VARIoT IoT vulnerabilities database

A buffer overflow privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x22205C by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Failed exploit attempts will likely cause a denial-of-service condition. The following products and versions are vulnerable: Premium Security 12.0 and prior Maximum Security 12.0 and prior Internet Security 12.0 and prior Antivirus + Security 12.0 and prior

Diagnostics functionality on D-Link DSL-3782 devices with firmware EU v. 1.01 has a buffer overflow, allowing authenticated remote attackers to execute arbitrary code via a long Addr value to the 'set Diagnostics_Entry' function in an HTTP request, related to /userfs/bin/tcapi. D-Link DSL-3782 The device firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-3782 is a wireless router product from D-Link. A buffer overflow vulnerability exists in the Diagnostics feature of the D-LinkDSL-3782 device using EU1.01 firmware

NMS2056S is a high-performance monitoring host for the large and medium-sized computer room power environment monitoring field. NMS2056S has a login bypass vulnerability. An attacker can use this vulnerability to enter the background as an administrator to obtain sensitive information

AESM daemon in Intel Software Guard Extensions Platform Software Component for Linux before 2.1.102 can effectively be disabled by a local attacker creating a denial of services like remote attestation provided by the AESM. AESM daemon is one of the AESM daemons. A local attacker could exploit this vulnerability to cause a denial of service

Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session. Intel Remote Keyboard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The software supports mobile phone remote control computer

Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user. Intel Remote Keyboard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Remote Keyboard is the remote keyboard software of Intel Corporation. The software supports mobile phone remote control computer

Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user. Intel Remote Keyboard Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel Remote Keyboard is the remote keyboard software of Intel Corporation. The software supports mobile phone remote control computer. An elevation of privilege vulnerability exists in Intel Remote Keyboard

An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. A security vulnerability exists in the Graphics Driver component of Apple iOS versions prior to 11.2.5, tvOS versions prior to 11.2.5, and watchOS versions prior to 4.2.2

An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the "Notes" component. It allows local users to obtain sensitive information by reading search results that contain locked-note content. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "Kernel" component. It allows physically proximate attackers to bypass the screen-locking protection mechanism that should have been in place upon closing the lid. Apple macOS The kernel component contains a vulnerability that bypasses the screen lock protection mechanism.An attacker with physical control of the device could bypass the screen lock protection mechanism. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS Sierra prior to 10.12.4

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file. Apple iOS, macOS Sierra, tvOS, and watchOS are all products of the US company Apple (Apple). Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system. CoreText is one of the typesetting engine components. The following products and versions are affected: Apple iOS prior to 10.3.2; macOS Sierra prior to 10.12.5; tvOS prior to 10.2.1; watchOS prior to 3.2.2

An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the "Sandbox Profiles" component. It allows attackers to bypass intended access restrictions (for iCloud user records) via a crafted app. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

Configuration of SPI Flash in platforms based on multiple Intel platforms allow a local attacker to alter the behavior of the SPI flash potentially leading to a Denial of Service. plural Intel CPU The base platform contains access control vulnerabilities.Service operation interruption (DoS) There is a possibility of being put into a state. Intel 5th generation Intel Core Processors, etc. are different series of CPU (central processing unit) products of Intel Corporation of the United States. A local attacker could exploit this vulnerability to cause a denial of service. The following products are affected: Intel 5th, 6th, 7th, and 8th generation Intel Core Processors; Intel Pentium and Celeron Processor N3520, N2920, N28XX; Intel Atom Processor x7-Z8XXX and x5-8XXX Processor Family; Intel Pentium Processor J3710 and N37XX; Celeron Processor J3XXX; Intel Atom x5-E8000 Processor; Intel Pentium Processor J4205 and N4200; Intel Celeron Processor J3455, J3355, N3350 and N3450; Intel Atom Processor x7-E39XX Processor; Intel Xeon Scalable Processors; v4, v3, and v2 Family; Intel Xeon Phi Processor x200; Intel Xeon Processor D Family; Intel Atom Processor C Series

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "JavaScriptCore" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that triggers prototype mishandling. in the United States. Apple Safari is a web browser that comes with the Mac OS X and iOS operating systems; iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system. JavaScriptCore is one of the JavaScript core components. A security vulnerability exists in the JavaScriptCore component in Apple iOS versions prior to 10.3, Safari versions prior to 10.1, and tvOS versions prior to 10.2

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsControl" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsControl is one of the integrated graphics drivers. A security vulnerability exists in the AppleGraphicsControl component in versions of Apple macOS Sierra prior to 10.12.6

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "DesktopServices" component. It allows local users to bypass intended access restrictions on home folder files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. DesktopServices is one of the desktop service components. A security vulnerability exists in the DesktopServices component of Apple macOS High Sierra prior to 10.13

An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Font Importer" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. A security vulnerability exists in the Font Importer component of Apple macOS Sierra prior to 10.12.6

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Spotlight" component. It allows local users to see results for other users' files. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Spotlight is one of the components used to search for files, programs, etc. in the system

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Installer" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Installer is one of the applications used to extract and install files from .pkg packages

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system; watchOS is a smart watch operating system. The following products and versions are affected: versions prior to macOS High Sierra 10.13; versions prior to watchOS 4; versions prior to tvOS 11; versions prior to iOS 11