VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201310-0467 CVE-2013-5187 Apple Mac OS X Vulnerability in obtaining important information in the implementation of screen lock CVSS V2: 1.9
CVSS V3: -
Severity: LOW
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Apple Mac OS X is prone to a local unauthorized access vulnerability. An attacker with physical access can exploit this issue to gain unauthorized access. Successful exploits will lead to other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable
VAR-201310-0466 CVE-2013-5186 Apple Mac OS X of Power Management Vulnerability in which important information is obtained CVSS V2: 2.1
CVSS V3: -
Severity: LOW
Power Management in Apple Mac OS X before 10.9 does not properly handle the interaction between locking and power assertions, which allows physically proximate attackers to obtain sensitive information by reading a screen that should have transitioned into the locked state. Apple Mac OS X is prone to a local unauthorized access vulnerability. An attacker with physical access can exploit this issue to gain unauthorized access. Successful exploits will lead to other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable
VAR-201310-0465 CVE-2013-5185 Apple Mac OS X of OpenLDAP of ldapsearch Vulnerabilities in which important information can be obtained in command line programs CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information by leveraging unintended weak encryption and sniffing the network. Apple Mac OS X is prone to a security vulnerability. Attackers can exploit this issue bypass security restrictions, and perform other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by the program not correctly handling the minssf configuration, resulting in weak encryption. A remote attacker could exploit this vulnerability to obtain sensitive information by sniffing the network
VAR-201310-0464 CVE-2013-5184 Apple Mac OS X Service disruption in some kernels (DoS) Vulnerabilities CVSS V2: 5.7
CVSS V3: -
Severity: MEDIUM
The kernel in Apple Mac OS X before 10.9 does not properly check for errors during the processing of multicast Wi-Fi packets, which allows remote attackers to cause a denial of service (system crash) by leveraging presence in an 802.11 network's coverage area. A remote attacker can leverage this issue to crash the system, denying service to legitimate users. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Apple Mac OS X versions prior to 10.9 are vulnerable. The vulnerability is caused by an error checking problem when the program processes multicast packets
VAR-201310-0463 CVE-2013-5183 Apple Mac OS X Vulnerability in obtaining important information in email CVSS V2: 2.6
CVSS V3: -
Severity: LOW
Mail in Apple Mac OS X before 10.9, when Kerberos authentication is enabled and TLS is disabled, sends invalid cleartext data, which allows remote attackers to obtain sensitive information by sniffing the network. Apple Mac OS X is prone to an information-disclosure vulnerability. Attackers can exploit this issue gain access to sensitive information. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9 are vulnerable
VAR-201310-0462 CVE-2013-5182 Apple Mac OS X Vulnerabilities in the presence of cryptographic signatures in email messages CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof the existence of a cryptographic signature for an e-mail message by using the multipart/signed content type within an unsigned message. Apple Mac OS X is prone to a security vulnerability. Attackers can exploit this issue bypass security restrictions, and perform other attacks. Note: This issue was previously covered in BID 63282 (Apple Mac OS X APPLE-SA-2013-10-22-3 Multiple Security Vulnerabilities), but has been given its own record to better document it. Mac OS X versions prior to 10.9 are vulnerable. Attackers can exploit this vulnerability to spoof encrypted signatures of emails
VAR-201310-0527 CVE-2013-5544 Cisco Adaptive Security Appliance Software VPN Service operation interruption in authentication function (DoS) Vulnerabilities CVSS V2: 5.4
CVSS V3: -
Severity: MEDIUM
The VPN authentication functionality in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (device reload) by sending many username-from-cert IKE requests, aka Bug ID CSCua91108. An attacker can exploit this issue to reload the affected device, causing a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCua91108
VAR-201310-0536 CVE-2013-5550 Cisco Unified Computing System Service disruption in fabric interconnect components (DoS) Vulnerabilities CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operations, aka Bug ID CSCtq86549. Cisco Unified Computing System is prone to a local denial-of-service vulnerability because it fails to properly validate the user-supplied input. Local attacker can exploit this issue to crash the device and cause denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCtq86549. Cisco Unified Computing System (UCS) is a unified computing system of Cisco (Cisco). The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the program not correctly filtering the parameters submitted by users
VAR-201310-0621 CVE-2013-6246 Dell Quest One Password Manager Vulnerabilities in which capture protection is bypassed CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters. DELL Quest One Password Manager is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and gain access to sensitive areas of the application to perform unauthorized actions; this may aid in launching further attacks. The software allows end users to reset forgotten passwords and unlock accounts, and supports the enforcement of secure data access policies
VAR-201310-0437 CVE-2013-4450 Node.js of HTTP Service disruption at the server (DoS) Vulnerabilities CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of service (memory and CPU consumption) by sending a large number of pipelined requests without reading the response. Node.js is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: nodejs010-nodejs security update Advisory ID: RHSA-2013:1842-01 Product: Red Hat Software Collections Advisory URL: https://rhn.redhat.com/errata/RHSA-2013-1842.html Issue date: 2013-12-16 CVE Names: CVE-2013-4450 ===================================================================== 1. Summary: Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for RHEL 6 Server - x86_64 Red Hat Software Collections for RHEL 6 Workstation - x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. (CVE-2013-4450) Node.js is included in Red Hat Software Collections 1.0 as a Technology Preview. More information about Red Hat Technology Previews is available here: https://access.redhat.com/support/offerings/techpreview/ All nodejs010-nodejs users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1021170 - CVE-2013-4450 NodeJS: HTTP Pipelining DoS 6. Package List: Red Hat Software Collections for RHEL 6 Server: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Server/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm Red Hat Software Collections for RHEL 6 Workstation: Source: ftp://ftp.redhat.com/pub/redhat/linux/enterprise/6Workstation/en/RHSCL/SRPMS/nodejs010-nodejs-0.10.5-8.el6.src.rpm x86_64: nodejs010-nodejs-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-debuginfo-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-devel-0.10.5-8.el6.x86_64.rpm nodejs010-nodejs-docs-0.10.5-8.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2013-4450.html https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2013 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFSr0q9XlSAg2UNWIIRAplZAKCNJooZ8mJA2a/ke2+zDonkXBgQMACgjYHJ q5tCftH+wfTRq0Xalgs8iMM= =7XqG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
