_firmware:-:*:*:*:*:*:*:*
Lenovo Group Limited
lenovo
>>thinkstation_p910>>-
cpe:2.3:h:lenovo:thinkstation_p910:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-264Primarynvd@nist.gov
CWE ID: CWE-264
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/108770secure@intel.com
Broken Link
Third Party Advisory
VDB Entry
https://support.lenovo.com/us/en/product_security/LEN-27841secure@intel.com
Third Party Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.htmlsecure@intel.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/108770
Source: secure@intel.com
Resource:
Broken Link
Third Party Advisory
VDB Entry
Hyperlink: https://support.lenovo.com/us/en/product_security/LEN-27841
Source: secure@intel.com
Resource:
Third Party Advisory
Hyperlink: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00243.html
Source: secure@intel.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

119Records found
CVE-2022-37340
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 24.80%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) QAT drivers for Windows before version 1.6 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-37329
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 31.45%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_software_development_kitquartus_primeIntel(R) Quartus(R) Prime Pro and Standard Edition software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-36397
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 19.13%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 20:00
Updated-27 Jan, 2025 | 18:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect default permissions in the software installer for some Intel(R) QAT drivers for Linux before version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quickassist_technologyIntel(R) QAT drivers for Linux
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2022-36380
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc5ppyhnuc_kit_nuc6caysnuc_kit_wireless_adapter_driver_installernuc_kit_nuc5pgyhnuc_kit_nuc6cayhnuc_board_nuc8cchbnuc_8_rugged_kit_nuc8cchkrIntel(r) NUC Kit Wireless Adapter drivers for Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-33902
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.11% / 29.40%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CVE-2022-33892
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.88%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-36384
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-04 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_kit_nuc5ppyhnuc_kit_nuc6caysnuc_kit_wireless_adapter_driver_installernuc_kit_nuc5pgyhnuc_kit_nuc6cayhnuc_board_nuc8cchbnuc_8_rugged_kit_nuc8cchkrIntel(r) NUC Kit Wireless Adapter drivers for Windows 10
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2022-26840
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.10% / 28.52%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-quartus_primeIntel(R) Quartus Prime Pro and Standard edition software
CVE-2018-18098
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.05% / 14.77%
||
7 Day CHG~0.00%
Published-10 Jan, 2019 | 20:00
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local access.

Action-Not Available
Vendor-Microsoft CorporationIntel Corporation
Product-sgx_platform_softwarewindowssgx_sdkIntel(R) SGX SDK and Platform Software for Windows
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-0354
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.05% / 15.68%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_updateSystem Update
CVE-2022-26032
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-distribution_for_pythonIntel(R) Distribution for Python programming language for Intel(R) oneAPI Toolkits
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26062
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) Trace Analyzer and Collector before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectorIntel(R) Trace Analyzer and Collector for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26345
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 19.32%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Toolkit OpenMP before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-openmpIntel(R) oneAPI Toolkit OpenMP
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26421
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI DPC++/C++ Compiler Runtime before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_dpc\+\+\/c\+\+_compiler_runtimeIntel(R) oneAPI DPC++/C++ Compiler Runtime
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-25905
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 22.03%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Data Analytics Library (oneDAL) before version 2021.5 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_data_analytics_libraryIntel(R) oneAPI Data Analytics Library (oneDAL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26052
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) MPI Library before version 2021.6 for Intel(R) oneAPI HPC Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-mpi_libraryIntel(R) MPI Library for Intel(R) oneAPI HPC Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26086
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.06% / 17.34%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:48
Updated-05 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the PresentMon software maintained by Intel(R) before version 1.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-gametechdev_presentmonPresentMon software maintained by Intel(R)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26076
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Deep Neural Network (oneDNN) before version 2022.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_deep_neural_networkIntel(R) oneAPI Deep Neural Network (oneDNN)
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26028
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.07% / 20.73%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 15:49
Updated-29 Jan, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-vtune_profilerIntel(R) VTune(TM) Profiler software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26425
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) oneAPI Collective Communications Library (oneCCL) before version 2021.6 for Intel(R) oneAPI Base Toolkit may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-oneapi_collective_communications_libraryIntel(R) oneAPI Collective Communications Library (oneCCL) for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-0090
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.45% / 62.52%
||
7 Day CHG~0.00%
Published-17 May, 2019 | 15:41
Updated-04 Aug, 2024 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient access control vulnerability in subsystem for Intel(R) CSME before versions 11.x, 12.0.35 Intel(R) TXE 3.x, 4.x, Intel(R) Server Platform Services 3.x, 4.x, Intel(R) SPS before version SPS_E3_05.00.04.027.0 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_platform_servicesconverged_security_and_management_engineIntel(R) Converged Security & Management Engine (CSME), Intel(R) Server Platform Services (SPS)
CVE-2020-24485
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 39.08%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:35
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-trace_analyzer_and_collectorIntel(R) FPGA OPAE Driver for Linux
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2017-5701
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.1||HIGH
EPSS-0.07% / 22.91%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure platform configuration in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows an attacker with physical presence to run arbitrary code via unauthorized firmware modification during BIOS Recovery.

Action-Not Available
Vendor-Intel Corporation
Product-nuc7i3bnhnuc7i3bnk_firmwarenuc7i3bnh_firmwarenuc7i3bnknuc7i7bnh_firmwarenuc7i7bnhnuc7i5bnknuc7i5bnh_firmwarenuc7i5bnhnuc7i5bnk_firmwareNUC Kits
CVE-2020-24451
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-17 Feb, 2021 | 13:54
Updated-04 Aug, 2024 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-optane_dc_persistent_memory_module_managementIntel(R) Optane(TM) DC Persistent Memory installer for Windows*
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-26512
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.08% / 25.05%
||
7 Day CHG~0.00%
Published-16 Feb, 2023 | 19:59
Updated-27 Jan, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element in the Intel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit before version 2022.2 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-fpga_add-onIntel(R) FPGA Add-on for Intel(R) oneAPI Base Toolkit
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-22139
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.21% / 43.33%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 16:35
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-extreme_tuning_utilityIntel(R) XTU software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-21162
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-10 May, 2023 | 13:16
Updated-27 Jan, 2025 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_hdmi_firmware_update_toolIntel(R) HDMI Firmware Update tool for NUC
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-1513
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-1.10% / 77.11%
||
7 Day CHG-0.03%
Published-23 Aug, 2022 | 17:25
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2022-0192
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-22 Apr, 2022 | 20:30
Updated-02 Aug, 2024 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.

