VARIoT IoT vulnerabilities database

Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafted packets, aka Bug ID CSCui51521. Cisco Secure ACS is a central management platform for Cisco network devices that controls device authentication and authorization. An attacker could exploit this vulnerability to cause some processes to crash, resulting in a denial of service. This issue is being tracked by Cisco Bug ID CSCui51521. The system can respectively control network access and network device access through RADIUS and TACACS protocols

The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via multiple TCP connections, aka Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. Vendors have confirmed this vulnerability Bug ID CSCuj59411 , CSCuf89818 ,and CSCuh05635 It is released as.Multiple third parties TCP Service disruption via connection ( management GUI Stop ) There is a possibility of being put into a state. Cisco is the world's leading provider of Internet solutions. A denial of service vulnerability exists in Cisco Appliances. A remote attacker could exploit this vulnerability to render the affected device unresponsive, resulting in a denial of service. This issue is being tracked by Cisco Bug IDs CSCuj59411, CSCuf89818, and CSCuh05635. ESA is an email security appliance. Content SMA is a set of content security management equipment. There is a denial-of-service vulnerability in the GUI function of the web framework. The vulnerability stems from the fact that the program does not properly manage the connection process of HTTP and HTTPS. The following devices are affected: Cisco WSA, ESA, Content SMA

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77). DrayTek Provided by Vigor2700 Contains a command injection vulnerability. DrayTek Provided by Vigor2700 Of the adjacent access point SSID The variables.js Hold on. Vigor2700 The web management screen for variables.js There is a problem with handling, command injection (CWE-77) Vulnerabilities exist. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlCrafted SSID By receiving, there is a possibility that arbitrary operations will be executed on the product. The DrayTek Vigor 2700 ADSL Router is an ADSL router. The DrayTek Vigor 2700 ADSL router stores the discovered AP SSIDs in the sWlessSurvey variable in variables.js and is handled by the WEB management interface. The attacker can construct a specially crafted SSID value containing the JavaScritp code when added to variables.js. The script is executed by the router. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. The vulnerability comes from the fact that the sWlessSurvey variable in the variables.js list does not add the SSID value correctly

Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emergency-call button during a certain notification and camera-pane state to trigger a NULL pointer dereference. Apple iOS for iPhone is prone to a local security-bypass vulnerability. An attacker with physical access to a locked device can leverage this issue to bypass the lock screen and perform unauthorized actions. Apple iOS is an operating system developed by Apple (Apple) for mobile devices

The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sessions by leveraging knowledge of the private key that matches this fallback certificate. Apple Mac OS X Server is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain unauthorized access to an affected application. Versions prior to Mac OS X Server 3.0 are vulnerable. The software enables file sharing, meeting scheduling, website hosting, network remote access, and more. The vulnerability is caused by the wrong use of the Fallback X.509 certificate on the server. An attacker can exploit this vulnerability to hijack RADIUS sessions by implementing a man-in-the-middle attack

Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by visiting an unattended workstation on which this mode was enabled during a sleep operation. Apple Keynote is prone to a security-bypass vulnerability. Local attackers can leverage this issue to bypass certain security restrictions and gain unauthorized access. Apple Keynote prior to 6.0 are vulnerable. The software can make slideshows and supports true 3D transformations, including cube rotation, card switching, dissolution, etc. An attacker in physical proximity could exploit this vulnerability by gaining access to an unattended workstation while the computer is asleep

WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by leveraging LocalStorage/ files. This vulnerability Webkit Vulnerability in Webkit Other products that use may also be affected.By the attacker, LocalStorage/ Browsing information may be obtained by using the file. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. Apple Remote Desktop is prone to an information-disclosure vulnerability. A remote man-in-the-middle attacker can exploit this issue to disclose potentially sensitive information. Information obtained may aid in further attacks. The system supports software distribution, resource management and remote assistance, etc

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. Apple Remote Desktop is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as a format specifier to a formatted-printing function. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. The system supports software distribution, resource management and remote assistance, etc

The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network. Apple Mac OS X is prone to an insecure authentication weakness. A remote attacker can exploit this issue to obtain a user's authentication credentials as they are sent to a server in plaintext format. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9. The vulnerability is caused by the Mail application choosing plain text authentication instead of CRAM-MD5 authentication

The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of these values, related to a compiler-optimization issue. An attacker can exploit this weakness to predict random number values and bypass certain security restrictions. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9. When the srandomdev function cannot access the kernel random number generator, the function will fall back to an alternative method that has been removed during optimization, resulting in a lack of randomness. Attackers can exploit this vulnerability to invalidate the encryption protection mechanism

The kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (panic) via an invalid iovec structure. Local attacker can exploit this issue to crash the system and cause denial-of-service condition. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable

The kernel in Apple Mac OS X before 10.9 does not properly handle integer values during unspecified tty device operations, which allows local users to cause a denial of service (system hang) by triggering a truncation error. Apple Mac OS X is prone to a local denial of service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by an integer truncation problem when the program handles tty devices

The kernel in Apple Mac OS X before 10.9 allows local users to obtain sensitive information or cause a denial of service (out-of-bounds read and system crash) via a crafted Mach-O file. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable

Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation. Local attackers can exploit this issue to cause a denial of service condition. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable

The random-number generator in the kernel in Apple Mac OS X before 10.9 provides lengthy exclusive access for processing of large requests, which allows local users to cause a denial of service (temporary generator outage) via an application that requires many random numbers. Apple Mac OS X is prone to a local denial of service vulnerability. Attackers can exploit this issue to cause a denial of service condition. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable

The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) by triggering a digest operation, as demonstrated by an IPSec connection. Apple Mac OS X is prone to a remote denial of service vulnerability. Successfully exploiting this issue will allow attackers to trigger a kernel panic causing denial-of-service conditions. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9 are vulnerable. An attacker could exploit this vulnerability to cause a denial of service (unexpected system termination)

CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration. Apple Mac OS X is prone to a security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and gain access to sensitive information. This may aid in launching other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable

CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is used, does not ensure that screen locking blocks the visibility of all windows, which allows physically proximate attackers to obtain sensitive information by reading the screen. Apple Mac OS X is prone to a local information-disclosure vulnerability. An attacker with physical access can exploit this issue to obtain sensitive information that may lead to further attacks. Note: This issue was previously covered in BID 63282(Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable. The vulnerability stems from a logic issue in CoreGraphics' handling of display sleep mode, resulting in data corruption. An attacker could exploit this vulnerability to see Windows through the lock screen

Console in Apple Mac OS X before 10.9 allows user-assisted remote attackers to execute arbitrary applications by triggering a log entry with a crafted attached URL. Attackers can exploit this issue to execute arbitrary applications. Note: This BID is being retired because it is a duplicate of BID 63322. An attacker can invoke arbitrary applications on an affected computer by enticing an unsuspecting user to click on a specially crafted log entry. Consequences to the user will vary depending on which application is invoked. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it