VARIoT IoT vulnerabilities database

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera export.cgi program. The vulnerability is due to the program's failure to perform security checks on data when executing system commands, allowing attackers to use shell metacharacters to execute arbitrary system commands as root, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. There is an XML entity injection vulnerability in the pelco Sarix Pro webcam import.cgi, which allows attackers to use the vulnerability to obtain sensitive information.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. There is a login bypass vulnerability in the pelco Sarix Pro webcam WEB management interface. Allows an attacker to bypass password authentication and log in to the WEB management interface directly as an administrator.

pelco Sarix Professional is a video camera. A weak password vulnerability exists in the pelco Sarix Pro webcam WEB management interface. The attacker can obtain a hidden management account, use this account to perform any background operation, gain management authority, and completely control the camera.

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is due to the program's failure to properly perform validity checks when processing user-submitted data, allowing attackers who have passed web authentication to use shell metacharacters to bypass restrictions and execute arbitrary commands as root.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.

pelco Sarix Professional is a video camera. A code execution vulnerability exists in the pelco Sarix Pro webcam session.cgi program. The vulnerability is because the program does not check the length when processing user submitted data. A remote attacker could use the vulnerability to execute arbitrary code, resulting in a stack overflow.

pelco Sarix Professional is a video camera. There is an arbitrary file deletion vulnerability in the pelco Sarix Pro webcam set_param program. The vulnerability is because the program does not check the file name when processing parameters. An attacker can use the vulnerability to delete any file or directory, causing the camera to fail to work properly.

pelco Sarix Professional is a video camera. An information disclosure vulnerability exists in the pelco Sarix Pro network camera. Allows attackers to exploit vulnerabilities to obtain sensitive information.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is due to the program's failure to perform security checks on the parameters submitted by the user, allowing attackers to use shell metacharacters to execute arbitrary system commands as root to completely control the camera.

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to multiple HTML-Injection vulnerabilities . Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. All versions of Dell SonicWall SonicOS are vulnerable. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to bypass throttling mechanisms or filter protections

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to HTML-Injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to inject malicious code

Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field. Hitron CVE-30360 The device contains cryptographic vulnerabilities.Information may be obtained. HitronCVE-30360devices is a router device from China Hitron. A security vulnerability exists in the HitronCVE-30360 device that originated from the shared 578A958E3DD933FCDES key used by the program

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2721 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to using it as a memory address in a free operation. An attacker can leverage this functionality to execute code under the context of Administrator.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the picfile parameter in gmicons.asp. The issue results from the lack of proper validation of user-supplied data, which can allow for the upload of any file. An attacker can leverage this vulnerability to execute code in the context of the the web service.

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676. Vendors have confirmed this vulnerability IBM X-Force ID: 130676 It is released as.Information may be obtained and information may be altered. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. The product enables access management control through integrated appliances for web, mobile and cloud computing

In Xen 4.10, new infrastructure was introduced as part of an overhaul to how MSR emulation happens for guests. Unfortunately, one tracking structure isn't freed when a vcpu is destroyed. This allows guest OS administrators to cause a denial of service (host OS memory consumption) by rebooting many times. Xen Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Xen is an open source virtual machine monitor. There is a security vulnerability in the Xen 4.10 release. An attacker can exploit this issue to cause a denial-of-service condition. Due to the nature of this issue, code execution may be possible but this has not been confirmed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Xen: Multiple vulnerabilities Date: October 30, 2018 Bugs: #643350, #655188, #655544, #659442 ID: 201810-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Xen, the worst of which could cause a Denial of Service condition. Background ========== Xen is a bare-metal hypervisor. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.10.1-r2 >= 4.10.1-r2 2 app-emulation/xen-tools < 4.10.1-r2 >= 4.10.1-r2 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.10.1-r2" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=app-emulation/xen-tools-4.10.1-r2" References ========== [ 1 ] CVE-2017-5715 https://nvd.nist.gov/vuln/detail/CVE-2017-5715 [ 2 ] CVE-2017-5753 https://nvd.nist.gov/vuln/detail/CVE-2017-5753 [ 3 ] CVE-2017-5754 https://nvd.nist.gov/vuln/detail/CVE-2017-5754 [ 4 ] CVE-2018-10471 https://nvd.nist.gov/vuln/detail/CVE-2018-10471 [ 5 ] CVE-2018-10472 https://nvd.nist.gov/vuln/detail/CVE-2018-10472 [ 6 ] CVE-2018-10981 https://nvd.nist.gov/vuln/detail/CVE-2018-10981 [ 7 ] CVE-2018-10982 https://nvd.nist.gov/vuln/detail/CVE-2018-10982 [ 8 ] CVE-2018-12891 https://nvd.nist.gov/vuln/detail/CVE-2018-12891 [ 9 ] CVE-2018-12892 https://nvd.nist.gov/vuln/detail/CVE-2018-12892 [ 10 ] CVE-2018-12893 https://nvd.nist.gov/vuln/detail/CVE-2018-12893 [ 11 ] CVE-2018-15468 https://nvd.nist.gov/vuln/detail/CVE-2018-15468 [ 12 ] CVE-2018-15469 https://nvd.nist.gov/vuln/detail/CVE-2018-15469 [ 13 ] CVE-2018-15470 https://nvd.nist.gov/vuln/detail/CVE-2018-15470 [ 14 ] CVE-2018-3620 https://nvd.nist.gov/vuln/detail/CVE-2018-3620 [ 15 ] CVE-2018-3646 https://nvd.nist.gov/vuln/detail/CVE-2018-3646 [ 16 ] CVE-2018-5244 https://nvd.nist.gov/vuln/detail/CVE-2018-5244 [ 17 ] CVE-2018-7540 https://nvd.nist.gov/vuln/detail/CVE-2018-7540 [ 18 ] CVE-2018-7541 https://nvd.nist.gov/vuln/detail/CVE-2018-7541 [ 19 ] CVE-2018-7542 https://nvd.nist.gov/vuln/detail/CVE-2018-7542 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201810-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. Vendors have confirmed this vulnerability IBM X-Force ID: 128378 It is released as.Information may be obtained and information may be altered. Multiple IBM products are prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass security restrictions and gain unauthorized access to the vulnerable system; this may aid in launching further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing. An attacker could exploit this vulnerability to read and change resources

IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675. Vendors have confirmed this vulnerability IBM X-Force ID: 130675 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing