VARIoT IoT vulnerabilities database

A vulnerability in Cisco IOS XE Software could allow an unauthenticated, remote attacker to log in to a device running an affected release of Cisco IOS XE Software with the default username and password that are used at initial boot, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with privilege level 15 that has a default username and password. An attacker could exploit this vulnerability by using this account to remotely connect to an affected device. A successful exploit could allow the attacker to log in to the device with privilege level 15 access. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS XE Software Release 16.x. This vulnerability does not affect Cisco IOS XE Software releases prior to Release 16.x. Cisco Bug IDs: CSCve89880. Vendors have confirmed this vulnerability Bug ID CSCve89880 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This may lead to further attacks

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of IGMP Membership Query packets, which contain certain values, to an affected device. A successful exploit could allow the attacker to exhaust buffers on the affected device, resulting in a DoS condition that requires the device to be reloaded manually. This vulnerability affects: Cisco Catalyst 4500 Switches with Supervisor Engine 8-E, if they are running Cisco IOS XE Software Release 3.x.x.E and IP multicast routing is configured; Cisco devices that are running Cisco IOS XE Software Release 16.x, if IP multicast routing is configured. Cisco Bug IDs: CSCuw09295, CSCve94496. Vendors have confirmed this vulnerability Bug ID CSCuw09295 and CSCve94496 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. The Cisco Catalyst 4500 Switches with Supervisor Engine 8-E is a switch from Cisco. IOSXESoftware is an operating system that runs on Cisco network devices. A resource management error vulnerability exists in the Internet Group Management Protocol (IGMP) packet processing feature in Cisco IOSXE Software, which stems from a failure of the program to adequately process IGMP MembershipQuery packets

Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll files are loaded. It allows an attacker to load a .dll of the attacker's choosing that could execute arbitrary code without the user's knowledge. The specific flaw exists within the handling of several DLLs (dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll) loaded by the SwisscomTVMediaHelper.exe process. Swisscom TVMediaHelper Contains a data processing vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SwisscomTVMediaHelper is a set-top box device from Swisscom, Switzerland. (Multiple files include: dwmapi.dll, PROPSYS.dll, cscapi.dll, SAMLIB.dll, netbios.dll, winhttp.dll, security.dll, ntmarta.dll, WindowsCodecs.dll, apphelp.dll)

An authentication bypass vulnerability on D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router (Hardware Version : A1, B1; Firmware Version : 1.02-2.06) devices potentially allows attackers to bypass SharePort Web Access Portal by directly visiting /category_view.php or /folder_view.php. D-Link DIR-850L The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter is a wireless router product of D-Link. An authentication bypass vulnerability exists in the D-LinkDIR-850LWirelessAC1200DualBandGigabitCloudRouter. An attacker could exploit the vulnerability by bypassing the SharePortWebAccessPortal by directly accessing the /category_view.php or /folder_view.php file

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. Philips Alice 6 System Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to execute arbitrary code, gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Philips Alice 6 R8.0.2 and prior are vulnerable. An attacker could exploit this vulnerability to obtain sensitive information

In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. Philips Alice 6 System Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Philips Alice 6 R8.0.2 and prior are vulnerable

IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and 7.6 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 139023. Vendors have confirmed this vulnerability IBM X-Force ID: 139023 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. IBM DataPower Gateways 7.1.0.0 through 7.1.0.21, 7.2.0.0 through 7.2.0.18, 7.5.0.0 through 7.5.0.13, 7.5.1.0 through 7.5.1.12, 7.5.2.0 through 7.5.2.12 and 7.6.0.0 through 7.6.0.5 are vulnerable; other versions may also be affected. The appliance is primarily used to simplify, secure and accelerate XML and Web services deployment in SOA. The following versions are affected: IBM WebSphere DataPower Appliances Version 7.1, Version 7.2, Version 7.5, Version 7.5.1, Version 7.5.2, Version 7.6

Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table (PHT), aka BranchScope. Intel Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. Intel Atom C C2308 is a central processing unit (CPU) product of Intel Corporation of the United States. The ARM Cortex-A 75 is an implementation of the Cortex-A75 microarchitecture from the British company ARM. The following products and versions are affected: Intel Atom C C2308; Xeon Silver 4110; Xeon Silver 4112; Xeon Silver 4116; ARM Cortex-A 75, etc

Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. An attacker can exploit this vulnerability to execute arbitrary commands on the system with root privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. Dell EMC ScaleIO Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. Light Installation Agent (LIA) is one of the installation agents. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Details: The vulnerability details are as follows: * Buffer overflow vulnerability (CVE-2018-1205) Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some packet data in the MDM service. As a result, a remote attacker could potentially send specifically crafted packet data to the MDM service causing it to crash. Dell EMC ScaleIO Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dell EMC ScaleIO is a software-defined solution for converting DAS storage into shared data block storage from Dell. The vulnerability is caused by the program not processing packet data correctly. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 DSA-2018-058: Dell EMC ScaleIO Multiple Security Vulnerabilities Dell EMC Identifier: DSA-2018-058 CVE Identifier: CVE-2018-1205, CVE-2018-1237, CVE-2018-1238 Severity: Medium Severity Rating: CVSS v3 Base Score: See below for CVSS v3 scores Affected products: Dell EMC ScaleIO versions prior to 2.5 Summary: Dell EMC ScaleIO customers are encouraged to update to ScaleIO v2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2018-1237) Dell EMC ScaleIO versions prior to 2.5, contain improper restriction of excessive authentication attempts on the Light installation Agent (LIA). This component is deployed on every server in the ScaleIO cluster and is used for central management of ScaleIO nodes. A remote malicious user, having network access to LIA, could potentially exploit this vulnerability to launch brute force guessing of user names and passwords of user accounts on the LIA. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) * Command injection vulnerability (CVE-2018-1238) Dell EMC ScaleIO versions prior to 2.5, contain a command injection vulnerability in the Light Installation Agent (LIA). This component is used for central management of ScaleIO deployment and uses shell commands for certain actions. A remote malicious user, with network access to LIA and knowledge of the LIA administrative password, could potentially exploit this vulnerability to run arbitrary commands as root on the systems where LIAs are installed. CVSSv3 Base Score: 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) Resolution: The following Dell EMC ScaleIO release contains resolutions to these vulnerabilities: * Dell EMC ScaleIO version 2.5 Dell EMC recommends all customers upgrade at the earliest opportunity. Link to remedies: Customers can download software from https://support.emc.com/downloads/40635_ScaleIO-Product-Family Credit: Dell EMC would like to thank David Berard, from the Ubisoft Security & Risk Management team, for reporting these vulnerabilities. Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact Dell EMC Software Technical Support at 1-877-534-2867. For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase solution emc218831. Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJauOjDAAoJEHbcu+fsE81Z3/wH/jL9Ub908R9cXBOLhTbwCohq pVPgYZwy8ew96iuUaqDgqy3KmarYebeZ9MAG2gxW5URYqNSO7LJBZG8Jo4qWB3gB QuShn8UvJ0yfo4vxznkXtGjxhFLopYaoN+tgDQ3IjkcH3chvAHS0dnUk9Uj7OQsx KEltBIFJmzv97ZxkCLxqEtNu0LSTFsvKhjyKl6lOJZ8yVfTZR/p+Awx1czEyJc8Z /sfRBBgqJnK3LHBNEsuqCy+wedlDHwj+/d3wBr51eR0+3UrD2jRaDQVx3VkcE7Gb DGjCoZRJ8qiWp7muB0rC7/6PxxxQcNlBludSiYDTkdrQpjot1G37w+TX1GFVUUk= =FvDE -----END PGP SIGNATURE-----

Power Control FCPower is a professional power monitoring configuration software that combines general configuration software and power professional technology, and uses the latest IT technology. FCPower XKeyServer component has a denial of service vulnerability. An attacker can use this vulnerability to construct specific data, causing a denial of service or code execution

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. A weak password vulnerability exists in the iClock series data service of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

Zhongkong Taike (Shanghai) Electronic Technology Co., Ltd. is a sales and service organization based in Shanghai, a well-known biometric technology and RFID product provider. An information disclosure vulnerability exists in the iClock series of the Central Control Attendance Management System. Attackers can use this vulnerability to obtain sensitive information.

NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal driver where there is the potential to read or write a buffer using an index or pointer that references a memory location after the end of the buffer, which may lead to a denial of service or possible escalation of privileges. NVIDIA Tegra The kernel contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NVIDIA Tegra (Tu Rui) Kernel is a Tegra (mobile super chip) package kernel of NVIDIA Corporation. CORE DVFS Thermal driver is one of the core dynamic voltage frequency adjustment drivers. A security vulnerability exists in the CORE DVFS Thermal driver in the NVIDIA Tegra kernel. An attacker could exploit this vulnerability to cause a denial of service or potentially escalate privileges

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification. CUPS Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Apple CUPS (Common Unix Printing System) is an open source printing system for OS X and Unix-like systems developed by Apple. The system is based on the Internet Printing Protocol (IPP) and provides most PostScript and raster printer services. A security vulnerability exists in the 'add_job' function in Apple CUPS versions prior to 2.2.6. ========================================================================== Ubuntu Security Notice USN-3713-1 July 11, 2018 cups vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 17.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in CUPS. A remote attacker could possibly use this issue to cause CUPS to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 17.10 and Ubuntu 18.04 LTS. (CVE-2017-18248) Dan Bastone discovered that the CUPS dnssd backend incorrectly handled certain environment variables. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-4180) Eric Rafaloff and John Dunlap discovered that CUPS incorrectly handled certain include directives. A local attacker could possibly use this issue to read arbitrary files. (CVE-2018-4181) Dan Bastone discovered that the CUPS AppArmor profile incorrectly confined the dnssd backend. A local attacker could possibly use this issue to escape confinement. (CVE-2018-6553) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: cups 2.2.7-1ubuntu2.1 Ubuntu 17.10: cups 2.2.4-7ubuntu3.1 Ubuntu 16.04 LTS: cups 2.1.3-4ubuntu0.5 Ubuntu 14.04 LTS: cups 1.7.2-0ubuntu1.10 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3713-1 CVE-2017-18248, CVE-2018-4180, CVE-2018-4181, CVE-2018-6553 Package Information: https://launchpad.net/ubuntu/+source/cups/2.2.7-1ubuntu2.1 https://launchpad.net/ubuntu/+source/cups/2.2.4-7ubuntu3.1 https://launchpad.net/ubuntu/+source/cups/2.1.3-4ubuntu0.5 https://launchpad.net/ubuntu/+source/cups/1.7.2-0ubuntu1.10

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid. thermald Contains a link interpretation vulnerability.Information may be tampered with. thermald is a thermal daemon applied to the computer, which can prevent the computer from overheating. A security vulnerability exists in the 'main' function of the android_main.cpp file in thermald

Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Intelbras TELEFONE IP Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. IntelbrasTELEFONEIPTIP200/200LITE is an IP phone product from Intelbras of Brazil. A security vulnerability exists in the IntelbrasTELEFONEIPTIP200/200LITE60.0.75.29 release. A remote attacker can exploit this vulnerability to read arbitrary files by sending a \342\200\230page\342\200\231 parameter to the /cgi-bin/cgiServer.exx file

Auto Station is a PLC-IVC series programming software from INVT. Auto Station has a denial of service vulnerability. When the 'data content' entered exceeds or is less than its corresponding 'length', an attacker can obtain a null address through the GetVauleName function, causing a denial of service attack

DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage. DBS3900TDDLTE is a modular network device product from China's Huawei company. Huawei DBS3900 TDD LTE is a distributed base station product of China Huawei (Huawei). This product supports wireless access to wireless networks and provides services such as video surveillance, data collection and data transmission