VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330. Vendors have confirmed this vulnerability Bug ID CSCvi87330 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326. Vendors have confirmed this vulnerability Bug ID CSCvi87326 It is released as.Information may be obtained and information may be altered. The CiscoSmallBusiness300Series (Sx300) ManagedSwitches is a 300 series switch device from Cisco. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve84006. Vendors have confirmed this vulnerability Bug ID CSCve84006 It is released as.Information may be obtained and information may be altered. The device provides SaaS-based access control, real-time network reporting and tracking, and security policy development. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvi85159. Vendors have confirmed this vulnerability Bug ID CSCvi85159 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

A vulnerability in the password change function of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to cause the system to become inoperable. The vulnerability is due to insufficient validation of a password change request. An attacker could exploit this vulnerability by changing a specific administrator account password. A successful exploit could allow the attacker to cause the affected device to become inoperable, resulting in a denial of service (DoS) condition. This vulnerability affects Cisco Prime Collaboration Provisioning (PCP) Releases 12.2 and prior. Cisco Bug IDs: CSCvd86586. Vendors have confirmed this vulnerability Bug ID CSCvd86586 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The software provides IP communications services functionality for IP telephony, voice mail, and unified communications environments

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. HP Inkjet printers contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple HP printers are prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.. Failed exploit attempts will result in denial-of-service conditions. HP Pagewide Pro, etc. are all printers from Hewlett-Packard (HP) in the United States. A stack-based buffer overflow vulnerability exists in many HP products. The vulnerability stems from the fact that the program does not correctly perform boundary detection on the data submitted by the user, causing the size of the copied data to exceed the buffer space. The following products are affected: HP Pagewide Pro; DesignJet; OfficeJet; DeskJet; Envy

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvk15343. Vendors have confirmed this vulnerability Bug ID CSCvk15343 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. HP Inkjet printers contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple HP printers are prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.. Failed exploit attempts will result in denial-of-service conditions. HP Pagewide Pro, etc. are all printers from Hewlett-Packard (HP) in the United States. A stack-based buffer overflow vulnerability exists in many HP products. The vulnerability stems from the fact that the program does not correctly perform boundary detection on the data submitted by the user, causing the size of the copied data to exceed the buffer space. The following products are affected: HP Pagewide Pro; DesignJet; OfficeJet; DeskJet; Envy

Escalation of privilege in Intel Saffron MemoryBase before 11.4 allows an authenticated user access to privileged information. Intel Saffron MemoryBase is a memory base kit for Saffron developed by Intel Corporation. A security vulnerability exists in Intel Saffron MemoryBase prior to 11.4. An attacker could exploit this vulnerability to elevate privileges and gain access to sensitive information

Escalation of privilege in Intel Saffron MemoryBase before version 11.4 potentially allows an authorized user of the Saffron application to execute arbitrary code as root. Intel Saffron MemoryBase Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Saffron MemoryBase is a memory base kit for Saffron developed by Intel Corporation. A security vulnerability exists in Intel Saffron MemoryBase prior to 11.4

Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector. INTEL Distribution for Python Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Distribution for Python is a Python-based integrated software package from Intel Corporation of the United States. It is mainly used to accelerate computing-intensive applications and optimize performance using Intel's native performance library. Bleach module is one of the text cleaning modules. The vulnerability stems from the program's insufficient implementation of input validation. Attackers can exploit this vulnerability to bypass URL filtering

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a system calls. Intel Smart Sound Technology Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Smart Sound Technology is an integrated audio DSP (digital signal processor) of Intel Corporation, which is mainly used to process audio and support voice interaction

Escalation of privilege in Intel Saffron admin application before 11.4 allows an authenticated user to access unauthorized information. An attacker could exploit this vulnerability to elevate privileges and gain access to unauthorized information

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a buffer overflow. Intel Smart Sound Technology is an integrated audio DSP (digital signal processor) of Intel Corporation, which is mainly used to process audio and support voice interaction

A vulnerability in Cisco AMP for Endpoints Mac Connector Software installed on Apple macOS 10.12 could allow an unauthenticated, remote attacker to cause a kernel panic on an affected system, resulting in a denial of service (DoS) condition. The vulnerability exists if the affected software is running in Block network conviction mode. Exploitation could occur if the system that is running the affected software starts a server process and an address in the IP blacklist cache of the affected software attempts to connect to the affected system. A successful exploit could allow the attacker to cause a kernel panic on the system that is running the affected software, resulting in a DoS condition. Cisco Bug IDs: CSCvk08192. Cisco AMP for Endpoints Mac Connector software Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvk08192 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Exploiting this issue allows remote attackers to trigger kernel panics, denying further service to legitimate users. The program analyzes malware behavior and intent, the impact of threats, defense methods, and more

Driver module in Intel Smart Sound Technology before version 9.21.00.3541 potentially allows a local attacker to execute arbitrary code as administrator via a non-paged pool overflow. Intel Smart Sound Technology Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Smart Sound Technology is an integrated audio DSP (digital signal processor) of Intel Corporation, which is mainly used to process audio and support voice interaction

read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp. Inteno IOPSYS Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Inteno IOPSYS is an open service delivery platform developed by Sweden's Inteno Broadband Technology Company. The platform consists of Gateway OS, Home Portal and various software development kits. A security vulnerability exists in the 'read_tmp' and 'write_tmp' functions in Inteno IOPSYS. An attacker could exploit this vulnerability to gain privileges

An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. The SonyIPELA camera is a web-facing camera for monitoring and monitoring

An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. The SonyIPELA camera is a web-facing camera for monitoring and monitoring

Davolink DVW-3200N all version prior to Version 1.00.06. The device generates a weak password hash that is easily cracked, allowing a remote attacker to obtain the password for the device. Davolink DVW-3200N Contains a cryptographic vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The DVW3200 is a router product from Davolink. Davolink DVW-3200N is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks