The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-12366 | Insufficient input validation in some Intel(R) Graphics Drivers before version 27.20.100.8587 may allow a privileged user to potentially enable an escalation of privilege via local access. | MEDIUM | Feb 17, 2021 | n/a |
| CVE-2021-46768 | Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2020-8178 | Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. | HIGH | Jul 15, 2020 | n/a |
| CVE-2019-11104 | Insufficient input validation in MEInfo software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access. | MEDIUM | Dec 19, 2019 | n/a |
| CVE-2019-11098 | Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | MEDIUM | Jul 14, 2021 | n/a |
| CVE-2019-0115 | Insufficient input validation in KMD module for Intel(R) Graphics Driver before version 10.18.14.5067 (aka 15.36.x.5067) and 10.18.10.5069 (aka 15.33.x.5069) may allow an authenticated user to potentially enable denial of service via local access. | LOW | May 21, 2019 | n/a |
| CVE-2019-11089 | Insufficient input validation in Kernel Mode module for Intel(R) Graphics Driver before version 25.20.100.6519 may allow an authenticated user to potentially enable denial of service via local access. | LOW | Nov 14, 2019 | n/a |
| CVE-2019-11085 | Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | Medium | May 31, 2019 | 10.18.44.8 (Wind River Linux LTS 18) |
| CVE-2018-12219 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to read memory via local access via local access. | LOW | Mar 22, 2019 | n/a |
| CVE-2018-12222 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an out of bound memory read via local access. | LOW | Mar 22, 2019 | n/a |
| CVE-2018-12221 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user to cause an integer overflow via local access. | MEDIUM | Mar 22, 2019 | n/a |
| CVE-2018-12216 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to execute arbitrary code via local access via local access. | HIGH | Mar 22, 2019 | n/a |
| CVE-2018-12215 | Insufficient input validation in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables a privileged user to cause a denial of service via local access. | LOW | Mar 22, 2019 | n/a |
| CVE-2019-14566 | Insufficient input validation in Intel(R) SGX SDK multiple Linux and Windows versions may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2018-12198 | Insufficient input validation in Intel(R) Server Platform Services HECI subsystem before version SPS_E5_04.00.04.393.0 may allow privileged user to potentially cause a denial of service via local access. | LOW | Mar 22, 2019 | n/a |
| CVE-2019-11114 | Insufficient input validation in Intel(R) Driver & Support Assistant version 19.3.12.3 and before may allow a privileged user to potentially enable denial of service via local access. | LOW | May 21, 2019 | n/a |
| CVE-2019-11102 | Insufficient input validation in Intel(R) DAL software for Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.10 and 14.0.10; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow a privileged user to potentially enable information disclosure via local access. | LOW | Dec 19, 2019 | n/a |
| CVE-2018-12190 | Insufficient input validation in Intel(r) CSME subsystem before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel(r) TXE before 3.1.60 or 4.0.10 may allow a privileged user to potentially enable an escalation of privilege via local access. | Medium | Mar 21, 2019 | n/a |
| CVE-2019-11180 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | HIGH | Nov 14, 2019 | n/a |
| CVE-2019-11175 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2019-11179 | Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2018-12185 | Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially execute arbitrary code via physical access. | MEDIUM | Mar 22, 2019 | n/a |
| CVE-2018-12196 | Insufficient input validation in Intel(R) AMT in Intel(R) CSME before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow a privileged user to potentially execute arbitrary code via local access. | MEDIUM | Mar 22, 2019 | n/a |
| CVE-2018-12187 | Insufficient input validation in Intel(R) Active Management Technology (Intel(R) AMT) before version 11.8.60, 11.11.60, 11.22.60 or 12.0.20 may allow an unauthenticated user to potentially cause a denial of service via network access. | MEDIUM | Mar 22, 2019 | n/a |
| CVE-2018-12188 | Insufficient input validation in Intel CSME before versions 11.8.60, 11.11.60, 11.22.60 or 12.0.20 or Intel TXE before version 3.1.60 or 4.0.10 may allow an unauthenticated user to potentially modify data via physical access. | LOW | Mar 22, 2019 | n/a |
| CVE-2018-3635 | Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | MEDIUM | Nov 14, 2018 | n/a |
| CVE-2019-0147 | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access. | LOW | Nov 14, 2019 | n/a |
| CVE-2019-0149 | Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 2.8.43 may allow an authenticated user to potentially enable a denial of service via local access. | LOW | Nov 14, 2019 | n/a |
| CVE-2018-12147 | Insufficient input validation in HECI subsystem in Intel(R) CSME before version 11.21.55, Intel® Server Platform Services before version 4.0 and Intel® Trusted Execution Engine Firmware before version 3.1.55 may allow a privileged user to potentially enable escalation of privileges via local access. | HIGH | Jun 13, 2019 | n/a |
| CVE-2019-11103 | Insufficient input validation in firmware update software for Intel(R) CSME before versions 12.0.45,13.0.10 and 14.0.10 may allow an authenticated user to potentially enable escalation of privilege via local access. | MEDIUM | Dec 19, 2019 | n/a |
| CVE-2023-20555 | Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | -- | Aug 8, 2023 | n/a |
| CVE-2018-3650 | Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. | MEDIUM | Aug 1, 2018 | n/a |
| CVE-2018-12158 | Insufficient input validation in BIOS update utility in Intel NUC FW kits downloaded before May 24, 2018 may allow a privileged user to potentially trigger a denial of service or information disclosure via local access. | MEDIUM | Oct 10, 2018 | n/a |
| CVE-2023-20522 | Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2021-46765 | Insufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within the ASP, potentially leading to a denial of service. | -- | May 9, 2023 | n/a |
| CVE-2020-12946 | Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. | MEDIUM | Nov 18, 2021 | n/a |
| CVE-2021-46773 | Insufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of integrity or code execution. | -- | May 9, 2023 | n/a |
| CVE-2021-46791 | Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | -- | Jan 11, 2023 | n/a |
| CVE-2023-37581 | Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller\'s File Upload feature.? | -- | Aug 6, 2023 | n/a |
| CVE-2018-13824 | Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks. | HIGH | Aug 30, 2018 | n/a |
| CVE-2021-22185 | Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki | LOW | Mar 26, 2021 | n/a |
| CVE-2023-0953 | Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in unauthorized access to system resources. | -- | Mar 1, 2023 | n/a |
| CVE-2021-22242 | Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | LOW | Aug 25, 2021 | n/a |
| CVE-2021-22225 | Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | LOW | Jul 9, 2021 | n/a |
| CVE-2019-14565 | Insufficient initialization in Intel(R) SGX SDK Windows versions 2.4.100.51291 and earlier, and Linux versions 2.6.100.51363 and earlier, may allow an authenticated user to enable information disclosure, escalation of privilege or denial of service via local access. | MEDIUM | Nov 14, 2019 | n/a |
| CVE-2021-26321 | Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. | MEDIUM | Nov 19, 2021 | n/a |
| CVE-2023-32259 | Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. | -- | Mar 19, 2024 | n/a |
| CVE-2022-21216 | Insufficient granularity of access control in out-of-band management in some Intel(R) Atom and Intel Xeon Scalable Processors may allow a privileged user to potentially enable escalation of privilege via adjacent network access. | -- | Feb 17, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2022-4813 | Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
| CVE-2022-4801 | Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1. | -- | Dec 28, 2022 | n/a |