Action-Not Available
Vendor-Lenovo Group Limited
Product-pcmanagerPCManager
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-0598
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 16:58
Updated-04 Aug, 2024 | 06:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-binary_configuration_toolIntel(R) Binary Configuration Tool for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-33874
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.16% / 36.93%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_12_pro_board_nuc12wsbv5nuc_12_pro_kit_nuc12wshv7nuc_12_pro_kit_nuc12wskv5nuc_12_pro_board_nuc12wsbv7hid_event_filter_drivernuc_12_pro_kit_nuc12wskv7nuc_12_pro_kit_nuc12wshv5Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation softwareintel_nuc_12_pro_kits_and_mini_pcs_nuc12ws_intel_hid_event_filter_driver_installation_software
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2021-3969
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.8||HIGH
EPSS-0.42% / 60.98%
||
7 Day CHG~0.00%
Published-18 May, 2022 | 16:10
Updated-03 Aug, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Time of Check Time of Use (TOCTOU) vulnerability was reported in IMController, a software component of Lenovo System Interface Foundation, prior to version 1.1.20.3that could allow a local attacker to elevate privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-system_interface_foundationIMController
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2021-0112
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.3||HIGH
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 19:02
Updated-03 Aug, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-uniteIntel Unite(R) Client for Windows
CWE ID-CWE-428
Unquoted Search Path or Element
CVE-2021-0082
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 19:30
Updated-03 Aug, 2024 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ax1650ax1675_firmwareac_9462ac_8265ac_3165_firmwareac_9560_firmwareac_8265_firmwareax1675ax200ac_3165ac_9461ac_8260ac_9260ax1650_firmwareac_9461_firmwareac_9462_firmwareac_3168ac_9560ax200_firmware7265_firmwareac1550_firmwareac_3168_firmwareax201ax210_firmwareax201_firmwareac_9260_firmwareac1550ac_8260_firmwareax2107265Intel(R) PROSet/Wireless WiFi in Windows 10
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-8670
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-6.4||MEDIUM
EPSS-0.05% / 16.23%
||
7 Day CHG~0.00%
Published-09 Jun, 2021 | 18:50
Updated-04 Aug, 2024 | 10:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aNetApp, Inc.Intel CorporationSiemens AG
Product-xeon_platinum_8153xeon_e3-1230_v5xeon_e3-1558l_v5xeon_w-3245mxeon_e5-4610_v4xeon_e7-8894_v4xeon_gold_6146xeon_e5-2660_v3core_i7-1068ng7core_i7-1160g7xeon_e5-1680_v3xeon_d-1527xeon_e5-2697_v4xeon_gold_5115xeon_platinum_8170xeon_gold_6136xeon_w-2125core_i9-10940xxeon_e5-4610_v3xeon_e5-4650_v4xeon_e7-8880_v4xeon_gold_6138xeon_e5-1660_v4simatic_ipc547g_firmwarexeon_e7-8891_v4xeon_platinum_8164xeon_e-2226gxeon_e3-1280_v5xeon_gold_6234xeon_e5-2699r_v4xeon_w-2255xeon_d-1518core_i7-11700core_i7-6822eqcore_i7-6700texeon_e3-1501l_v6xeon_gold_6262vcore_i7-11370hxeon_e5-2683_v4xeon_platinum_8168core_i7-7600uxeon_e5-2608l_v4xeon_e5-2640_v3xeon_e-2224xeon_gold_5218xeon_e5-1620_v4core_i7-11850hxeon_d-1567xeon_e5-2630l_v3xeon_e3-1505l_v6xeon_e-2278gexeon_e5-1607_v3xeon_e5-4640_v4xeon_gold_5117xeon_gold_5122xeon_w-2245simatic_field_pg_m6_firmwarexeon_d-1587xeon_e5-2699_v3xeon_d-2191simatic_ipc427e_firmwarexeon_gold_6248rcore_i7-7820hkxeon_e5-2689_v4xeon_e7-8870_v4xeon_w-1290tcore_i5-l16g7xeon_gold_6240core_i7-6970hqxeon_gold_6262xeon_platinum_8156xeon_e-2136core_i7-10510ucore_i7-1060g7xeon_w-2265simatic_ipc527gxeon_e5-2667_v4xeon_platinum_8274xeon_w-10855mxeon_gold_6126fxeon_d-1539xeon_e3-1535m_v5simatic_ipc527g_firmwarexeon_e5-1680_v4core_i7-7700xeon_gold_5220rxeon_d-2146ntxeon_e3-1268l_v5xeon_platinum_8160fsimatic_ipc477e_firmwarexeon_e5-2658_v3simatic_field_pg_m6xeon_e5-4660_v4core_i7-8750hxeon_e3-1501m_v6xeon_gold_6250lxeon_gold_6210uxeon_d-2187ntxeon_platinum_8160mcore_i7-10700fxeon_d-2166ntxeon_e3-1270_v6xeon_e-2286mxeon_e3-1505m_v5core_i7-10750hxeon_silver_4216xeon_gold_6230xeon_platinum_8253xeon_e5-2630l_v4xeon_w-2195xeon_e5-4667_v4xeon_e5-2628l_v4xeon_e-2276gxeon_e5-2685_v3xeon_w-1390xeon_e-2186gxeon_d-2183itxeon_silver_4116txeon_e-2174gxeon_e5-2630_v4xeon_d-1622core_i7-8809gxeon_e5-4667_v3xeon_platinum_8160hcore_i7-8700bxeon_e5-2643_v3xeon_d-2145ntxeon_d-1581xeon_e5-1650_v4xeon_gold_6