VARIoT IoT vulnerabilities database

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11856. Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Router DNS The dynamic registration / update function is enabled and the client PC In the network where the auto-detection function is enabled in "wpad" If a device with the host name is added to the network, the contents of the communication may be obtained or altered. Used in home and office (Google WiFi And Ubiquiti UniFi General including etc. ) In routers, often DNS Dynamic registration / update function is used. DNS Dynamic registration / update function DHCP Use the host name sent from the client side in the request as it is A Records are automatically registered / updated. An attacker with access to the network "wpad" And "isatap" A device with a host name of DNS By registering with, you may attract access to the device and attack it. Also, the discoverer mDNS Clients in the network without using a router PC In "wpad" And "isatap" It is confirmed that it can be accessed in combination with the automatic detection function. WPAD About proxy auto-configuration by so-called Nora DHCP Server or higher DNS On the server <a href="https://googleprojectzero.blogspot.fi/2017/12/apacolypse-now-exploiting-windows-10-in_18.html"target="blank"> Has been considered a problem </a> But, LAN/WLAN There was no mention of the internal auto-configuration function. This problem, Arctic Security Company Ossi Salmi , Mika Seppanen , Marko Laakso , Kasper Kyllonen Discovered and verified by NCSC-FI Made adjustments.In an internal network, an attacker "wpad" If a device with the host name is added to the network, the device can be used as an attack proxy, and as a result, the contents of the communication may be obtained or altered. The vendor Internet Explorer Memory Corruption Vulnerability ". This vulnerability CVE-2017-11856 Is a different vulnerability.An attacker could gain the same user rights as the current user. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Escalation of privilege vulnerability in admin portal for Intel Unite App versions 3.1.32.12, 3.1.41.18 and 3.1.45.26 allows an attacker with network access to cause a denial of service and/or information disclosure. Intel Unite App is prone to a privilege-escalation vulnerability. A remote attacker can exploit this issue to gain elevated privileges. Intel Unite App 3.1.32.12, 3.1.41.18 and 3.1.45.26 are vulnerable. Intel Unite is an enterprise conference collaboration solution developed by Intel Corporation of the United States. The admin portal is one of the management interfaces

A local privilege escalation vulnerability was identified in the Realtek audio driver versions prior to 6.0.1.8224 in some Lenovo ThinkPad products. An attacker with local privileges could execute code with administrative privileges. plural Lenovo ThinkPad Product Realtek Audio drivers contain vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ThinkPad11e and other are notebook products of China Lenovo. Realtekaudiodriver is one of the audio drivers released by Realtek

The Web Configuration Utility in Meinberg LANTIME devices with firmware before 6.24.004 allows remote authenticated users with certain privileges to read arbitrary files via (1) the ntpclientcounterlogfile parameter to cgi-bin/mainv2 or (2) vectors involving curl support of the "file" schema in the firmware update functionality. Meinberg LANTIME The device firmware contains an information disclosure vulnerability.Information may be obtained. Meinberg LANTIME is an NTP time server of Germany Meinberg company. Web Configuration Utility is one of the Web configuration tools. A security vulnerability exists in the Web Configuration Utility on Meinberg LANTIME with firmware prior to 6.24.004. A remote attacker could exploit this vulnerability to read arbitrary files by sending the 'ntpclientcounterlogfile' parameter to cgi-bin/mainv2 or by other means

IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372. Vendors report this vulnerability IBM X-Force ID: 128372 Published as.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The program enables access management control through integrated devices for web, mobile and cloud computing

IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128612. Vendors have confirmed this vulnerability IBM X-Force ID: 128612 It is released as.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. The program enables access management control through integrated devices for web, mobile and cloud computing

Improper restriction of rendered UI layers or frames vulnerability in SSOOauth.cgi in Synology SSO Server before 2.1.3-0129 allows remote attackers to conduct clickjacking attacks via unspecified vectors. Synology SSO Server Contains an input validation vulnerability.Information may be obtained and information may be altered. Synology SSO Server is a server software provided by Synology, Taiwan, China, which provides single sign-on function. The SSOOauth.cgi file in versions prior to Synology SSO Server 2.1.3-0129 has a security vulnerability. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Cross-site scripting (XSS) vulnerability in SYNO.Core.PersonalNotification.Event in Synology DiskStation Manager (DSM) before 6.1.4-15217-3 allows remote authenticated users to inject arbitrary web script or HTML via the package parameter. Synology DiskStation Manager (DSM) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology DiskStation Manager (DSM) is an operating system for network storage servers (NAS) developed by Synology, Taiwan. The operating system can manage data, documents, photos, music and other information. An attacker could exploit this vulnerability to execute client code

Improper authorization vulnerability in Highlight Preview in Synology Universal Search before 1.0.5-0135 allows remote authenticated users to bypass permission checks for directories in POSIX mode. Synology Universal Search Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Universal Search is a Synology company's software for searching applications and files in Synology NAS. Highlight Preview is one of the highlighted components. Highlight Preview in versions prior to Synology Universal Search 1.0.5-0135 has a security vulnerability

Improper input validation vulnerability in SYNOPHOTO_Flickr_MultiUpload in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote authenticated users to execute arbitrary codes via the prog_id parameter. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet

Cross-site scripting (XSS) vulnerability in Log Viewer in Synology Photo Station before 6.8.3-3463 and before 6.3-2971 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Synology Photo Station Contains a cross-site scripting vulnerability.The information may be obtained and the information may be falsified. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Log Viewer is one of the log viewers

Exposure of private information vulnerability in Photo Viewer in Synology Photo Station 6.8.1-3458 allows remote attackers to obtain metadata from password-protected photographs via the map viewer mode. Synology Photo Station Contains an information disclosure vulnerability.Information may be obtained. Synology Photo Station is a set of solutions from Synology for sharing pictures, videos and blogs on the Internet. Photo Viewer is one of the picture viewing components

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "HelpViewer" component. A cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML by bypassing the Same Origin Policy for quarantined HTML documents. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. HelpViewer is one of the help viewer components. A security vulnerability exists in the HelpViewer component of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to monitor arbitrary apps via a crafted app that accesses process information at a high rate. Apple iOS, macOS High Sierra, tvOS, and watchOS are all products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices; macOS High Sierra is a dedicated operating system developed for Mac computers; tvOS is a smart TV operating system. watchOS is a smart watch operating system. The following products and versions are affected: Apple iOS prior to 11.1; macOS High Sierra prior to 10.13.1; tvOS prior to 11.1; watchOS prior to 4.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the third-party "PCRE" product. Versions before 8.40 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. PCRE is one of the regular expression function libraries. A security vulnerability exists in the PCRE component prior to 8.40 in versions of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the Kernel component of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Sandbox" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. Sandbox is a sandbox system that provides the operating system with a method to limit the use of system resources by applications. A security vulnerability exists in the Sandbox component of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the nsurlstoraged service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to escalate privileges under the context of the current service. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. CFNetwork is one of the network protocol libraries. A security vulnerability exists in the CFNetwork component of Apple macOS High Sierra prior to 10.13.1

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "Open Scripting Architecture" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted AppleScript file that is mishandled by osadecompile. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "QuickTime" component. It allows attackers to bypass intended memory-read restrictions via a crafted app. Apple macOS of QuickTime The component contains a vulnerability that bypasses memory read restrictions.An attacker could bypass memory read restrictions through a crafted application. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. A security vulnerability exists in the QuickTime component of Apple macOS High Sierra prior to 10.13.1