VARIoT IoT vulnerabilities database
| VAR-202102-0790 | CVE-2021-21502 | Dell PowerScale OneFS Vulnerability in privilege management |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. Dell PowerScale OneFS Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Dell PowerScale OneFS, currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements
| VAR-202102-0775 | CVE-2020-8678 | Intel(R) Graphics Drivers Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0305 | CVE-2020-26196 | Dell EMC PowerScale OneFS Improper Permission Assignment Vulnerability in Critical Resources |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. Dell EMC PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information may be tampered with. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0304 | CVE-2020-26195 | Dell EMC PowerScale OneFS Vulnerability in handling exceptional conditions in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0303 | CVE-2020-26194 | Dell PowerScale OneFS Improper Permission Assignment Vulnerability in Critical Resources |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. Dell PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0302 | CVE-2020-26193 | Dell EMC PowerScale OneFS In OS Command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0301 | CVE-2020-26192 | Dell EMC PowerScale OneFS Vulnerability regarding lack of authentication for critical features in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. Dell EMC PowerScale OneFS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0300 | CVE-2020-26191 | Dell EMC PowerScale OneFS Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. Dell EMC PowerScale OneFS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements
| VAR-202102-0287 | CVE-2020-24452 | Windows for Intel(R) SGX Platform Software Input confirmation vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. There is a security vulnerability in the Intel SGX Platform. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements
| VAR-202102-0286 | CVE-2020-24451 | Windows for Intel(R) Optane(TM) DC Persistent Memory Vulnerability in uncontrolled search path elements in installer |
CVSS V2: 4.4 CVSS V3: 7.3 Severity: HIGH |
Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. There is no information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements
| VAR-202102-0285 | CVE-2020-24450 | Intel(R) Graphics Drivers Vulnerability in checking for exceptional conditions in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Exists in an exceptional condition check vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0284 | CVE-2020-24448 | Intel(R) Graphics Drivers Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0270 | CVE-2020-24491 | Intel(R) 10th Generation Core Processor Input confirmation vulnerability |
CVSS V2: 1.9 CVSS V3: 4.4 Severity: MEDIUM |
Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. Intel(R) 10th Generation Core Processor Is vulnerable to input validation.Information may be obtained. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements
| VAR-202102-0087 | CVE-2020-12386 | Intel(R) Graphics Drivers Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Out-of-bounds write in some Intel(R) Graphics Drivers before version 15.36.39.5143 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to an out-of-bounds write.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0086 | CVE-2020-12385 | Intel(R) Graphics Drivers Input confirmation vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper input validation in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0085 | CVE-2020-12384 | Intel(R) Graphics Drivers Vulnerability in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper access control in some Intel(R) Graphics Drivers before version 26.20.100.8476 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0078 | CVE-2020-12372 | Intel(R) Graphics Drivers Unchecked return value vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Unchecked return value in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access
| VAR-202102-0077 | CVE-2020-12371 | Intel(R) Graphics Drivers Vulnerability for division by zero in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Divide by zero in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to division by zero.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0076 | CVE-2020-12370 | Intel(R) Graphics Drivers Buffer Error Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Drivers Is vulnerable to a buffer error.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time
| VAR-202102-0075 | CVE-2020-12369 | Intel(R) Graphics Drivers Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time