238xeon_e5-2630_v3xeon_w-1250pxeon_silver_4208xeon_e3-1585_v5xeon_w-2104xeon_e5-2623_v4core_i7-6560uxeon_w-2123xeon_gold_5220sxeon_w-3275msimatic_ipc477e_pro_firmwarexeon_platinum_9282xeon_e5-2683_v3core_i7-10700exeon_silver_4108xeon_gold_6130txeon_silver_4210core_i7-11700kfcloud_backupcore_i7-10870hxeon_e7-8867_v4xeon_bronze_3106xeon_w-2102simatic_ipc647e_firmwarexeon_e-2274gcore_i7-10700kxeon_e-2278gelxeon_d-1540xeon_e3-1280_v6hci_compute_node_biosxeon_e5-2698_v4xeon_platinum_8160tcore_i7-11700kxeon_d-1528xeon_silver_4214rcore_i7-6500uxeon_e5-2697_v3xeon_e5-4627_v4xeon_e-2124core_i7-10710uxeon_d-2141icore_i7-10700kfxeon_d-1541xeon_e5-2660_v4xeon_e7-4830_v4xeon_w-1250texeon_platinum_8268xeon_platinum_8176mxeon_e-2276mecore_i7-8565uxeon_gold_5222xeon_e5-2687w_v4xeon_e5-1603_v3core_i7-7560uxeon_gold_5117fxeon_e3-1535m_v6xeon_d-1548xeon_d-1649nxeon_d-1529xeon_platinum_9221xeon_e3-1220_v5xeon_platinum_8160xeon_e5-2428l_v3simatic_ipc847esimatic_ipc427ecore_i7-6700hqxeon_e7-4809_v4xeon_e5-4648_v3xeon_gold_6122xeon_silver_4123xeon_gold_6148fxeon_gold_6132biosxeon_e5-2618l_v4xeon_w-2155xeon_gold_6137core_i7-7500ucore_i7-8550uxeon_e-2224gxeon_w-2135xeon_d-1623nxeon_w-2145xeon_e-2226gecore_i7-6650uxeon_gold_6142core_i7-10610ucore_i7-8500ycore_i7-7567uxeon_silver_4214xeon_w-1390pxeon_d-2161ixeon_silver_4210rxeon_d-1632core_i7-7820hqxeon_e3-1585l_v5xeon_e5-2620_v3xeon_e5-2670_v3xeon_gold_5218bxeon_e5-2648l_v3xeon_gold_6142mxeon_e5-2609_v3xeon_e3-1275_v5xeon_e5-2438l_v3xeon_e3-1240_v5xeon_e5-2650_v3xeon_gold_6222core_i7-6567uxeon_e5-2648l_v4simatic_ipc677exeon_e5-4620_v4xeon_e7-8855_v4xeon_d-1513nxeon_d-1537xeon_e3-1515m_v5xeon_w-1290texeon_e3-1225_v5xeon_gold_6209uxeon_silver_4112xeon_d-1559xeon_w-3223xeon_gold_5120txeon_w-3175xxeon_gold_6134xeon_gold_6162xeon_e5-2628l_v3xeon_e-2254mexeon_w-3235core_i7-7y75xeon_e5-4669_v3xeon_w-2225xeon_gold_6130hxeon_w-2133core_i7-6700xeon_d-1557xeon_e5-4627_v3xeon_e7-4850_v4xeon_gold_6148xeon_e3-1505m_v6xeon_gold_6144xeon_gold_6140mxeon_gold_5220txeon_platinum_8276lxeon_w-2223xeon_e5-2679_v4core_i7-7700kcore_i7-8705gxeon_e-2276mcore_i7-8665uxeon_gold_6129xeon_platinum_9222xeon_gold_6230tcore_i7-7660ucore_i7-6600ucore_i7-8706gxeon_gold_6126tcore_i7-11700fxeon_platinum_8165xeon_w-3225xeon_gold_6135xeon_e3-1565l_v5xeon_e-2236xeon_w-1370core_i7-10850hxeon_e5-1603_v4core_i7-1185grexeon_e5-2408l_v3core_i7-11375hxeon_e3-1240_v6xeon_d-1573ncore_i7-8700core_i7-7700tcore_i7-10700txeon_e5-1630_v4xeon_e5-4660_v3xeon_gold_6246core_i7-8086kxeon_w-2295core_i7-6770hqcore_i7-8700kxeon_e5-2603_v3fas_biosxeon_e-2134xeon_e5-2667_v3xeon_gold_5215xeon_e5-4655_v3xeon_d-2143itxeon_d-2163itxeon_e5-2699_v4xeon_e3-1285_v6xeon_w-1390txeon_w-1270xeon_e3-1225_v6xeon_platinum_8284xeon_silver_4109tcore_i7-10510yxeon_e3-1240l_v5xeon_e5-2690_v3xeon_e5-4655_v4xeon_gold_5215lxeon_silver_4215rxeon_e5-2658_v4xeon_gold_6138fcore_i7-11800hxeon_e5-1630_v3simatic_ipc477exeon_silver_4210txeon_e5-2680_v3xeon_gold_6212uxeon_e3-1205_v6core_i7-7700hqxeon_w-1270texeon_silver_4114xeon_e5-2698_v3core_i7-6498duxeon_e3-1245_v5core_i7-6870hqxeon_gold_6258rxeon_bronze_3104xeon_d-1571xeon_gold_6240lxeon_gold_6238lxeon_e5-2637_v3xeon_e5-1620_v3xeon_gold_6250xeon_d-2173itcore_i7-11700txeon_w-11855mxeon_d-2123itxeon_gold_5219yxeon_e-2246gxeon_w-3265mxeon_d-1627xeon_e5-2637_v4xeon_e5-2687w_v3xeon_d-1602xeon_e7-8890_v4xeon_e5-2680_v4xeon_gold_5218tsimatic_ipc847e_firmwarexeon_e5-2697a_v4xeon_gold_6150xeon_gold_6140xeon_e5-2690_v4xeon_e5-2609_v4core_i7-7920hqxeon_platinum_8174xeon_d-1612xeon_e-2254mlxeon_e3-1545m_v5core_i7-10700simatic_ipc477e_procore_i9-10920xxeon_e3-1578l_v5core_i7-6660uxeon_e3-1270_v5xeon_gold_6126simatic_ipc647exeon_e3-1260l_v5xeon_w-1250exeon_e5-2643_v4xeon_d-1563nxeon_e5-2699a_v4core_i7-10875hxeon_e-2276mlxeon_e-2244gxeon_e-2176gxeon_gold_6142fcore_i3-l13g4core_i7-8709gsimatic_ipc627exeon_e5-4650_v3xeon_e5-2650l_v4xeon_gold_6130xeon_e-2104gxeon_platinum_8260core_i7-8557usimatic_ipc547gcore_i7-8700txeon_platinum_9242core_i7-6820hqxeon_platinum_8280lxeon_silver_4110core_i7-8650uxeon_bronze_3204xeon_gold_5119tcore_i7-1180g7core_i7-6700tcore_i7-6920hqxeon_gold_6246rxeon_e3-1230_v6xeon_gold_5217xeon_gold_6230nxeon_gold_6143xeon_w-3265xeon_gold_5218nxeon_e5-2620_v4xeon_gold_6138txeon_w-3245xeon_gold_5120simatic_ipc627e_firmwarecore_i7-1185g7core_i7-1195g7xeon_e-2124gcore_i7-1165g7xeon_e5-2618l_v3xeon_d-1523nxeon_e5-2608l_v3core_i7-10700texeon_e-2288gxeon_d-1653nxeon_gold_5220xeon_e-2234xeon_d-1577xeon_d-1637xeon_gold_6254xeon_gold_6269yxeon_silver