VAR-201310-0652 No CVE ARRIS DG860A 'router.data' NVRAM Backup File Remote Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
ARRIS DG860A does not properly handle backup files, allowing unauthenticated attackers to exploit the vulnerability to access backup files for password information. Arris DG860A is a modem product of the American Arris Group. An information disclosure vulnerability exists in ARRIS DG860A. Attackers can use this vulnerability to obtain sensitive information that can help launch further attacks. This may result in further attacks
VAR-201310-0403 CVE-2013-6021 Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie. Watchguard Extensible Threat Management (XTM) Contains a stack buffer overflow vulnerability. Watchguard Extensible Threat Management (XTM) appliance is a next-generation network security appliance that includes firewalls, application control and intrusion prevention systems. The WGagent running on the XTM application has a security vulnerability in parsing the cookie sent to the WEB interface. Failed exploit attempts will result in a denial-of-service condition
VAR-201310-0330 CVE-2013-5428 IBM WebSphere DataPower XC10 Service disruption on the appliance (DoS) Vulnerabilities CVSS V2: 7.1
CVSS V3: -
Severity: HIGH
IBM WebSphere DataPower XC10 appliances 2.5.0 do not require authentication for all administrative actions, which allows remote attackers to cause a denial of service via unspecified vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unauthorized-access vulnerability. Attackers can exploit this issue to gain unauthorized administrative access and perform malicious actions on the affected system. This may result in a denial-of-service condition. IBM WebSphere DataPower XC10 Appliance 2.5.0 is vulnerable. The platform enables distributed caching of data with little to no change to existing applications. A remote attacker could exploit this vulnerability to cause a denial of service
VAR-201310-0312 CVE-2013-5446 IBM WebSphere DataPower XC10 Vulnerability in console running on appliance CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 does not properly process logoff actions, which has unspecified impact and remote attack vectors. IBM WebSphere DataPower XC10 Appliance is prone to an unspecified security vulnerability. Limited information is currently available regarding this issue. We will update this BID as more information emerges. IBM WebSphere DataPower XC10 Appliance 2.1.0 and 2.5.0 are vulnerable. The platform enables distributed caching of data with little to no change to existing applications. An unauthorized attacker could exploit this vulnerability to perform administrator actions
VAR-201310-0460 CVE-2013-4712 HDL-A and HDL2-A Series vulnerable in session management CVSS V2: 6.8
CVSS V3: -
Severity: MEDIUM
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E
VAR-201310-0669 No CVE Multiple Directory Traversal Vulnerabilities in Bluetooth U 'New Folder - Index' Module CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Bluetooth U ensures the synchronization of file transfers between devices without restricting file types. The Bluetooth U v1.2.0 iOS mobile app (Apple iOS - iPad & iPhone) has multiple local directory traversal and file inclusion vulnerabilities. Bluetooth U is a set of Bluetooth connection software. The software supports file transfer, file sharing, local file management, and more. A directory traversal vulnerability exists in the New Folder-Index module in Bluetooth U, which stems from the program's insufficient filtering of user-submitted input. A remote attacker could exploit this vulnerability by using a request with a directory traversal sequence character to retrieve arbitrary local files in the application context. There are vulnerabilities in Bluetooth U 1.2.0, other versions may also be affected. Bluetooth U is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks
VAR-201310-0525 CVE-2013-5542 Cisco Adaptive Security Appliance Service disruption in software (DoS) Vulnerabilities CVSS V2: 8.5
CVSS V3: -
Severity: HIGH
Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398. An attacker can exploit this issue to cause a denial-of-service condition. This issue is being tracked by Cisco Bug ID CSCui77398
VAR-201310-0030 CVE-2012-4115 Cisco Unified Computing System Vulnerability in obtaining critical information in fabric interconnect components CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72964. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information through man-in-the-middle attacks that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72964. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology
VAR-201310-0029 CVE-2012-4114 Cisco Unified Computing System Fabric interconnect KVM In module KVM Vulnerability to view display content CVSS V2: 5.8
CVSS V3: -
Severity: MEDIUM
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network or modify this traffic by inserting packets into the client-server data stream, aka Bug ID CSCtr72949. Cisco Unified Computing System is prone to an information-disclosure vulnerability. Attackers can exploit this issue to perform a man-in-the-middle attack and gain access or modify video stream. Successful exploits will lead to other attacks. This issue is being tracked by Cisco Bug ID CSCtr72949. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology. The vulnerability is caused by the fact that the video data sent by KVM is not encrypted
VAR-201310-0031 CVE-2012-4116 Cisco Unified Computing System Vulnerability in obtaining critical information in fabric interconnect components CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970. Cisco Unified Computing System is prone to a remote information-disclosure vulnerability. Successful exploits may allow an attacker to obtain sensitive information that may lead to further attacks. This issue is tracked by Cisco Bug ID CSCtr72970. The system integrates network, computing and virtualization resources into one platform by extensively adopting virtualization technology