VARIoT IoT vulnerabilities database

Intel PSET Application Install wrapper of Intel Parallel Studio XE, Intel System Studio, Intel VTune Amplifier, Intel Inspector, Intel Advisor, Intel MPI Library, Intel Trace Analyzer and Collector, Intel Integrated Performance Primitives, Cryptography for Intel Integrated Performance Primitives, Intel Math Kernel Library, Intel Data Analytics Acceleration Library, and Intel Threading Building Blocks before 2017 Update 2 allows an attacker to launch a process with escalated privileges. plural Intel Product Intel PSET Application Install The wrapper contains a vulnerability that allows processes to be launched with elevated privileges.An attacker could launch a process with elevated privileges. Multiple Intel products are prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges. Intel Parallel Studio X, etc. Intel Parallel Studio X is a set of software for improving application performance and big data analysis; Intel Inspector is a set of tools for dynamic testing of memory access errors and thread access errors in applications

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885. WePresent WiPG-1500 is a gateway newly launched by AWIND. WiPG-1500 connects to multi-platform devices (Windows/Mac/Pad/Smartphone/AirPad) and supports interactive presentations by supporting finger touch technology and virtual whiteboard. WePresent WiPG-1500 has a backdoor vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and gain unauthorized access to the device. wePresent WiPG-1500 is a wireless projection device produced by Australia wePresentWiPG company for multimedia interactive teaching, large conferences, etc. A security vulnerability exists in wePresent WiPG-1500 devices using firmware version 1.0.3.7

Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslookup.cgi. NOTE: this issue can be combined with CVE-2017-6334 to execute arbitrary code remotely. NETGEAR DGN2200 is a wireless router product of NETGEAR

The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled. This constitutes a 'bypass' of the disarm functionality resident to the application. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. The IntelEthernetController driver has a security vulnerability that allows a remote attacker to exploit the vulnerability to submit a special request for a denial of service attack. An attacker can exploit this issue to cause denial-of-service conditions

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/show_bug.cgi?id=1167489#c9 protection mechanism in place, which makes it easier for remote attackers to conduct AnC attacks via crafted JavaScript code. W3CHighResolutionTimeAPI is a set of JavaScript interfaces for the current time format that provides sub-millisecond resolution for web applications. A security vulnerability exists in W3CHighResolutionTimeAPI. An attacker could exploit the vulnerability to implement an AnC attack with specially crafted JavaScript code. W3C High Resolution Time API is prone to a security vulnerability. Attackers can exploit this issue to bypass certain security restrictions and gain access to some sensitive information. This may aid in further attacks

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser. Symantec Messaging Gateway Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Versions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

Redmi 2A mobile phone is a new model launched by Xiaomi on March 31, 2015. It is a derivative of Redmi Mobile 2. Redmi 2A kernel device / dev / hx170dec's ioctl cmd = 0x40046b0a and / dev / comip-ureg's ioctl cmd = 0xc00c7503 processing function lacks validity judgment, allowing attackers to cause exceptions or privileges to the device.

The D-LinkDSL-2730U is a router device. A denial of service vulnerability exists in the D-LinkDSL-2730U that could allow an attacker to crash an application and cause a denial of service.

Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19 send cleartext passwords in response to requests from the Web Page, Mobile Application, and Desktop Application interfaces, which allows remote attackers to obtain sensitive information by sniffing the network, a different vulnerability than CVE-2013-6117. This vulnerability CVE-2013-6117 Is a different vulnerability.A remote attacker could intercept your network and gain valuable information. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. Dahua Security Multiple Products are prone to an information-disclosure vulnerability

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time. This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. Symantec Messaging Gateway Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to obtain potentially sensitive information and execute arbitrary local scripts. This could allow the attacker to compromise the application and the computer; other attacks are also possible. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Versions prior to Symantec Messaging Gateway 10.6.3-267 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. Symantec Messaging Gateway Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Symantec Messaging Gateway is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Versions prior to Symantec Messaging Gateway 10.6.3-266 are vulnerable. Symantec Messaging Gateway is a set of anti-spam, anti-virus, advanced content filtering and data leakage prevention technologies developed by Symantec

Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx. Astaro Security Gateway ( alias ASG) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Sophos Astaro Security Gateway (also known as ASG) is a gateway device of British Sophos company. A security vulnerability exists in Sophos ASG 7 release

An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 2016-06-06, Camera Firmware 2.400.0000.28.R 2016-03-29, and SmartPSS Software 1.16.1 2017-01-19. When SmartPSS Software is launched, while on the login screen, the software in the background automatically logs in as admin. This allows sniffing sensitive information identified in CVE-2017-6341 without prior knowledge of the password. This is a different vulnerability than CVE-2013-6117. Dahua DHI-HCVR7216A-S3 is a network hard disk recorder product of Dahua Company of China. A remote attacker can use the vulnerability to implement a rainbow table attack to obtain sensitive information. Dahua Security Multiple Products are prone to an information-disclosure vulnerability

Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted requests to CGI programs. D-linkDI-524 is a wireless router from D-Link. A cross-site request forgery vulnerability exists in D-linkDI-5249.01. An attacker could exploit the vulnerability to perform unauthorized actions and gain access to affected applications. D-link DI-524 is prone to multiple cross-site request-forgery vulnerabilities. Other attacks are also possible. D-link DI-524 9.01 is vulnerable; other versions may also be affected

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple AMD Processor are prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. AMD Phenom 9550 4-Core and so on are the processor products of American AMD Company. The following products are affected: AMD Phenom 9550 4-Core; AMD E-350; AMD Athlon II 640 X4; AMD FX-8120 8-Core; AMD FX-8320 8-Core; AMD FX-8350 8-Core

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. ARM Cortex A53 and so on are CPU processors of British ARM company. There are security vulnerabilities in many ARM processors. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. Multiple Intel Processor is prone to local security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Little is known about this issue or its effects at this time. We will update this BID as more information emerges. Intel Core i7 920 and so on are the CPU processors of Intel Corporation of the United States. The following products are affected: Intel Core i7 920; Intel Core i5 M480; Intel Core i7-2620QM; Intel Core i7-3632QM; Intel Core i7-4500U; Intel Atom C2750; Intel Xeon E5-2658 v2; i7-6700K; Intel Xeon E3-1240 v5

A remote command injection vulnerability exists in the Barracuda Load Balancer product line (confirmed on v5.4.0.004 (2015-11-26) and v6.0.1.006 (2016-08-19); fixed in 6.1.0.003 (2017-01-17)) in which an authenticated user can execute arbitrary shell commands and gain root privileges. The vulnerability stems from unsanitized data being processed in a system call when the delete_assessment command is issued. Barracuda Networks Load Balancer is an application delivery controller from Barracuda Networks. The controller provides protection against intrusion and attack events, while optimizing application load and providing strong performance support