_4114tcore_i7-6700kxeon_gold_6240yxeon_e5-4669_v4aff_biosxeon_gold_6154xeon_w-1250xeon_e5-2640_v4hci_storage_node_biosxeon_gold_6208uxeon_e7-8893_v4xeon_w-1290exeon_e5-1650_v3xeon_w-3275core_i7-11700bxeon_d-1553nxeon_e-2126gxeon_silver_4209txeon_e5-4620_v3xeon_silver_4116xeon_w-1270exeon_d-1633ncore_i7-7820eqxeon_gold_6252nxeon_e7-4820_v4xeon_gold_6244xeon_e5-2695_v3xeon_gold_6248xeon_e3-1220_v6xeon_w-1370pxeon_platinum_8280xeon_e-2186mxeon_e5-1660_v3xeon_d-1520simatic_itp1000_firmwarexeon_e-2176mcore_i7-6785rcore_i7-6820hkxeon_platinum_8256xeon_gold_6152core_i7-1060ng7xeon_e5-2623_v3xeon_platinum_8158xeon_e5-2658a_v3xeon_e5-2418l_v3xeon_w-1290pxeon_e-2286gxeon_gold_6222vxeon_platinum_8176xeon_gold_6242xeon_e3-1275_v6xeon_d-1531core_i7-10810uxeon_e3-1575m_v5xeon_e-2278gxeon_e5-2650_v4xeon_platinum_8260yxeon_e3-1505l_v5xeon_platinum_8270xeon_d-1533nxeon_gold_6242rxeon_e3-1245_v6xeon_gold_6128xeon_silver_4215xeon_d-2142itxeon_platinum_8180mcore_i7-8850hxeon_gold_5118xeon_w-2235xeon_e5-2695_v4xeon_gold_6130fsimatic_itp1000xeon_w-11955mcore_i7-6820eqxeon_gold_6134mcore_i9-10900xxeon_platinum_8276xeon_gold_6238txeon_e3-1235l_v5xeon_silver_4214yxeon_e5-2603_v4core_i9-10980xexeon_e5-4628l_v4xeon_e7-8860_v4xeon_w-1350xeon_silver_4106hxeon_gold_6138pcore_i7-8665uexeon_w-1290xeon_platinum_8176fxeon_d-1524nsolidfire_biosxeon_gold_6240rxeon_w-10885mxeon_w-2275xeon_d-1543nxeon_gold_6226xeon_e-2144gxeon_gold_6256xeon_d-1521xeon_w-1350pxeon_gold_6230rcore_i7-8569uxeon_gold_6252xeon_e5-4640_v3core_i7-1185g7exeon_gold_5218rxeon_gold_6226rxeon_bronze_3206rsimatic_ipc677e_firmwarexeon_e5-1607_v4core_i7-1065g7xeon_platinum_8260lxeon_e5-1428l_v3core_i7-8559uxeon_platinum_8170mxeon_e-2146gxeon_platinum_8180xeon_d-2177ntxeon_e5-2650l_v3xeon_w-2175Intel(R) Processors
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2020-8317
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.14% / 35.16%
||
7 Day CHG~0.00%
Published-24 Jul, 2020 | 16:10
Updated-17 Sep, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges.

Action-Not Available
Vendor-Lenovo Group Limited
Product-drivers_managementDrivers Management
CWE ID-CWE-426
Untrusted Search Path
CVE-2019-6172
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-6.4||MEDIUM
EPSS-0.09% / 27.00%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 20:40
Updated-04 Aug, 2024 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential vulnerability in the SMI callback function used in Legacy USB driver using passed parameter without sufficient checking in some Lenovo ThinkPad models may allow arbitrary code execution.

Action-Not Available
Vendor-Lenovo Group Limited
Product-s340-15iwl_touchl340-17irh_firmwarezhaoyang_e43-80_kbl_firmwareqitian_m4650v330-14isk_firmwarea340-22_iwl_firmware720s-15ikb_firmwarethinkpad_e490ideacentre_730s-24ikb_firmwarev110-15ikbthinkcentre_m73p130-15ikb_firmwarethinkcentre_m720qlegion_y740-17ichgthinkpad_p51sthinkpad_p53thinkpad_e450cthinkcentre_m79_firmwareyta8900fthinkpad_p72_firmwarethinkpad_l590thinkcentre_e93_firmwarerescuer_y7000p\(1060\)130-14ikb_firmwareyangtian_ws_h81_firmwarethinkpad_p52thinkpad_e560p_firmwarethinkpad_p70aio_330-20astthinkpad_e470_firmware330-15ikbrv530s-07icb_firmwarem4500_firmwarethinkpad_e460thinkpad_yoga_11ethinkpad_x280thinkcentre_m83_firmwarethinkstation_p318_firmwarethinkpad_tablet_8_firmwarec340-14iwl_firmwarelegion_t530-28icbthinkpad_l470_firmwares540-14iwl_firmwarelegion_t730-28ico330c-14ikbs540-14iwl_touch_firmwarethinkpad_l380_firmwarelegion_y740-15ichgthinkcentre_e74_firmwarethinkpad_r590_firmwareqitian_b5900_firmwarethinkpad_t560_firmwarethinkpad_t580thinkcentre_m4500kthinkcentre_m6500t_firmwarethinkcentre_m93z_\(aio\)yoga_s940-14iwl_firmwarethinkpad_x1_yogathinkcentre_m625q_firmwarethinkpad_t570_firmwarelegion_y520t_z370legion_t530-28icb_reflash_firmwarethinkcentre_m4500t_firmwares340-14iwlqt_b415_firmwareyangtian_wf_h81_pci_firmwareqitian_m4600_firmware340c-15ikb_firmwarethinkcentre_m910x_firmwarethinkcentre_m910s_firmwareyangtian_afh110_firmwareyangtian_wf_h110_pci_firmwarethinkpad_x380_yoga_firmwareyangtian_afq150_firmwarev320-14ikby7000_2019_1050v330-14ikb_firmwarethinkpad_w540h50-30g_desktopv330-14iskyoga_s940-14iwlyangtian_tc_h81_pci_firmwarethinkcentre_x1_aiothinkpad_p52_firmwarethinkpad_s2_yoga_4th_gen_firmwarethinkcentre_m720s_firmwarethinkpad_t580_firmwarelegion_t530-28aprideacentre_720-18icb_firmwareyoga530-14ikb_firmwares540-14iwl_touchthinkcentre_m4600tthinkcentre_m920q_firmwarezhaoyang_k42-80thinkpad_t25lenovo_v720-14ikbqt_a7400s540-15iwl_firmwareaio_330-20igm_firmwarethinkpad_t460sideacentre_300s-11ish_firmware510-15iklaio_520-24ast_firmwareyangtian_mf_h81_pci330-14ikb_firmware720s_touch-15ikb_firmwarethinkpad_e570thinkcentre_m79v310-14ikbthinkstation_p318thinkcentre_m700sthinkpad_x1_extreme_firmwarev130-14ikbthinkcentre_m6600t_firmware330-15ikb_firmwarethinkpad_e550thinkcentre_m8600s_firmwarec340-14iwlv310-15ikb_firmwareyoga_730-13iwl_firmwarethinkcentre_m715q_firmwarethinkpad_tablet_10_firmwarethinkcentre_m73_firmwarethinkpad_t440qitian_b4550_firmwarethinkpad_e580thinkcentre_e73_firmwarethinkcentre_m920t_firmwarethinkcentre_e93thinkcentre_m6500s_firmwareyoga_11e_3rd_genthinkpad_p71thinkcentre_m710q330-15ikbr_touchthinkpad_10_firmwarethinkpad_p51s_firmwarethinkcentre_m710e_firmwarethinkcentre_m8500ss145-15ikbthinkpad_x250thinkcentre_m900_firmwarev310z\(yt_s3150\)_firmware330-15ich_firmwarel340-15iwltouchthinkcentre_e75sthinkcentre_m920zyangtian_mc_h81_firmwarethinkcentre_m9550zthinkcentre_e74zideacentre_720-18aprthinkcentre_m9550z_firmwarethinkpad_helix_firmwarethinkpad_t480s_firmwarelegion_y9000p_2019_firmwarethinkpad_s3_3rd_genthinkcentre_m73p_firmwarelegion_y9000p_2019v130-14ikb_firmwarexiaoxin_tide_7000-15_u42thinkcentre_m7300z_firmwarethinkcentre_m6600qthinkcentre_m8350z_firmwarev310-14isk_firmwares145-14ikb_firmwarec340-15iwlwei5-14ikb_firmwarethinksystem_odc5200-cn650s_firmwarelegion_y740-15irhg_firmwarethinkcentre_m820zv110-14ikb_firmwarev310z\(yt_s3150\)v110-14ikbthinkpad_l560_firmwarethinkcentre_s510_firmwarelegion_y730-15ich_firmware330-14ikbthinkpad_p53s_firmwares145-15ikb_firmwareyangtian_tc_h81_pciyoga_s730-13iwll340-15irh_firmwarethinkstation_p300_firmwarel340-17irhthinkpad_p52sthinkpad_t470_firmwarethinkcentre_m73_tiny_firmwarethinkcentre_m920x_firmwarethinkcentre_m6600_firmwarethinkpad_t480_firmware530s-14iwl_firmwarethinkpad_x1_carbon_firmwarerescuer_y7000p\(1060\)_firmwarelegion_c730-19icothinkcentre_m4500q_firmwarethinkpad_e580_firmwareaio520-24iku_firmwarem4550_id_firmware530s-15ikbthinkpad_t570thinkpad_l560ideacentre_510-15icb_firmwarethinkcentre_m6600tthinkpad_t590yoga_11e_4th_gen_firmwarethinkpad_t550xiaoxin-14_2019iwlthinkpad_x1_tabletwei5-14ikbxiaoxin-14_2019iwl_firmwarethinkpad_t450sqt_a7400_firmwarev130-15ikbthinkcentre_m73yangtian_ws_h81rescuer_y7000yoga_s730-13iwl_firmwarev530-22icb\(yt_s4350\)thinkstation_p310_firmwareaio520-22ikuthinkpad_tablet_8thinkcentre_e96z_firmwarethinkpad_l390_yoga_firmwaree52-80yangtian_mc_h110thinkpad_x270k43c-80thinkpad_l580_firmwarev510-15ikbthinkcentre_m715qyoga_520-14ikbh50-30g_desktop_firmwarethinkpad_p50s_firmwarelegion_y530-15ich\(1060\)_firmwareaio520-22ikl_firmwareideacentre_300s-11ishv320-15ikb_firmwarethinkpad_t440p_firmwarethinkpad_l470xiaoxin_air-14iwl_2019thinkpad_t440s_firmwarethinkpad_e570_firmwarethinkpad_s5_firmwareyogo_a940-27icb_firmwarethinkpad_t440pideacentre_310s-08asr_firmwarethinkcentre_m9350zthinkpad_tablet_10a340-22_iwllegion_y9000k_2019thinkpad_x390_yoga_firmwareyoga_11e_4th_gen730s-13iwlthinkpad_l380thinkpad_t450_firmwarelegion_t530-28apr_firmwarethinkpad_x1_yoga_firmwarethinkpad_t590_firmwares340-14iwl_touchthinkpad_s1_yoga_firmwarethinkpad_x1_extremelegion_c530-19icbyangtian_wcc_h81_pcithinkpad_l490_firmwarethinkcentre_e73syoga530-14ikbthinkpad_x1_carbonthinkpad_e560_firmwarelegion_y7000p-1060_firmwarethinkpad_t460p_firmwarexiaoxin_air_14iwlthinkcentre_m8600s330-17ich_firmwarev310-15ikbxiaoxin-15_2019iwl_firmwarethinkpad_r490yangtian_mc_h81flex-15iwlaio_330-20ast_firmwareideacentre_510a-15icblegion_y730-17ich_firmwareyoga_11e_3rd_gen_firmwarethinkcentre_m710s_firmwarethinkpad_e590xiaoxin_air_14ikbrc340-15iwl_firmwarethinkcentre_m73_tinya340-22icbthinkcentre_e74s_firmwareyangtian_wc_h110_pcithinkpad_p1_firmwarethinkpad_s5_yoga_15v330-15igma340-22ast_firmwareqt_m410xiaoxin_air_15iwlthinkpad_yoga_11e_firmware330-14ikbryoga_730-13ikbv510-15ikb_firmwarev410z\(yt_s4250\)aio520-22iklthinkpad_l480_firmwarethinkpad_x380_yoga530s-15iwl_firmwarexiaoxin_air_13iwl_firmwareaio520-24ikurescuer_y7000pthinkpad_x131ethinkstation_p320rescuer_y7000p_firmwareqitian_4500thinkcentre_m93_firmwareyoga_730-13iwlv520t-15iklthinkcentre_m710t_firmwares340-14iwl_firmwareqitian_a815v510z_\(yt_s5250\)_firmwarethinksystem_hr650x_\(skl\)_firmwarethinkpad_l450qitian_m4650_firmwarethinkpad_t470s_firmwarethinkcentre_e73s_firmwareaio520-24ikl_firmwarezhaoyang_e53-80thinkpad_r590thinkpad_p50aio_520-24aste42-80_firmwarethinkcentre_m800_firmware530s-15ikb_firmwarethinkpad_p43s_\(20rx\)_firmwarev330-15ikbideacentre_310s-08igm_firmwarethinkcentre_m700tthinkpad_t440sqt_b415s340-15iwl_firmwareyangtian_we_h110_firmware330-15ikbflex_5-1570\(r\)thinkpad_p70_firmwarexx_chao5000-ikbra_firmwarethinkpad_13thinkpad_t470thinkcentre_m7300zs530-13iwl_firmwarethinkcentre_m700s_firmwarethinkcentre_e74lenovo_v720-14ikb_firmwarelegion_y530-15ich_firmwareyangtian_mc_h110_pciqitian_m4550330c-15ikbrthinkpad_e480v520s-08iklxiaoxin_air_14iwl_firmwarethinkpad_l380_yoga330-17ikbr_firmwarethinkpad_s3thinkcentre_m8600t_firmwarethinkcentre_m820z_firmware720s_touch-15ikblegion_y7000p-1060thinkpad_e470xiaoxin-14iwl_qc_2019720s-14ikbrthinkcentre_m4600t_firmwarerescuer_y7000_firmwarem4500yangtian_afh110a340-24_iwlthinkpad_helixflex_6-14ikbthinkpad_w550s_firmwarev320-17ikbrxiaoxin-15_2019iwlyangtian_mf_h110_pci_firmwareideacentre_700thinkcentre_m900z_firmwareideacentre_310s-08asr720s-15ikbthinkcentre_m83z_\(aio\)_firmwarethinkcentre_m720q_firmwarethinkcentre_m715sthinkpad_l460_firmwarethinkcentre_s510thinkpad_w541thinkcentre_m715q_rrthinkcentre_m700za340-22icb_firmwarethinkcentre_e95z_firmwarexiaoxin_air-15iwl_2019_firmwarethinkcentre_e96zthinkcentre_m818z_firmwarev530-22icb\(yt_s4350\)_firmwaremiix_720-12ikb_firmwarewei5-15ikbthinkpad_x240s_firmwarea340-24_iwl_firmwarethinkcentre_m715q_rr_firmwarethinkpad_l460yoga_520-14ikb_firmware510s-08ikl_firmwarethinkcentre_m710ea340-22ast330c-14ikb_firmwarev410z\(yt_s4250\)_firmwarethinkstation_p310thinkpad_s2_yoga_4th_genthinksystem_odc5200-cn650sthinkcentre_m4500sthinkpad_11ethinkstation_e32_firmwarethinkpad_t460pthinkpad_p1s340-15iwlthinkpad_x140elegion_y520t_z370_firmwareideacentre_510-15icbideacentre_510s-08ish340c-15ikbthinkpad_l380_yoga_firmwarethinkpad_x1_tablet_firmware530s-14ikb_firmwarev320-14ikb_firmwarethinkcentre_m920tthinkcentre_m715t_firmwarethinkpad_x390thinkcentre_m710tthinkpad_s540v520s-08ikl_firmwarethinkcentre_m720ty7000_2019_1050_firmwarev110-15ikb_firmwarelegion_t530-28apr_reflashlegion_c530-19icb_firmwares540-15iwll340-15irhideacentre_700_firmwareqt_m415_firmware340c-15iwlv130-15ikb_firmwarethinkpad_s3_firmwarexiaoxin_air-14iwl_2019_firmware330c-15ikbr_firmwarev310-14iskxiaoxin_tide_7000-15_u22thinkpad_s531_firmwarethinkpad_t490_firmwareqitian_b4650_firmwarev540-24iwl\(yt_s5430\)330-15ikbr_firmwarezhaoyang_k42-80_firmwarethinkpad_l390_yogayoga_730-15ikb_firmwareflex_6-1470aio520-24iklthinkpad_x240_firmwarethinkcentre_m4600s_firmwarethinkpad_l450_firmwarethinkcentre_m700z_firmwarethinkpad_13_firmwaremiix_720-12ikblegion_y740-17irhgxiaoxin_air-15iwl_2019thinkpad_l570_firmwarethinkpad_w540_firmwareflex-14iwlflex-15iwl_firmwareyangtian_mc_h110_pci_firmwarethinkpad_e550cthinkpad_e490sthinkcentre_e95zv330-15isklegion_t530-28icb_reflashwei5-15ikb_firmware330-17ikbthinkpad_s540_firmware330-17ichthinkcentre_m600_firmwarev730-15ikb_firmwarea340-24icbthinkcentre_m910q_firmwares340-15iwl_touch_firmwareqt_m410_firmwarethinkpad_s2_yoga_3rd_gen_firmwarethinkcentre_m910zs340-14iwl_touch_firmwarethinkcentre_m920sthinkcentre_m710q_firmwareqitian_4500_firmwarethinkpad_x390_yogathinkcentre_m818zqt_m415thinkcentre_m8600tthinkpad_s1_yogathinkpad_e560thinksystem_hr650x_\(skl\)yangtian_mf_h110_pcithinkcentre_m910qrescuer_y7000\(1060\)510s-08iklideacentre_720-18apr_firmwarethinkcentre_m720s340c-15iwl_firmwarethinkcentre_m90n-1_firmwarexiaoxin_air_15ikbr_firmwarethinkpad_p43s_\(20rx\)v330-15igm_firmware530s-14ikbyangtian_wcc_h81_pci_firmwarethinkcentre_m810zyangtian_afh81_firmwarethinkcentre_m9500zthinkpad_x131e_firmwarethinkcentre_m810z_firmwareflex_6-1470_firmwarev510z_\(yt_s5250\)m4550_idv330-14ikbthinkpad_e480_firmwareflex_6-14ikb_firmwarethinkstation_p300thinkcentre_m6600yangtian_me_h110_firmwarel340-15iwl330-14ikbr_firmwareyangtian_wf_h110_pcithinkpad_t540pthinkcentre_m6600sthinkpad_t540p_firmwarelegion_y530-15ich\(1060\)thinkpad_t460_firmwarethinkpad_t460s_firmwarethinkstation_p330330-17ikbrl340-17iwl_firmwarethinkcentre_m700qthinkpad_x270_firmware63_firmwarethinkpad_s2_yoga_3rd_genthinkcentre_m6500sthinkcentre_m8500s_firmwarethinkpad_l490aio520-24arr330-15ichxiaoxin_tide_7000-15_u22_firmwarethinkpad_p71_firmware330c-15ikb_firmwareqitian_b4650thinkpad_l590_firmwarethinkcentre_e75tthinkcentre_m4500qs145-15iwl_firmwarexiaoxin_air_15iwl_firmwareqitian_a815_firmwareyta8900f_firmwarethinkpad_x260s145-15iwlthinkcentre_m910tthinkpad_x250_firmware530s-15iwl330c-15ikbthinkpad_yoga_260-s1thinkcentre_e75t_firmwarethinkstation_p330_firmwarethinkpad_s5_2nd_generation_firmwareaio_330-20igmaio520-27ikl_firmwaree52-