VARIoT IoT vulnerabilities database
| VAR-202011-1382 | CVE-2020-8766 | Intel(R) SGX DCAP Software vulnerabilities in checking for exceptional conditions |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) SGX DCAP The software contains a vulnerability in checking for exceptional conditions.Denial of service (DoS) It may be put into a state
| VAR-202011-0637 | CVE-2020-24454 | Intel(R) Quartus(R) Prime Pro Edition and Intel(R) Quartus(R) Prime Standard Edition In XML External entity vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. Intel Quartus Prime Pro is a multi-platform design environment developed by Intel Corporation. This product is mainly used for programmable logic device programming
| VAR-202011-0620 | CVE-2020-24460 | Intel(R) DSA Inappropriate Default Permission Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) DSA Is vulnerable to incorrect default permissions.Denial of service (DoS) It may be put into a state. Intel Driver & Support Assistant is an Intel driver and support management tool from Intel Corporation. This tool is mainly used to get the latest applications provided by Intel. This vulnerability is caused by incorrect default permissions. Attackers can use this vulnerability to start denial of service
| VAR-202011-0180 | CVE-2020-12335 | Intel(R) Processor Identification Utility Vulnerability regarding improper retention of permissions in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Processor Identification Utility There is a vulnerability in improper retention of permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Processor Identification Utility is a processor identification utility developed by Intel Corporation. The program supports displaying graphics information, chipset information, technologies supported by the processor, and other information. An attacker could exploit this vulnerability to escalate privileges
| VAR-202011-0168 | CVE-2020-12323 | Intel(R) ADAS IE Input confirmation vulnerability |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper input validation in the Intel(R) ADAS IE before version ADAS_IE_1.0.766 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) ADAS IE Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel ADAS IE (Intel ADAS IE) is a driver assistance system engine of Intel Corporation of the United States
| VAR-202011-0165 | CVE-2020-12320 | Intel(R) SCS Add-on for Microsoft* SCCM Vulnerability in Uncontrolled Search Path Elements |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM before version 2.1.10 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel SCS Add-on for Microsoft SCCM is a software for remote management of Intel-equipped devices developed by Intel Corporation
| VAR-202011-0150 | CVE-2020-12308 | Intel(R) Computing Improvement Program Vulnerability in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
Improper access control for the Intel(R) Computing Improvement Program before version 2.4.5982 may allow an unprivileged user to potentially enable information disclosure via network access. Intel(R) Computing Improvement Program Contains an unspecified vulnerability.Information may be obtained. This program is used to collect computer function usage information, component usage information, operating system information, etc
| VAR-202011-0103 | CVE-2020-0573 | Intel CSI2 Host Controller Driver out-of-bounds read vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Out of bounds read in the Intel CSI2 Host Controller driver may allow an authenticated user to potentially enable information disclosure via local access
| VAR-202011-1536 | No CVE | Schneider-Electric TwidoSuite has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
TwidoSuite is a PLC programming software developed by Schneider Electric.
Schneider-Electric TwidoSuite has a denial of service vulnerability. Attackers can use this vulnerability to send constructed malicious data packets, which can cause a denial of service.
| VAR-202011-1541 | No CVE | General Electric Company VersaMax IC200 has a denial of service vulnerability |
CVSS V2: 6.1 CVSS V3: - Severity: MEDIUM |
The VersaMax series is a small programmable controller.
General Electric Company VersaMax IC200 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.
| VAR-202011-0181 | CVE-2020-12336 | Intel NUC Kit default configuration problem vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Insecure default variable initialization in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable escalation of privilege via local access. plural Intel(R) NUC There is an initialization vulnerability in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation.
Intel(R) NUCs has a vulnerability in the default configuration problem. The vulnerability stems from insecure default variable initialization
| VAR-202011-0182 | CVE-2020-12337 | plural Intel(R) NUC Buffer error vulnerability in firmware |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) NUC A buffer error vulnerability exists in the firmware.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel NUC Kit is a small desktop computer manufactured by Intel Corporation. No detailed vulnerability details are currently provided
| VAR-202011-0154 | CVE-2020-12312 | Intel(R) Quartus(R) Prime Pro Buffer error vulnerabilities in software |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.2 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. Intel(R) Quartus(R) Prime Pro The software contains a buffer error vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Quartus Prime Pro is a multi-platform design environment of Intel Corporation. This product is mainly used for programmable logic device programming. No detailed vulnerability details are currently provided
| VAR-202011-1371 | CVE-2020-8692 | Intel(R) Ethernet 700 Series Controller Vulnerability in privilege management |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation.
Intel(R) Ethernet 700 Series Controllers versions prior to 7.3 have a security vulnerability. The vulnerability is due to insufficient access control
| VAR-202011-1369 | CVE-2020-8690 | Intel(R) Ethernet 700 Series Controller Vulnerability in privilege management |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation.
Intel(R) Ethernet 700 Series Controllers versions prior to 7.3 have a security vulnerability. The vulnerability is caused by a malfunction in the protection mechanism
| VAR-202011-1370 | CVE-2020-8691 | Intel(R) Ethernet 700 Series Controller Vulnerability in privilege management |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Intel Ethernet 700 Series Controllers is a 700 series Ethernet controller from Intel Corporation
| VAR-202011-1372 | CVE-2020-8693 | Intel(R) Ethernet 700 Series Controller Buffer Error Vulnerability |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access. Intel(R) Ethernet 700 Series Controller Is vulnerable to a buffer error.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
| VAR-202011-1383 | CVE-2020-8767 | Intel(R) Quartus Prime for Intel(R) 50GbE IP Core Vulnerability in handling exceptional conditions in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may allow an authenticated user to potentially enable denial of service via local access
| VAR-202011-1366 | CVE-2020-8669 | Intel(R) Data Center Manager Console Input confirmation vulnerability |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable information disclosure via network access. This product mainly provides real-time power supply and heat dissipation data of equipment
| VAR-202011-1363 | CVE-2020-8737 | Intel(R) Stratix 10 FPGA Runs on firmware Quartus Prime Pro Buffer error vulnerabilities in software |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) Quartus(R) Prime Pro software before version 20.1 may allow an unauthenticated user to potentially enable escalation of privilege and/or information disclosure via physical access. Intel PAC with Arria 10 GX FPGA is a programmable accelerator card from Intel Corporation using Intel Arria 10 GX FPGA (Field Programmable Gate Array)