VARIoT IoT vulnerabilities database

Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user. Intel Remote Keyboard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Remote Keyboard is the remote keyboard software of Intel Corporation. The software supports mobile phone remote control computer. An elevation of privilege vulnerability exists in Intel Remote Keyboard

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the Graphics Driver component of Apple iOS versions prior to 11.2.5, tvOS versions prior to 11.2.5, and watchOS versions prior to 4.2.2

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid. Apple macOS The kernel component contains a vulnerability that bypasses the screen lock protection mechanism.An attacker with physical control of the device could bypass the screen lock protection mechanism. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS Sierra prior to 10.12.4

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file. Apple iOS, macOS Sierra, tvOS, and watchOS are all products of the US company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreText is one of the typesetting engine components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. plural Intel CPU The base platform contains access control vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. Intel 5th generation Intel Core Processors, etc. are different series of CPU (central processing unit) products of Intel Corporation of the United States. A local attacker could exploit this vulnerability to cause a denial of service. The following products are affected: Intel 5th, 6th, 7th, and 8th generation Intel Core Processors; Intel Pentium and Celeron Processor N3520, N2920, N28XX; Intel Atom Processor x7-Z8XXX and x5-8XXX Processor Family; Intel Pentium Processor J3710 and N37XX; Celeron Processor J3XXX; Intel Atom x5-E8000 Processor; Intel Pentium Processor J4205 and N4200; Intel Celeron Processor J3455, J3355, N3350 and N3450; Intel Atom Processor x7-E39XX Processor; Intel Xeon Scalable Processors; v4, v3, and v2 Family; Intel Xeon Phi Processor x200; Intel Xeon Processor D Family; Intel Atom Processor C Series

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. in the United States. Apple Safari is a web browser that comes with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. JavaScriptCore is one of the JavaScript core components. A security vulnerability exists in the JavaScriptCore component in Apple iOS versions prior to 10.3, Safari versions prior to 10.1, and tvOS versions prior to 10.2

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsControl is one of the integrated graphics drivers. A security vulnerability exists in the AppleGraphicsControl component in versions of Apple macOS Sierra prior to 10.12.6

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. DesktopServices is one of the desktop service components. A security vulnerability exists in the DesktopServices component of Apple macOS High Sierra prior to 10.13

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in the Font Importer component of Apple macOS Sierra prior to 10.12.6

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Spotlight is one of the components used to search for files, programs, etc. in the system

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Installer is one of the applications used to extract and install files from .pkg packages

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: versions prior to macOS High Sierra 10.13; versions prior to watchOS 4; versions prior to tvOS 11; versions prior to iOS 11

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. kext tools is one of the GUI tools for installing drivers. There is a security vulnerability in the kext tools component of Apple macOS High Sierra versions prior to 10.13. The vulnerability is caused by a logic error in the kext loading process

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to determine whether arbitrary files exist via a crafted app. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. An attacker using a specially crafted application could exploit this vulnerability to learn what other applications are on the device

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "APNs" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. APNs is one of the push notification service components. APNs components in versions prior to Apple iOS 11 have security vulnerabilities

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The com.apple.packet-mangler of the Kernel component in the com.apple.Packetmangler file in several Apple products has a security vulnerability. The following products and versions are affected: Apple iOS prior to 11.4; macOS High Sierra prior to 10.13.5; tvOS prior to 11.4; watchOS prior to 4.3.1

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app. plural Apple A vulnerability exists in the kernel component of a product that can capture critical network activity information for an arbitrary application.An attacker could gain important network activity information for any application via a crafted application. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. An attacker using a specially crafted application could exploit this vulnerability to learn what other applications are on the device and how those applications are running. The following products and versions are affected: Apple macOS High Sierra versions prior to 10.13; watchOS versions prior to 4; versions prior to tvOS 11; versions prior to iOS 11

In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty. ** Unsettled ** This case has not been confirmed as a vulnerability. OpenResty Is SQL An injection vulnerability exists. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2018-9230Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state