80_firmwarethinkcentre_m920qthinkpad_p50_firmwarethinkpad_s3_3rd_gen_firmwarethinkcentre_m4500s_firmwarethinkcentre_m720t_firmwarethinkpad_x260_firmwarelegion_y730-15ichthinkpad_e590_firmwarezhaoyang_e53-80_firmwarethinkstation_p320_tinythinkcentre_m800thinkpad_t450thinkcentre_m800zthinkcentre_m900yangtian_mc_h110_firmwarethinkpad_t490thinkcentre_m93p_firmwarethinkpad_x280_firmwarethinkcentre_m93thinkpad_p73_firmwarethinkstation_p330_tiny_firmwares940-14iwllegion_y740-15ichg_firmwarethinkcentre_m8350zxiaoxin-14iwl_qc_2019_firmwareyoga_730-15iwl_firmwarel340-17iwls530-13iwlthinkcentre_m625qthinkpad_w550sthinkpad_l480thinkpad_e450_firmwarethinkpad_t460thinkpad_x390_firmware330-17ikb_firmwarethinkpad_r490_firmwares540-14iwls145-14ikbthinkpad_t440_firmwarethinkcentre_m8500tthinkcentre_m83z_\(aio\)thinkcentre_m93plegion_t530-28icb_firmware330-15ikbr_touch_firmwareideacentre_510a-15icb_firmwarexiaoxin_air_13iwlv320-17ikbr_firmwareideacentre_730s-24ikbflex-14iwl_firmwarev530-24icb\(yt_s5350\)xx_chao5000-ikbrathinkpad_10thinkcentre_m700q_firmwareyangtian_me_h110legion_y740-17ichg_firmwareqitian_b5900v310-15iskv530s-07icb63thinkpad_yoga_370yangtian_afq150aio520-24arr_firmwarev310-14ikb_firmwarek43c-80_firmware130-14ikbqitian_b4550thinkpad_e550c_firmwareideacentre_310s-08igmthinkpad_x140e_firmwareideacentre_300-20ish_firmwarethinkstation_p330_tinyyangtian_mf_h81_pci_firmwarea340-24icb_firmwarethinkcentre_m9350z_firmwarethinkpad_x240legion_y740-17irhg_firmwarethinkcentre_m800z_firmwareyoga_730-15iwlthinkpad_t450s_firmwarethinkcentre_m9500z_firmwarexiaoxin_air_14ikbr_firmwarethinkcentre_m920s_firmwarethinkpad_p52s_firmwareideacentre_720-18icbthinkcentre_m920z_firmwarethinkpad_t550_firmwarethinkcentre_m4600sthinkcentre_e74sv510-14ikb_firmwarethinkcentre_m610thinkpad_s531thinkpad_yoga_260-s1_firmwareideacentre_300-20ishthinkpad_t25_firmwareyangtian_wf_h81_pcithinkcentre_m920xyangtian_ytm6900e-00_firmwares940-14iwl_firmwarethinkcentre_m90n-1m4500_id_firmwarethinkcentre_e73720s-14ikbr_firmwareflex_5-1570\(r\)_firmwarelegion_y740-15irhgthinkcentre_m6500tv330-15ikb_firmwarethinkcentre_m910xrescuer_y7000\(1060\)_firmwarethinkcentre_m6600s_firmwarethinkpad_p53sthinkpad_t480sthinkpad_w541_firmwarethinkpad_p51_firmwarethinkcentre_m910sl340-15iwl_firmwareyangtian_ms_h81_firmwarelegion_c730-19ico_firmwareqitian_m4600thinkpad_e460_firmwarethinkstation_p320_firmwarethinkpad_11e_firmwarethinkpad_l570thinkcentre_m6600q_firmware530s-14iwlthinkcentre_m8500t_firmwareyangtian_ms_h81thinkpad_s5_yoga_15_firmwarezhaoyang_e43-80_kblthinkcentre_m900zthinkpad_e450c_firmwareaio520-27iklthinkpad_t490s_firmwarethinkpad_x240sideacentre_510s-08ish_firmwaree42-80thinkpad_l580yogo_a940-27icbyangtian_tc_h110_pci_firmwarelegion_t730-28ico_firmwarethinkcentre_m8300z_firmwareyangtian_we_h110thinkpad_s5_2nd_generation130-15ikb510-15ikl_firmwarelegion_y730-17ichm4500_idthinkcentre_m725syangtian_ytm6900e-00v310-15isk_firmwarethinkpad_e490s_firmwarethinkpad_s5thinkpad_t470p_firmwarethinkcentre_m725s_firmwarelegion_t530-28apr_reflash_firmwarelegion_y9000k_2019_firmwarev540-24iwl\(yt_s5430\)_firmwareyoga_730-13ikb_firmwarethinkpad_e490_firmware730s-13iwl_firmwarev320-15ikbthinkpad_t560thinkcentre_m8300zs145-14iwlthinkpad_s1_3rd_firmwarethinksystem_hr630x_\(skl\)_firmwarexiaoxin_tide_7000-15_u42_firmwarelegion_y530-15ichthinkcentre_m700t_firmwarethinkstation_p320_tiny_firmwarethinkcentre_m83thinkpad_p50sthinkpad_p53_firmwarev330-15isk_firmwarethinkcentre_e74z_firmwarethinksystem_hr630x_\(skl\)v520t-15ikl_firmwarethinkpad_s1_3rdthinkcentre_x1_aio_firmwarethinkcentre_m4500k_firmwarexiaoxin_air_15ikbrthinkcentre_e75s_firmwarethinkpad_p51v510-14ikbthinkcentre_m610_firmwareqitian_m4550_firmwarev730-15ikbthinkpad_t490sl340-15iwltouch_firmwarethinkpad_p73thinkpad_e560pthinkcentre_m93z_\(aio\)_firmwares145-14iwl_firmwarev530-24icb\(yt_s5350\)_firmwarethinkcentre_m715tyangtian_wc_h110_pci_firmwarethinkpad_t470sthinkpad_p72thinkcentre_m910t_firmwarethinkpad_e450thinkpad_t470pthinkcentre_m710syangtian_afh81thinkcentre_m4500tthinkcentre_m910z_firmwarethinkpad_yoga_370_firmwarethinkpad_e550_firmwareyoga_730-15ikbthinkcentre_m715s_firmwareaio520-22iku_firmwarethinkpad_t480thinkstation_e32thinkcentre_m600yangtian_tc_h110_pciThinkPad
CVE-2019-6165
Matching Score-8
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-8
Assigner-Lenovo Group Ltd.
CVSS Score-7.3||HIGH
EPSS-0.07% / 21.13%
||
7 Day CHG~0.00%
Published-19 Aug, 2019 | 14:56
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features.

