VARIoT IoT vulnerabilities database

Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access

TwidoSuite is a PLC programming software developed by Schneider Electric. Schneider-Electric TwidoSuite has a denial of service vulnerability. Attackers can use this vulnerability to send constructed malicious data packets, which can cause a denial of service.

The VersaMax series is a small programmable controller. General Electric Company VersaMax IC200 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. Intel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) NUC A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. No detailed vulnerability details are currently provided

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) Quartus(R) Prime Pro The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Quartus Prime Pro is a multi-platform design environment of Intel Corporation. This product is mainly used for programmable logic device programming. No detailed vulnerability details are currently provided

Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation. Intel(R) Ethernet 700 Series Controllers versions prior to 7.3 have a security vulnerability. The vulnerability is due to insufficient access control

Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation. Intel(R) Ethernet 700 Series Controllers versions prior to 7.3 have a security vulnerability. The vulnerability is caused by a malfunction in the protection mechanism

A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation

Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access

Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment

Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access. Intel PAC with Arria 10 GX FPGA is a programmable accelerator card from Intel Corporation using Intel Arria 10 GX FPGA (Field Programmable Gate Array)

Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Board ID Tool is a software used by Intel Corporation to interact with Intel motherboards

Insufficient control flow management in the Open WebRTC Toolkit before version 4.3.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Open WebRTC Toolkit Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Open WebRTC Toolkit is an open-source, cross-platform WebRTC client framework based on Gstreamer, an end-to-end audio/video communication development kit developed by Intel Corporation. This toolkit is used to create high-performance, reliable and scalable real-time communication applications. A security vulnerability exists in Intel Open WebRTC Toolkit versions prior to 4.3.1

Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Advisor tools The installer contains a vulnerability related to improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Advisor tools is a programming-oriented vector optimization and prototyping software from Intel Corporation. The software can analyze the code and provide code operation efficiency through a variety of analysis methods

Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) QAT for Linux Exists in an inadequate protection of credentials.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel QuickAssist Technology for Linux is a technology of Intel Corporation that can improve server utilization. This technology balances server pressure by sharing the pressure of computing-intensive tasks to improve server efficiency

Improper access controls in Intel Unite(R) Cloud Service client before version 4.2.12212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. An attacker could exploit this vulnerability to escalate privileges

Uncontrolled search path in the Intel(R) VTune(TM) Profiler before version 2020 Update 1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. The previous version of Intel(R) VTune(TM) Profiler 2020 Update 1 has a security vulnerability. The vulnerability stems from a controlled search path. Attackers can use this vulnerability to upgrade privileges

Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. Intel(R) EMA Exists in an inadequate protection of credentials.Information may be obtained. Intel Endpoint Management Assistant (Intel EMA) is a management software developed by Intel Corporation for managing remote devices. The software provides security and convenience for telecommuting