Intel Quartus Prime vulnerabilities

CVE-2022-41693 [MEDIUM] CWE-427 CVE-2022-41693: Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 m Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-33902 [HIGH] CVE-2022-33902: Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software Insufficient control flow management in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-33892 [HIGH] CWE-22 CVE-2022-33892: Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenti Path traversal in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-32570 [MEDIUM] CWE-287 CVE-2022-32570: Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-26840 [HIGH] CVE-2022-26840: Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an Improper neutralization in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-34157 [MEDIUM] CVE-2022-34157: Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro E Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-37329 [MEDIUM] CWE-427 CVE-2022-37329: Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may all Uncontrolled search path in some Intel(R) Quartus(R) Prime Pro and Standard Edition software may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-26888 [LOW] CWE-79 CVE-2022-26888: Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an au Cross-site scripting in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-27187 [MEDIUM] CWE-427 CVE-2022-27187: Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before vers Uncontrolled search path element in the Intel(R) Quartus Prime Standard edition software before version 21.1 Patch 0.02std may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-27233 [MEDIUM] CWE-91 CVE-2022-27233: XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Stan XML injection in the Quartus(R) Prime Programmer included in the Intel(R) Quartus Prime Pro and Standard edition software may allow an unauthenticated user to potentially enable information disclosure via network access.

CVE-2022-21220 [HIGH] CWE-611 CVE-2022-21220: Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21204 [HIGH] CWE-276 CVE-2022-21204: Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an auth Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21174 [HIGH] CVE-2022-21174: Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before v Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21203 [HIGH] CWE-281 CVE-2022-21203: Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition b Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21205 [HIGH] CWE-611 CVE-2022-21205: Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Pri Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access.

CVE-2021-44454 [HIGH] CWE-20 CVE-2021-44454: Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition befor Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-24454 [HIGH] CWE-611 CVE-2020-24454: Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access.

CVE-2020-8767 [MEDIUM] CWE-755 CVE-2020-8767: Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2020-8737 [MEDIUM] CVE-2020-8737: Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access.

CVE-2019-14603 [HIGH] CWE-276 CVE-2019-14603: Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access.