VARIoT IoT vulnerabilities database

Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7.0.3 and 7.2.0 may allow an authenticated attacker to inject HTML tags via input fields of various components within FortiSOAR. fortinet's FortiSOAR Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.

Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. fortinet's FortiADC There is an input validation vulnerability in.Information may be obtained

Infinova, founded in 1993, takes smart security as its core. It is a smart city, smart home solution provider and operation service provider, providing smart security, smart city, smart home, big data and Internet operation services for the world. Infinova HD Network Mini Dome has a weak password vulnerability. Attackers can log in to the system background through the default password to obtain sensitive information.

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A Firewall Rule which allows all incoming TCP connections to all programs from any source and to all ports is created in Windows Firewall after Zabbix agent installation (MSI). Microsoft's Windows Firewall Unspecified vulnerabilities exist in products from multiple vendors.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-222166527. Google of Android Exists in a vulnerability related to the use of freed memory.Information may be obtained. Google Pixel is a smartphone of Google (Google). A remote attacker could exploit this vulnerability to cause a denial of service (disk consumption and massive notifications) with a series of requests with malformed parameters

Infinova is the world's leading manufacturer of electronic security products and provider of industry solutions. VH121-A2 of Shenzhen Infinitor Technology Co., Ltd. has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, including firmware, contain vulnerabilities related to array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

In ProtocolSimBuilder::BuildSimUpdatePb3gEntry of protocolsimbuilder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241388774References: N/A. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). Google Pixel has a buffer overflow vulnerability. An attacker can exploit this vulnerability to remotely execute arbitrary code

In HexString2Value of util.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-241231403References: N/A. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smart phone of Google (Google). Google Pixel has a buffer overflow vulnerability. Attackers can use this vulnerability to execute unauthorized instructions, obtain system privileges, and then perform various illegal operations

In Pixel cellular firmware, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239239246References: N/A. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smart phone of Google (Google). Google Pixel has a buffer error vulnerability. A remote attacker could exploit this vulnerability to obtain sensitive information

Franklin Fueling System FFS Colibri 1.9.22.8925 is affected by: File system overwrite. The impact is: File system rewrite (remote). ¶¶ An attacker can overwrite system files like [system.conf] and [passwd], this occurs because the insecure usage of "fopen" system function with the mode "wb" which allows overwriting file if exists. Overwriting files such as passwd, allows an attacker to escalate his privileges by planting backdoor user with root privilege or change root password

Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message

In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242. Google of Android Exists in observable mismatch vulnerabilities.Information may be obtained. Google Pixel is a smartphone made by the American company Google. Google Pixel has security flaw. An attacker can exploit this vulnerability to cause information leakage

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions

The multi-screen collaboration module has a path traversal vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. EMUI and HarmonyOS Exists in a past traversal vulnerability.Information may be obtained

The HAware module has a function logic error. Successful exploitation of this vulnerability will affect the account removal function in Settings. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Information may be tampered with

The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained

The Wi-Fi module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of HarmonyOS and EMUI Exists in unspecified vulnerabilities.Information may be obtained