VARIoT IoT vulnerabilities database

An exploitable Information Disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Series Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131A is a wireless access device from Moxa. An information disclosure vulnerability exists in the WebApplication feature of MoxaAWK-3131A in version 1.1 firmware

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially unexpected HTTP get requests to trigger this vulnerability. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules. An HTTP denial of service vulnerability exists in the WebApplication feature of MoxaAWK-3131AWirelessAccessPoint using version 1.1 firmware. There is no..

An exploitable information disclosure vulnerability exists in the serviceAgent functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted TCP query will allow an attacker to retrieve potentially sensitive information. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. The functionality exposed by serviceAgent is accessible by using a freely-available Windows application (Moxa Windows Search Utility) or with custom scripts. In addition, the service does..

An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. MoxaAWK-3131AWirelessAccessPoint is a wireless switch from China's Moxa. WebApplication is one of the web application modules

An exploitable null pointer dereference vulnerability exists in the Web Application /forms/web_runScript iw_filename functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. An HTTP POST request with a blank line in the header will cause a segmentation fault in the web server. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa

An exploitable information disclosure vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point. Retrieving a series of URLs without authentication can reveal sensitive configuration and system information to an attacker. Moxa AWK-3131A Wireless AP Contains an information disclosure vulnerability.Information may be obtained. Moxa AWK-3131A Wireless Access Point is a wireless switch made by Moxa. Web Application is one of the network application modules

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.An attacker could read a sent email message. The Samsung SM-G920F (Galaxy S6) is a Samsung smartphone from South Korea. SecEmailSync is one of the mail sync plugins. An information disclosure vulnerability exists in SecEmailSync in the SamsungSM-G920FbuildG920FXXU2COH2 release. Samsung SecEmailSync is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Vendors have confirmed this vulnerability SVE-2015-5081 It is released as.SQL An injection attack may be performed. SecEmailSync is one of the mail sync plugins. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. Samsung SecEmailSync is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. SamsungkernelforAndroidonSM-N9005 (Note3) and SM-G920F (GalaxyS6) are the cores of Samsung's Android system running on SM-N9005 (Note3) and SM-G920F (GalaxyS6) (smartphone). Secfilter is one of the URL parsing filter plugins. An input validation vulnerability exists in the secfilter of Samsungkernel for Android in SamsungSM-N9005 (Note3) and SM-G920F (GalaxyS6). Samsung kernel for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) are both Korean Samsung (Samsung) running on SM-N9005 (Note 3) and SM-G920F (Galaxy S6) (smart phones) The kernel of the Android system in. There is a security vulnerability in the secfilter of Samsung kernel for Android in Samsung SM-N9005(Note 3) and SM-G920F(Galaxy S6). The following products and versions are affected: Samsung SM-N9005 build N9005XXUGBOB6 (Note 3) version; SM-G920F build G920FXXU2COH2 (Galaxy S6) version

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. SamsungSM-G920F (GalaxyS6) and so on are all smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in several Samsung phones. An attacker could use the vulnerability to make a call, send a text message, or post a command. Multiple Samsung Galaxy products are prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. Vendors have confirmed this vulnerability SVE-2016-5301 It is released as.The attacker can Linux By connecting to the host, AT A command may be sent. AndroidforSamsungGalaxyS6Edge is a Linux-based open source operating system developed by Samsung and the Open Handheld Device Alliance (OHA) in the United States for smartphones released by South Korea's Samsung. There are security bypass vulnerabilities in multiple SamsungGalaxy products. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. This may lead to further attacks

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. GPUdriver is one of the graphics drivers. A refusal service vulnerability exists in the GPU drivers in HuaweiP7 and P8 Youth. An attacker could exploit the vulnerability to trick the phone system into crashes by tricking the user into installing a malicious application and entering an illegal parameter into the product's graphics processing unit (GPU) driver. The following products and versions are affected: Huawei P7-L00C17B851 earlier, P7-L05C00B851 earlier, P7-L09C92B851 earlier; P8 Youth Edition ALE-UL00B211 earlier

Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. HuaweiP7 and P8 Youth Edition are both Huawei's smartphone devices. An attacker could use the vulnerability to enter an illegal parameter into the camera driver by tricking the user into installing a malicious application and obtaining the system or camera privileges of the device, causing the system to crash. The following products and versions are affected: Huawei P7 earlier than P7-L00C17B851, earlier than P7-L05C00B851, earlier than P7-L09C92B851; P8 Youth Edition earlier than ALE-UL00B211

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none. Both the Samsung Note 3 and the Galaxy S6 are smartphones released by the South Korean company Samsung. There are security flaws in the Samsung Note 3 and Galaxy S6. An attacker can exploit this vulnerability to cause a denial of service (null pointer backreference) by sending an HTTP request that does not contain a URL

Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted image. Both Apple Mac OS X and Apple Mac OS X Server are products of Apple (Apple). Apple Mac OS X is a dedicated operating system developed for Mac computers. ImageIO is one of the static methods used to perform common image I/O operations

Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. Kernel is one of the kernel components. A local attacker could exploit this vulnerability to gain system privileges

A memory exhaustion vulnerability exists in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1 and Certified Asterisk 13.13 before 13.13-cert4, which can be triggered by sending specially crafted SCCP packets causing an infinite loop and leading to memory exhaustion (by message logging in that loop). Asterisk Open Source and Certified Asterisk Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Asterisk products are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition

Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. TeamPass is a password manager dedicated to Apache, MySQL and PHP. A cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier

An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing widespread denials of system services. JuniperNetworksNorthStarControllerApplication is a traffic planning controller from Juniper Networks. The controller optimizes the service provider's transport network by establishing an open industry standard protocol. A security vulnerability exists in versions prior to JuniperNetworksNorthStarControllerApplication2.1.0ServicePack1. An attacker could exploit the vulnerability to cause a denial of service. Versions prior to Juniper NorthStar Controller Application 2.1.0 Service Pack 1 are vulnerable

An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis. Juniper NorthStar Controller Application is prone to a local local security-bypass vulnerability. An attacker may exploit this issue to bypass certain security restrictions and perform unauthorized actions. Juniper NorthStar Controller Application before version 2.1.0 Service Pack 1 are vulnerable. The controller optimizes a service provider's transport network by establishing open industry-standard protocols. An attacker could exploit this vulnerability to copy data on the underlying Junos OS VM and the local system