VARIoT IoT vulnerabilities database

Wuxi Xinjie Electric Co., Ltd. is a listed company that focuses on the research and development and application of industrial automation products. Wuxi Xinjie Electric Co., Ltd.'s Xinjie XSF5-A32 PLC has an industrial control equipment vulnerability that attackers can exploit to cause a denial of service.

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module and Linkdiscovery module. Project Floodlight of Floodlight Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

An issue in floodlight v1.2 allows a local attacker to cause a denial of service via the Topology Manager module, Topologylnstance module, Routing module. Project Floodlight of Floodlight Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue. Apache Software Foundation of Apache James Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate use of IMAP literals. Apache Software Foundation of Apache James contains input validation vulnerabilities and allocation of resources without limiting or throttling.Service operation interruption (DoS) It may be in a state

Insecure Permissions vulnerability in asterisk v22 allows a remote attacker to execute arbitrary code via the action_createconfig function. NOTE: this is disputed by the Supplier because the impact is limited to creating empty files outside of the Asterisk product directory (aka directory traversal) and the attack can only be performed by a privileged user who has the ability to manage the configuration. Sangoma of Asterisk Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The end-of-life Netgear FVS336Gv2 and FVS336Gv3 are affected by a command injection vulnerability in the Telnet interface. An authenticated and remote attacker can execute arbitrary OS commands as root over Telnet by sending crafted "util backup_configuration" commands. NETGEAR FVS336G is a VPN (virtual private network) firewall router from NETGEAR. The vulnerability is caused by the application's failure to properly filter special characters and commands in constructing commands

Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

C405DN MFP is a printer product. Fujifilm Business Innovation (China) Co., Ltd. C405DN MFP has a command execution vulnerability, which can be exploited by attackers to execute printer commands.

AltaLink® C8245 Color Multifunction Printer is a printer product. Fujifilm Business Innovation (China) Co., Ltd. AltaLink® C8245 Color Multifunction Printer has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Information disclosure during audio playback. AR8035 firmware, c-v2x 9150 firmware, fastconnect 6800 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information may be obtained

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436. media tech's nr16 , NR17 , NR17R Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

LBP621C is a color laser printer. Canon (China) Co., Ltd. LBP621C has a command execution vulnerability, which can be exploited by attackers to execute printer commands.

TOTOLINK N210RE is a wireless router. Jiong Electronics (Shenzhen) Co., Ltd. TOTOLINK N210RE command execution vulnerability, attackers can exploit this vulnerability to execute arbitrary commands.

D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises. D-Link Electronics (Shanghai) Co., Ltd. Dlink dap-1522-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.

ApeosPort C3060 is a color A3 format digital multifunction copier. Fujifilm Business Innovation (China) Co., Ltd. ApeosPort C3060 has a command execution vulnerability, which can be exploited by attackers to execute printer commands.

D-Link Electronics (Shanghai) Co., Ltd. is a company that provides high-quality network solutions for enterprises. D-Link Electronics (Shanghai) Co., Ltd. Dlink dap_1620-reva has a binary vulnerability that can be exploited by attackers to cause a denial of service.

NS-ASG Application Security Gateway is an application security access product that integrates software and hardware, has excellent performance, and integrates IPSEC and SSL. Beijing Netcom Technology Co., Ltd.'s NS-ASG Application Security Gateway has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database.

DCP-T500W is a printer. Brother (China) Commercial Co., Ltd. DCP-T500W has a command execution vulnerability, which can be exploited by attackers to execute printer commands.

Schneider Electric is an expert in energy efficiency management and automation. Schneider Electric Schneider PLC M340 has a denial of service vulnerability that can be exploited by attackers to cause a denial of service.