VARIoT IoT vulnerabilities database

The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. EMUI and HarmonyOS Exists in an out-of-bounds read vulnerability.Information may be obtained

The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

There is an unauthorized buffer overflow vulnerability in Tenda AX12 v22.03.01.21 _ cn. This vulnerability can cause the web service not to restart or even execute arbitrary code. It is a different vulnerability from CVE-2022-2414. This vulnerability is CVE-2022-2414 Is a different vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. (DoS) It may be in a state

Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to read arbitrary files via unspecified vectors. Synology Router Manager (SRM) There is an injection vulnerability in.Information may be obtained. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology RT6600ax routers. Authentication is not required to exploit this vulnerability.The specific flaw exists within the libsynoskd library. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root

The DUBAI module has a double free vulnerability. Successful exploitation of this vulnerability may affect system availability. EMUI and HarmonyOS contains a double free vulnerability.Service operation interruption (DoS) It may be in a state

A potential security vulnerability has been identified in HPE OfficeConnect 1820, and 1850 switch series. The vulnerability could be remotely exploited to allow remote directory traversal in HPE OfficeConnect 1820 switch series version PT.02.17 and below, HPE OfficeConnect 1850 switch series version PC.01.23 and below, and HPE OfficeConnect 1850 (10G aggregator) switch version PO.01.22 and below

The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. EMUI and HarmonyOS Exists in an out-of-bounds read vulnerability.Information may be obtained

The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 10.0.0.5 and below contains an authorization bypass vulnerability, allowing users to perform actions in which they are not authorized. Dell's eVASA Provider Virtual Appliance , Solutions Enabler Virtual Appliance , Dell Unisphere for PowerMax Virtual Appliance Exists in unspecified vulnerabilities.Information may be tampered with

Integer overflow or wraparound vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to overflow buffers via unspecified vectors. (DoS) It may be in a state

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability. WebDevStudios taxonomy-switcher A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with

The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain an information disclosure vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to read arbitrary files on the underlying file system

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. plural Qualcomm The product contains an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information may be obtained

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. plural Qualcomm The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Memory corruption in display due to double free while allocating frame buffer memory. plural Qualcomm The product contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Denial of service while processing fastboot flash command on mmc due to buffer over read. plural Qualcomm The product contains an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state