VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202402-1982 CVE-2023-32330 IBM  of  Security Verify Access  Certificate validation vulnerabilities in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977. (DoS) It may be in a state
VAR-202402-1514 CVE-2023-32328 IBM  of  Security Verify Access  Vulnerability in plaintext transmission of important information in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure protocols in some instances that could allow an attacker on the network to take control of the server. IBM X-Force Id: 254957. IBM of Security Verify Access Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-0523 CVE-2024-22012 Google  of  Android  Out-of-bounds write vulnerability in CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone made by the American company Google. Google Pixel has a buffer overflow vulnerability caused by a lack of bounds checking. An attacker could exploit this vulnerability to escalate privileges
VAR-202402-1245 CVE-2023-33069 Classic buffer overflow vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption in Audio while processing the calibration data returned from ACDB loader. 9206 lte modem firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-1352 CVE-2023-33068 Classic buffer overflow vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption in Audio while processing IIR config data from AFE calibration block. 9206 lte modem firmware, AQT1000 firmware, AR8035 Multiple Qualcomm products such as firmware have a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-1418 CVE-2023-33067 Out-of-bounds write vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. 9206 lte modem firmware, AQT1000 firmware, AR8035 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-1427 CVE-2023-33065 Out-of-bounds read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.1
Severity: HIGH
Information disclosure in Audio while accessing AVCS services from ADSP payload. AQT1000 firmware, AR8035 firmware, c-v2x 9150 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
VAR-202402-1471 CVE-2023-33064 Out-of-bounds read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Transient DOS in Audio when invoking callback function of ASM driver. AQT1000 firmware, AR8035 firmware, c-v2x 9150 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202402-1457 CVE-2024-20825 Samsung's  Galaxy Store  Vulnerability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained
VAR-202402-1489 CVE-2024-20824 Samsung's  Galaxy Store  Vulnerability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained
VAR-202402-1488 CVE-2024-20823 Samsung's  Galaxy Store  Vulnerability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained
VAR-202402-1475 CVE-2024-20822 Samsung's  Galaxy Store  Vulnerability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. Samsung's Galaxy Store Exists in unspecified vulnerabilities.Information may be obtained
VAR-202402-0736 CVE-2024-20827 Samsung's  Gallery  Vulnerability in CVSS V2: -
CVSS V3: 4.6
Severity: MEDIUM
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Samsung's Gallery Exists in unspecified vulnerabilities.Information may be obtained
VAR-202402-0226 CVE-2024-20004 media tech's  NR15  Input verification vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state
VAR-202402-0826 CVE-2024-24543 Shenzhen Tenda Technology Co.,Ltd.  of  AC9  Out-of-bounds write vulnerability in firmware CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. Shenzhen Tenda Technology Co.,Ltd. of AC9 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202402-0244 CVE-2024-20003 media tech's  NR15  Input verification vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). media tech's NR15 There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state
VAR-202402-0305 CVE-2023-31004 IBM  of  Security Verify Access  and  Security Verify Access Docker  Man-in-the-middle vulnerability in CVSS V2: -
CVSS V3: 9.0
Severity: CRITICAL
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a remote attacker to gain access to the underlying system using man in the middle techniques. IBM X-Force ID: 254765. (DoS) It may be in a state
VAR-202402-0149 CVE-2023-32329 IBM  of  Security Verify Access  and  Security Verify Access Docker  Inadequate validation of data reliability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a user to download files from an incorrect repository due to improper file validation. IBM X-Force ID: 254972
VAR-202402-0283 CVE-2023-30999 IBM  of  Security Verify Access  and  Security Verify Access Docker  Resource exhaustion vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651
VAR-202402-0187 CVE-2023-32327 IBM  of  Security Verify Access  and  Security Verify Access Docker  In  XML  External entity vulnerabilities CVSS V2: -
CVSS V3: 7.1
Severity: HIGH
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 254783