VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202003-0360 CVE-2020-0519 Intel(R) Graphics Driver Vulnerability related to authority management in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers prior to 15.33.49.5100 and prior to 15.36.38.5117 due to improper access controls. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0359 CVE-2020-0517 Intel(R) Graphics Driver Vulnerability in CVSS V2: 4.6
CVSS V3: 5.3
Severity: MEDIUM
Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A buffer error vulnerability exists in Intel Graphics Drivers prior to 15.36.38.5117. A local attacker could exploit this vulnerability to elevate privileges
VAR-202003-0358 CVE-2020-0516 Intel(R) Graphics Driver Vulnerability in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state
VAR-202003-0357 CVE-2020-0515 Intel(R) Graphics Driver Vulnerability in uncontrolled search path elements in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in the installer in Intel Graphics Drivers. A local attacker could exploit this vulnerability to elevate privileges
VAR-202003-0356 CVE-2020-0514 Intel(R) Graphics Driver Vulnerability regarding improper default permissions in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges
VAR-202003-0355 CVE-2020-0511 Intel(R) Graphics Driver Vulnerability in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in system drivers in versions prior to Intel Graphics Drivers 15.40.44.5107. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0354 CVE-2020-0508 Intel(R) Graphics Driver Vulnerability regarding improper default permissions in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212
VAR-202003-0353 CVE-2020-0507 Intel(R) Graphics Driver Vulnerability in unquoted search paths or elements in CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver Contains vulnerabilities in unquoted search paths or elements.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212
VAR-202003-0352 CVE-2020-0506 Intel(R) Graphics Driver Initialization vulnerability in CVSS V2: 2.1
CVSS V3: 2.3
Severity: LOW
Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Driver There is an initialization vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers prior to 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000. The vulnerability stems from improper initialization of the program. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0351 CVE-2020-0505 Intel(R) Graphics Driver Vulnerability in checking for exceptional conditions in CVSS V2: 3.6
CVSS V3: 6.1
Severity: MEDIUM
Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local. Intel(R) Graphics Driver Exists in an exceptional condition check vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers. A local attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212
VAR-202003-0350 CVE-2020-0504 Intel(R) Graphics Driver Classic buffer overflow vulnerability in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A buffer error vulnerability exists in Intel Graphics Drivers prior to 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0349 CVE-2020-0503 Intel(R) Graphics Driver Vulnerability regarding information leakage in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) Graphics Driver There is an information leakage vulnerability in.Information may be obtained. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation
VAR-202003-0348 CVE-2020-0502 Intel(R) Graphics Driver Vulnerability related to authority management in CVSS V2: 4.6
CVSS V3: 5.3
Severity: MEDIUM
Improper access control in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges
VAR-202003-0347 CVE-2020-0501 Intel(R) Graphics Driver Classic buffer overflow vulnerability in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100.6912 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Graphics Driver Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0341 CVE-2020-0567 Intel(R) Graphics Driver Vulnerability in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Improper input validation in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to enable denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to cause a denial of service
VAR-202003-0340 CVE-2020-0565 Intel(R) Graphics Driver Vulnerability in uncontrolled search path elements in CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Uncontrolled search path in Intel(R) Graphics Drivers before version 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in versions prior to Intel Graphics Drivers 26.20.100.7158. A local attacker could exploit this vulnerability to elevate privileges
VAR-202003-0685 CVE-2019-5167 WAGO PFC 200 Injection vulnerabilities in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 version 03.02.02(14). At 0x1e3f0 the extracted dns value from the xml file is used as an argument to /etc/config-tools/edit_dns_server %s dns-server-nr=%d dns-server-name=<contents of dns node> using sprintf(). This command is later executed via a call to system(). This is done in a loop and there is no limit to how many dns entries will be parsed from the xml file. (DoS) It may be put into a state. WAGO PFC200 is a programmable logic controller (PLC) from German WAGO company. An attacker could exploit this vulnerability to inject OS commands through a specially crafted XML cache file
VAR-202003-0002 CVE-2011-4538 plural Lexmark Information leakage vulnerabilities in devices CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Lexmark X, W, T, E, and C devices before 2012-02-09 allow attackers to obtain sensitive information by reading passwords within exported settings. plural Lexmark The device contains a vulnerability related to information leakage.Information may be obtained. Lexmark X, etc. are all products of Lexmark. Lexmark X is an X series printer. Lexmark W is a W series printer. Lexmark T is a T series printer. An information disclosure vulnerability exists in many Lexmark products, and an attacker can use the vulnerability to read the password
VAR-202003-0701 CVE-2019-5184 WAGO PFC 200 Resource Management Error Vulnerability CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file. (DoS) It may be put into a state. WAGO PFC 200 is a programmable logic controller (PLC) of the German WAGO company
VAR-202003-0003 CVE-2011-3269 plural Lexmark Information leakage vulnerabilities in products CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut. plural Lexmark The product contains a vulnerability related to information leakage.Information may be obtained. Lexmark X, etc. are all products of Lexmark. Lexmark X is an X series printer. Lexmark W is a W series printer. Lexmark T is a T series printer. There are information disclosure vulnerabilities in many Lexmark products