VARIoT IoT vulnerabilities database
| VAR-202303-0054 | CVE-2022-45608 | ThingsBoard, Inc. of ThingsBoard Vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value). ThingsBoard, Inc. of ThingsBoard Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Thingsboard is a Java-based platform of the Thingsboard team for IOT device monitoring, management, and data collection
| VAR-202302-1860 | CVE-2022-46713 | apple's macOS Race condition vulnerabilities in |
CVSS V2: - CVSS V3: 4.7 Severity: MEDIUM |
A race condition was addressed with additional validation. This issue is fixed in macOS Ventura 13, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to modify protected parts of the file system
| VAR-202302-2151 | CVE-2022-46704 | apple's macOS Vulnerability in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to modify protected parts of the file system. apple's macOS Exists in unspecified vulnerabilities.Information may be tampered with
| VAR-202302-1951 | CVE-2022-46712 | apple's macOS Vulnerability in using free memory in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13. An app may be able to cause unexpected system termination or potentially execute code with kernel privileges. apple's macOS Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1858 | CVE-2022-32846 | apple's Android for Apple Music Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A logic issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data
| VAR-202302-2487 | No CVE | There is a weak password vulnerability in the intelligent edge node SenseNebula-M of Shanghai SenseTime Intelligent Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Shanghai SenseTime Intelligent Technology Co., Ltd. is an artificial intelligence software company.
There is a weak password vulnerability in the smart edge node SenseNebula-M of Shanghai SenseTime Intelligent Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.
| VAR-202302-1948 | CVE-2020-9846 | apple's macOS Vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may be able to access local users' Apple IDs. apple's macOS Exists in unspecified vulnerabilities.Information may be obtained
| VAR-202302-2443 | CVE-2022-48284 | Huawei of hilink ai life Vulnerability in privilege management in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. Huawei of hilink ai life Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-2117 | CVE-2022-48283 | Huawei of hilink ai life Vulnerability in privilege management in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. Huawei of hilink ai life Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1901 | CVE-2022-48261 | Huawei of bisheng-wnm Interpretation conflict vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation of this vulnerability may cause the printer service to be abnormal. Huawei of bisheng-wnm An interpretation conflict vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei BiSheng-WNM FW is a HUAWEI printer from the Chinese company Huawei
| VAR-202302-1950 | CVE-2022-42838 | apple's macOS Post-expiration or post-free resource manipulation vulnerability in |
CVSS V2: - CVSS V3: 3.3 Severity: LOW |
An issue with app access to camera data was addressed with improved logic. This issue is fixed in macOS Ventura 13. A camera extension may be able to continue receiving video after the app which activated was closed. apple's macOS contains a post-expiration or post-free resource manipulation vulnerability.Information may be obtained
| VAR-202302-2240 | CVE-2023-23531 | Vulnerabilities in multiple Apple products |
CVSS V2: - CVSS V3: 8.6 Severity: HIGH |
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. apple's iPadOS , iOS , macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1949 | CVE-2022-32836 | apple's Android for Apple Music Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
This issue was addressed with improved state management. This issue is fixed in Apple Music 3.9.10 for Android. An app may be able to access user-sensitive data
| VAR-202302-1902 | CVE-2022-48260 | Huawei of bisheng-wnm Classic buffer overflow vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a buffer overflow vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to device service exceptions. Huawei of bisheng-wnm Firmware has a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state. Huawei BiSheng-WNM FW is a HUAWEI printer from the Chinese company Huawei
| VAR-202302-1999 | CVE-2022-48305 | Huawei of simba-al00 Firmware vulnerabilities |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
There is an identity authentication bypass vulnerability in Huawei Children Smart Watch (Simba-AL00) 1.1.1.274. Successful exploitation of this vulnerability may cause the access control function of specific applications to fail. Huawei of simba-al00 There are unspecified vulnerabilities in the firmware.Information may be obtained
| VAR-202302-2489 | No CVE | Weak password vulnerability exists in TOTOLINK N300RH V4 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
TOTOLINK N300RH V4 is a wireless router.
There is a weak password vulnerability in TOTOLINK N300RH V4, which can be exploited by attackers to obtain sensitive information.
| VAR-202302-2116 | CVE-2023-23524 | Resource exhaustion vulnerability in multiple Apple products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service. iPadOS , iOS , macOS A resource exhaustion vulnerability exists in multiple Apple products.Service operation interruption (DoS) It may be in a state. tvOS 16.3.2
| VAR-202302-2044 | CVE-2023-23520 | on multiple Apple products. Time-of-check Time-of-use (TOCTOU) Race condition vulnerabilities |
CVSS V2: - CVSS V3: 5.9 Severity: MEDIUM |
A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root. apple's iPadOS , iOS , macOS for, Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information may be obtained
| VAR-202302-2046 | CVE-2022-48230 | Huawei of bisheng-wnm Interpretation conflict vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is a misinterpretation of input vulnerability in BiSheng-WNM FW 3.0.0.325. Successful exploitation could lead to DoS. Huawei of bisheng-wnm An interpretation conflict vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Huawei BiSheng-WNM FW is a HUAWEI printer from the Chinese company Huawei (Huawei).
Huawei BiSheng-WNM FW version 3.0.0.325 has a denial of service vulnerability, which can be exploited by attackers to cause denial of service
| VAR-202302-1896 | CVE-2022-45137 | plural WAGO Cross-site scripting vulnerability in the product |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
The configuration backend of the web-based management is vulnerable to reflected XSS (Cross-Site Scripting) attacks that targets the users browser. This leads to a limited impact of confidentiality and integrity but no impact of availability. 751-9301 firmware, 752-8303/8000-002 firmware, PFC100 firmware etc. WAGO A cross-site scripting vulnerability exists in the product.Information may be obtained and information may be tampered with