VARIoT IoT vulnerabilities database

Observable timing discrepancy in Intel(R) IPP before version 2020 update 1 may allow authorized user to potentially enable information disclosure via local access. Intel(R) IPP There is an observable mismatch vulnerability in.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Integrated Performance Primitives (IPP) is a set of programming tools used by Intel Corporation for processing images, signal processing and data. A security vulnerability exists in the Intel Integrated Performance Primitives Cryptographic Library that could lead to information disclosure

Unquoted service path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Uncontrolled search path in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Uncontrolled search path element in the installer for the Intel(R) Rapid Storage Technology software, before versions 17.9.0.34, 18.0.0.640 and 18.1.0.24, may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Rapid Storage Technology (RST) is a fast storage technology developed by Intel Corporation, which mainly consists of firmware, hardware and software RAID systems. The following products and models are affected: Intel Rapid Storage versions prior to 17.9.1.1009.5, 18.0.3.1148.4, and 18.1.0.1028.2, 17.9.0.34, 18.0.0.640, and 18.1.0.24

Insecure inherited permissions in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Windows for Intel Unite(R) Client Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Improper access control in the Intel Unite(R) Client for Windows before version 4.2.25031 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States

Incorrect default permissions in the installer for the Intel(R) SSD Data Center Tool, versions downloaded before 12/31/2020, may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel SSD Data Center Tool (Intel SSD DCT) is a solid state drive management tool developed by Intel Corporation. The product supports configuration of SSDs using PCIe and SATA and detects the status of SSDs

Improper link resolution before file access in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Uncontrolled search path element in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable an escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Observable response discrepancy in floating-point operations for some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Improper permissions in the installer for the Intel(R) Computing Improvement Program software before version 2.4.5982 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. The following products and models are affected: Intel Computing Improvement Program versions prior to 2.4.5982

Insecure inherited permissions in the installer for the Intel(R) VTune(TM) Profiler before version 2021.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. Intel(R) VTune(TM) Profiler has a security vulnerability in the installer prior to 2021.1.1. The vulnerability stems from insecure inherited permissions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Insufficient control flow management in Intel(R) DSA before version 20.11.50.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel DSA is a driver update tool. It can detect the user driver program, update the installed driver to the latest version, support intel series graphics card, audio, network card and chipset drivers, a must for i card users

Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 may allow an authenticated user to potentially enable escalation of privilege via local access. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Intel Processor Diagnostic Tool (IPDT) is a processor function diagnostic tool of Intel Corporation

An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. Fortinet FortiWeb has an operating system command injection vulnerability. The following products and versions are affected: FortiWeb: Version 6.3.7 and earlier, Version 6.2.3 and earlier, 6.1.x, 6.0.x, 5.9.x

A stack-based buffer overflow vulnerability in FortiProxy physical appliance CLI 2.0.0 to 2.0.1, 1.2.0 to 1.2.9, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 may allow an authenticated, remote attacker to perform a Denial of Service attack by running the `diagnose sys cpuset` with a large cpuset mask value. Fortinet is not aware of any successful exploitation of this vulnerability that would lead to code execution. FortiProxy Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Fortinet FortiProxy SSL VPN is an application software of the United States (Fortinet) company. An intrusion detection function is provided. Fortinet FortiProxy SSL VPN has a buffer overflow vulnerability that stems from a boundary error in the FortiProxy physical appliance CLI. The following products and versions are affected: FortiProxy: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.1.0, 1.1.1, 1.1 .2, 1.1.3, 1.1.4, 1.1.5, 1.1.6, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.2.6, 1.2.7 , 1.2.8, 1.2.9, 2.0.0, 2.0.1

There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and to control the device. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Huawei AnyOffice is an application software of China Huawei (Huawei). A mobile office solution

A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Center is a network management and command center service of Cisco (Cisco)

Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.300.0, SPS_SoC-A_05.00.03.091.0, SPS_E5_04.04.04.023.0, or SPS_E5_04.04.03.263.0 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SPS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

On BIG-IP APM versions 15.1.x before 15.1.3, 14.1.x before 14.1.4.1, 13.1.x before 13.1.4, and all versions of 16.0.x, 12.1.x, and 11.6.x, an attacker may be able to bypass APM's internal restrictions and retrieve static content that is hosted within APM by sending specifically crafted requests to an APM Virtual Server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP APM Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. F5 BIG-IP APM is a set of access and security solutions from F5 Corporation of the United States. The product provides unified access to business-critical applications and networks. BIG-IP APM has an access control error vulnerability due to improper access restrictions. The following products and versions are affected: BIG-IP APM: 11.6.1, 11.6.1 HF1, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.1.0, 12.1.0 HF1, 12.1.1, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.4, 12.1.4 , 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.6, 13.1.0.8, 13.1.1, 13.1 .1.2, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.3.6 2, 14.1.0, 14.1.0.3.0.79.6 ENG Hotfix, 14.1.0.3.0.97.6 ENG Hotfix, 14.1.0.3.0.99.6 ENG Hotfix, 14.1.0.5.0.15.5 ENG Hotfix, 14.1.0.5.0.36.5 ENG Hotfix, 14.1.0.5.0.40.5 ENG Hotfix, 14.1.0.6, 14.1.0.6.0.11.9 ENG Hotfix, 14.1.0.6.0.14.9 ENG Hotfix, 14.1.0.6.0.68.9 ENG Hotfix, 14.1.0.6.0.70.9 ENG Hotfix, 14.1.1, 14.1. 2, 14.1.2-0.89.37, 14.1.2.0.11