Action-Not Available
Vendor-Lenovo Group Limited
Product-yoga_700-14iskyoga_700-11isk_firmwareyoga_700-11iskyoga_700-14isk_firmwarePaperDisplay Hotkey Service
CWE ID-CWE-426
Untrusted Search Path
CVE-2017-5722
Matching Score-8
Assigner-Intel Corporation
ShareView Details
Matching Score-8
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 13.30%
||
7 Day CHG~0.00%
Published-11 Oct, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, NUC7i3BNH, NUC7i5BNK, NUC7i5BNH, NUC7i7BNH versions BN0049 and below allows attackers with local or physical access to bypass enforcement of integrity protections via manipulation of firmware storage.

Action-Not Available
Vendor-Intel Corporation
Product-nuc7i3bnhnuc7i3bnk_firmwarenuc7i3bnh_firmwarenuc7i3bnknuc7i7bnh_firmwarenuc7i7bnhnuc7i5bnknuc7i5bnh_firmwarenuc7i5bnhnuc7i5bnk_firmwareNUC Kits
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-6195
Matching Score-6
Assigner-Lenovo Group Ltd.
ShareView Details
Matching Score-6
Assigner-Lenovo Group Ltd.
CVSS Score-4.8||MEDIUM
EPSS-0.14% / 35.29%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 17:10
Updated-16 Sep, 2024 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An authorization bypass exists in Lenovo XClarity Controller (XCC) versions prior to 3.08 CDI340V, 3.01 TEI392O, 1.71 PSI328N where a valid authenticated user with lesser privileges may be granted read-only access to higher-privileged information if 1) “LDAP Authentication Only with Local Authorization” mode is configured and used by XCC, and 2) a lesser privileged user logs into XCC within 1 minute of a higher privileged user logging out. The authorization bypass does not exist when “Local Authentication and Authorization” or “LDAP Authentication and Authorization” modes are configured and used by XCC.

Action-Not Available
Vendor-Lenovo Group Limited
Product-thinksystem_sr150thinksystem_sn550thinkagile_hx_3000thinksystem_st558thinksystem_sr158thinksystem_sr570thinkagile_vx_7000thinksystem_st250thinksystem_sr950_serverthinkagile_mx_sr650thinksystem_sr850thinkagile_vx_2000thinksystem_sr550thinksystem_sn850thinksystem_sd650_dwcthinksystem_sr530thinksystem_sr250thinksystem_sr630thinkagile_hx_7000thinksystem_st258thinkagile_vx_1000xclarity_controllerthinkagile_hx_2000thinkagile_hx_5000thinksystem_sd530thinkagile_vx_3000thinksystem_sr590thinksystem_sr860thinkagile_vx_5000thinkagile_hx_1000thinksystem_st550thinksystem_sr650thinksystem_sr258XClarity Controller (XCC)
CWE ID-CWE-264
Not Available
CWE ID-CWE-269
Improper Privilege Management
CVE-2008-7096
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.97%
||
7 Day CHG~0.00%
Published-27 Aug, 2009 | 20:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, DQ35MP, DP35DP, DG33FB, DG33BU, DG33TL, MGM965TW, D945GCPE, and DX38BT allows local administrators with ring 0 privileges to gain additional privileges and modify code that is running in System Management Mode, or access hypervisory memory as demonstrated at Black Hat 2008 by accessing certain remapping registers in Xen 3.3.

Action-Not Available
Vendor-n/aIntel Corporation
Product-biosn/a
CWE ID-CWE-264
Not Available
CVE-2019-0128
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.19%
||
7 Day CHG~0.00%
Published-13 Jun, 2019 | 15:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Chipset Device Software (INF Update Utility) before version 10.1.1.45 may allow an authenticated user to escalate privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-chipset_device_softwareIntel(R) Chipset Device Software (INF Update Utility) Advisory
CWE ID-CWE-264
Not Available
CVE-2019-0121
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.26%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-matrix_storage_managerIntel(R) Matrix Storage Manager
CWE ID-CWE-264
Not Available
CVE-2019-0135
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions in the installer for Intel(R) Accelerated Storage Manager in Intel(R) RSTe before version 5.5.0.2015 may allow an authenticated user to potentially enable escalation of privilege via local access. L-SA-00206

Action-Not Available
Vendor-n/aLenovo Group LimitedIntel Corporation
Product-thinkstation_p520_firmwarethinkstation_p520thinkstation_p720_firmwarethinkstation_p720thinkstation_p520c_firmwarerapid_storage_technology_enterprisethinkstation_p520cthinkstation_p920thinkstation_p920_firmwareIntel(R) Accelerated Storage Manager in RSTe Advisory
CWE ID-CWE-264
Not Available
CVE-2019-0129
Matching Score-6
Assigner-Intel Corporation
ShareView Details
Matching Score-6
Assigner-Intel Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2019 | 20:00
Updated-16 Sep, 2024 | 23:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-Intel Corporation
Product-usb_3.0_creator_utilityIntel(R) USB 3.0 Creator Utility
CWE ID-CWE-264
Not Available
CVE-2008-2707
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-1.48% / 80.21%
||
7 Day CHG~0.00%
Published-16 Jun, 2008 | 18:26
Updated-07 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and OpenSolaris before snv_93 allows remote attackers to cause a denial of service (network connectivity loss) via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Intel Corporation
Product-opensolarisnetwork_interface_controllersolaris_gigabit_ethernet_driversolarisn/a
CWE ID-CWE-264
Not Available
CVE-2017-18450
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.5||MEDIUM
EPSS-0.04% / 12.10%
||
7 Day CHG~0.00%
Published-02 Aug, 2019 | 16:24
Updated-05 Aug, 2024 | 21:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 64.0.21 allows certain file-chmod operations via /scripts/convert_roundcube_mysql2sqlite (SEC-255).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-264
Not Available
CVE-2008-3825
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-03 Oct, 2008 | 15:00
Updated-07 Aug, 2024 | 09:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME environment variable to an arbitrary cache filename and running the (1) su or (2) sudo program. NOTE: there may be a related vector involving sshd that has limited relevance.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-enterprise_linux_desktopenterprise_linuxn/a
CWE ID-CWE-264
Not Available
CVE-2009-4314
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 18.95%
||
7 Day CHG~0.00%
Published-14 Dec, 2009 | 17:00
Updated-16 Sep, 2024 | 23:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisray_server_softwaren/a
CWE ID-CWE-264
Not Available
CVE-2009-1630
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 29.91%
||
7 Day CHG~0.00%
Published-14 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Canonical Ltd.Linux Kernel Organization, IncopenSUSEDebian GNU/Linux
Product-esxubuntu_linuxdebian_linuxlinux_kernelopensusen/a
CWE ID-CWE-264
Not Available
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found