VARIoT IoT vulnerabilities database
| VAR-202302-0051 | CVE-2023-22657 | F5OS-A and F5OS-C Command injection vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5OS-A and F5OS-C Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-0083 | CVE-2023-22422 | BIG-IP Classic buffer overflow vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202302-0113 | CVE-2023-23555 | BIG-IP Virtual Edition and BIG-IP SPK Initialization vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Virtual Edition and BIG-IP SPK Has an initialization vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202302-0011 | CVE-2023-22839 | BIG-IP In NULL Pointer dereference vulnerability |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state
| VAR-202302-0030 | CVE-2023-23692 | Dell EMC DDOS In OS Command injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. (DoS) It may be in a state
| VAR-202302-0029 | CVE-2023-22374 | BIG-IP Format string vulnerability in |
CVSS V2: - CVSS V3: 8.5 Severity: HIGH |
A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Exists in a format string vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-0021 | CVE-2022-45102 | Dell EMC Data Protection Central Encoding and escaping vulnerabilities in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections
| VAR-202302-0089 | CVE-2022-46679 | Dell PowerScale OneFS Vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. Dell PowerScale OneFS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202302-0396 | CVE-2022-31364 | Cypress Bluetooth Mesh SDK Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. (DoS) It may be in a state
| VAR-202302-0049 | CVE-2022-31363 | Cypress Bluetooth Mesh SDK Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. (DoS) It may be in a state
| VAR-202302-0004 | CVE-2022-30904 | Bestechnic Bluetooth Mesh SDK Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.2 Severity: HIGH |
In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. Bestechnic Bluetooth Mesh SDK (BES2300) Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-0008 | CVE-2023-22283 | Windows for BIG-IP Edge Client Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. (DoS) It may be in a state
| VAR-202302-0088 | CVE-2022-46756 | Dell VxRail Vulnerability in leaking resources to the wrong area in |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker. Dell VxRail Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-0105 | CVE-2022-34398 | plural Dell In the product Time-of-check Time-of-use (TOCTOU) Race condition vulnerabilities |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. plural Dell The product has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202302-0103 | CVE-2023-22302 | BIG-IP Vulnerability regarding lack of resource release after valid lifetime in |
CVSS V2: - CVSS V3: 5.9 Severity: MEDIUM |
In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Contains a vulnerability regarding the lack of resource release after a valid lifetime.Service operation interruption (DoS) It may be in a state
| VAR-202302-0041 | CVE-2023-23552 | BIG-IP Advanced WAF and BIG-IP ASM Resource exhaustion vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Advanced WAF and BIG-IP ASM Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202302-0010 | CVE-2023-22418 | BIG-IP APM Open redirect vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
| VAR-202302-0036 | CVE-2022-34443 | Dell Rugged Control Center Input verification vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. (DoS) It may be in a state
| VAR-202302-0123 | CVE-2023-22842 | BIG-IP Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Exists in an out-of-bounds write vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202302-0052 | CVE-2023-22572 | Dell PowerScale OneFS Vulnerability regarding information leakage from log files in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. (DoS) It may be in a state