VARIoT IoT vulnerabilities database

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains an SQL injection vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. An authenticated remote attacker could exploit this vulnerability to read or modify the CCS database and potentially execute administrative database operations or operating system commands. SiNVR 3 is a video management platform. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains multiple stored Cross-site Scripting (XSS) vulnerabilities in several input fields. This could allow an authenticated remote attacker to inject malicious JavaScript code into the CCS web application that is later executed in the browser context of any other user who views the relevant CCS web content. SiNVR 3 is a video management platform. Remote attackers can use this vulnerability to inject malicious JavaScript code

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The web interface of the Control Center Server (CCS) contains a reflected Cross-site Scripting (XSS) vulnerability that could allow an unauthenticated remote attacker to steal sensitive data or execute administrative actions on behalf of a legitimate administrator of the CCS web interface. SiNVR 3 is a video management platform. SiNVR 3 has a reflective cross-site scripting vulnerability in its implementation. Remote attackers can use this vulnerability to obtain sensitive data or perform operations as an administrator

A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The DOWNLOADS section in the web interface of the Control Center Server (CCS) contains a path traversal vulnerability that could allow an authenticated remote attacker to access and download arbitrary files from the server where CCS is installed. SiNVR 3 is a video management platform. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html. plural Intel(R) The product contains an injection vulnerability.Information may be obtained. Both Intel Core i5 processor and Intel Core i7 processor are products of Intel Corporation. Intel Core i5 processor is a Core (Core) i5 series central processing unit (CPU). Intel Core i7 processor is a Core (Core) i7 series central processing unit (CPU). There are security holes in the use of predictive execution technology in many Intel products. Local attackers can use this vulnerability to obtain information

Realtek Audio Drivers for Windows, as used on the Lenovo ThinkPad X1 Carbon 20A7, 20A8, 20BS, and 20BT before 6.0.8882.1 and 20KH and 20KG before 6.0.8907.1 (and on many other Lenovo and non-Lenovo products), mishandles DLL preloading. plural Lenovo The product contains an unquoted search path or element vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Multiple Lenovo products could allow a local malicious user to execute arbitrary code on the system, caused by a DLL preloading issue in Realtek Audio Drivers. By placing a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary ode on the system

An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear text. This only affects LXCA version 2.6.0 when performing a Windows driver update. Affected logs are only accessible to authorized users in the First Failure Data Capture (FFDC) service log and log files on LXCA. Lenovo XClarity Administrator (LXCA) Exists in a vulnerability related to information leakage from log files.Information may be obtained and tampered with. Lenovo XClarity Administrator (LXCA) is a set of centralized resource management solutions of China Lenovo (Lenovo). The product provides agentless hardware management capabilities for servers, storage, network switches, and more. An attacker could exploit this vulnerability to obtain information

Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before versions 15.45.30.5103, 15.40.44.5107, 15.36.38.5117 and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A path traversal vulnerability exists in the igdkmd64.sys file in Intel Graphics Drivers. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Graphics Drivers prior to 15.45.30.5103, prior to 15.40.44.5107, prior to 15.36.38.5117, and prior to 15.33.49.5100

Improper access control for Intel(R) Graphics Drivers before versions 15.33.49.5100 and 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers prior to 15.33.49.5100 and prior to 15.36.38.5117 due to improper access controls. A local attacker could exploit this vulnerability to cause a denial of service

Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36.38.5117 may allow an authenticated user to potentially enable escalation of privilege or denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A buffer error vulnerability exists in Intel Graphics Drivers prior to 15.36.38.5117. A local attacker could exploit this vulnerability to elevate privileges

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7463 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state

Uncontrolled search path element in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7584, 15.45.30.5103, 15.40.44.5107, 15.36.38.5117, and 15.33.49.5100 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in the installer in Intel Graphics Drivers. A local attacker could exploit this vulnerability to elevate privileges

Improper default permissions in the installer for Intel(R) Graphics Drivers before versions 26.20.100.7463 and 15.45.30.5103 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges

Uncaught exception in system driver for Intel(R) Graphics Drivers before version 15.40.44.5107 may allow an authenticated user to potentially enable a denial of service via local access. Intel(R) Graphics Driver There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in system drivers in versions prior to Intel Graphics Drivers 15.40.44.5107. A local attacker could exploit this vulnerability to cause a denial of service

Incorrect default permissions in the installer for Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A local attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212

Unquoted service path in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Driver Contains vulnerabilities in unquoted search paths or elements.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers. A local attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212

Improper initialization in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000 may allow a privileged user to potentially enable a denial of service via local access. Intel(R) Graphics Driver There is an initialization vulnerability in.Service operation interruption (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers prior to 15.40.44.5107, 15.45.29.5077, and 26.20.100.7000. The vulnerability stems from improper initialization of the program. A local attacker could exploit this vulnerability to cause a denial of service

Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local. Intel(R) Graphics Driver Exists in an exceptional condition check vulnerability.Information is obtained and service operation is interrupted (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A security vulnerability exists in Intel Graphics Drivers. A local attacker could exploit this vulnerability to obtain information. The following products and versions are affected: Intel Graphics Drivers prior to 15.33.49.5100, prior to 15.36.38.5117, prior to 15.40.44.5107, prior to 15.45.30.5103, and prior to 26.20.100.7212

Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44.5107, 15.45.30.5103, and 26.20.100.7158 may allow an authenticated user to potentially enable escalation of privilege and denial of service via local access. (DoS) It may be put into a state. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation. A buffer error vulnerability exists in Intel Graphics Drivers prior to 15.40.44.5107, 15.45.30.5103 and 26.20.100.7158. A local attacker could exploit this vulnerability to cause a denial of service

Improper access control in Intel(R) Graphics Drivers before version 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) Graphics Driver There is an information leakage vulnerability in.Information may be obtained. Intel Graphics Drivers is an integrated graphics driver from Intel Corporation