VARIoT IoT vulnerabilities database
| VAR-202302-1328 | CVE-2023-23778 | fortinet's Fortiweb Past traversal vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized access to files and data via specifically crafted web requests. fortinet's Fortiweb Exists in a past traversal vulnerability.Information may be obtained
| VAR-202302-1205 | CVE-2022-34841 | Intel's media software development kit Buffer error vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper buffer restrictions in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's media software development kit Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1220 | CVE-2022-36398 | Intel's Battery Life Diagnostic Tool Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state
| VAR-202302-1203 | CVE-2022-34346 | Intel's media software development kit Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Out-of-bounds read in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's media software development kit Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1467 | CVE-2022-26032 | Intel's distribution for python Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.3 Severity: HIGH |
Uncontrolled search path element in the Intel(R) Distribution for Python programming language before version 2022.1 for Intel(R) oneAPI Toolkits may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's distribution for python Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1249 | CVE-2021-33104 | Intel's one boot flash update Vulnerability in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. Intel's one boot flash update Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202302-1219 | CVE-2022-30339 | Intel's integrated sensor solution Out-of-bounds read vulnerability in |
CVSS V2: - CVSS V3: 4.4 Severity: MEDIUM |
Out-of-bounds read in firmware for the Intel(R) Integrated Sensor Solution before versions 5.4.2.4579v3, 5.4.1.4479 and 5.0.0.4143 may allow a privileged user to potentially enable denial of service via local access
| VAR-202302-1463 | CVE-2022-27482 | fortinet's FortiADC In OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. fortinet's FortiADC for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1272 | CVE-2023-23779 | fortinet's Fortiweb In OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. fortinet's Fortiweb for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1374 | CVE-2022-34854 | Intel's system usage report Vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's system usage report Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1278 | CVE-2022-34157 | Intel's fpga software development kit and Quartus Prime Vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper access control in the Intel(R) FPGA SDK for OpenCL(TM) with Intel(R) Quartus(R) Prime Pro Edition software before version 22.1 may allow authenticated user to potentially enable escalation of privilege via local access. Intel's fpga software development kit and Quartus Prime Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1445 | CVE-2022-40675 | fortinet's FortiNAC and FortiNAC-F Vulnerability in |
CVSS V2: - CVSS V3: 7.4 Severity: HIGH |
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages. fortinet's FortiNAC and FortiNAC-F Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with
| VAR-202302-1380 | CVE-2023-25602 | fortinet's Fortiweb Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions 6.0.7 and earlier, FortiWeb versions 5.9.1 and earlier, FortiWeb 5.8 all versions, FortiWeb 5.7 all versions, FortiWeb 5.6 all versions allows attacker to execute unauthorized code or commands via specially crafted command arguments. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1248 | CVE-2022-36382 | Intel(R) Ethernet Controller E810 and 700 Series out-of-bounds write vulnerability |
CVSS V2: - CVSS V3: 4.4 Severity: MEDIUM |
Out-of-bounds write in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 1.7.0.8 and some Intel(R) Ethernet 700 Series Controllers and Adapters before version 9.101 may allow a privileged user to potentially enable denial of service via local access
| VAR-202302-1327 | CVE-2023-22638 | fortinet's FortiNAC Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and below, 8.5.4 and below, 8.3.7 and below may allow an authenticated attacker to perform several XSS attacks via crafted HTTP GET requests. fortinet's FortiNAC Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Fortinet FortiNAC is a network access control solution developed by Fortinet. This product is mainly used for network access control and IoT security protection
| VAR-202302-1444 | CVE-2021-42756 | fortinet's Fortiweb Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve arbitrary code execution via specifically crafted HTTP requests. fortinet's Fortiweb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1331 | CVE-2023-24238 | TOTOLINK of A7100RU Command injection vulnerability in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. TOTOLINK of A7100RU Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-1353 | CVE-2022-39954 | fortinet's FortiNAC and FortiNAC-F In XML External entity vulnerabilities |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. fortinet's FortiNAC and FortiNAC-F for, XML There is a vulnerability in an external entity.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202302-0672 | CVE-2023-22806 | ls-electric of xbc-dn32u Vulnerability in cleartext transmission of sensitive information in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
LS ELECTRIC XBC-DN32U with operating system version 01.80 transmits sensitive information in cleartext when communicating over its XGT protocol. This could allow an attacker to gain sensitive information such as user credentials. ls-electric of xbc-dn32u A vulnerability exists in the firmware regarding the transmission of sensitive information in plaintext.Information may be obtained. LS ELECTRIC XBC-DN32U is a PLC programmable logic controller produced by LS ELECTRIC in Korea
| VAR-202302-0669 | CVE-2023-0102 | ls-electric of xbc-dn32u Vulnerability related to lack of authentication for critical functions in firmware |
CVSS V2: 9.4 CVSS V3: 9.1 Severity: CRITICAL |
LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. ls-electric of xbc-dn32u Firmware has a lack of authentication vulnerability for critical functionality.Information is tampered with and service operation is interrupted (DoS) It may be in a state. LS ELECTRIC XBC-DN32U is a PLC programmable logic controller produced by LS ELECTRIC in Korea. This vulnerability is due to the lack of authentication of the delete command