VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202209-0226 CVE-2022-38978 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
VAR-202209-0256 CVE-2022-38996 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0201 CVE-2022-38990 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0431 CVE-2022-38995 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
VAR-202209-0254 CVE-2022-39004 plural  Huawei  Vulnerability related to lack of freeing memory after expiration in product CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The MPTCP module has the memory leak vulnerability. Successful exploitation of this vulnerability can cause memory leaks. Huawei of EMUI , HarmonyOS , Magic UI Contains a vulnerability regarding the lack of free memory after expiration.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
VAR-202209-0199 CVE-2022-39008 Huawei  of  EMUI  and  HarmonyOS  Untrusted Data Deserialization Vulnerability in CVSS V2: -
CVSS V3: 9.1
Severity: CRITICAL
The NFC module has bundle serialization/deserialization vulnerabilities. Successful exploitation of this vulnerability may cause third-party apps to read and write files that are accessible only to system apps. Huawei of EMUI and HarmonyOS There is a vulnerability in deserialization of untrusted data.Information may be obtained and information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS versions prior to 2.0 have a security vulnerability
VAR-202209-0123 CVE-2022-38987 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0172 CVE-2022-38994 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0452 CVE-2022-38991 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0368 CVE-2022-39010 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained
VAR-202209-0453 CVE-2021-40017 Huawei  of  EMUI  and  HarmonyOS  Input verification vulnerability in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The HW_KEYMASTER module lacks the validity check of the key format. Successful exploitation of this vulnerability may result in out-of-bounds memory access. Huawei of EMUI and HarmonyOS There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a buffer overflow vulnerability in HarmonyOS 2.0
VAR-202209-0278 CVE-2021-46836 Huawei  of  EMUI  and  HarmonyOS  Vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Implementation of the WLAN module interfaces has the information disclosure vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0
VAR-202209-0253 CVE-2022-39000 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system
VAR-202209-0121 CVE-2022-38993 plural  Huawei  Product vulnerabilities CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a configuration flaw
VAR-202209-0229 CVE-2022-34378 Dell's  emc powerscale onefs  Past traversal vulnerability in CVSS V2: -
CVSS V3: 5.5
Severity: MEDIUM
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. Dell's emc powerscale onefs Exists in a past traversal vulnerability.Service operation interruption (DoS) It may be in a state. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS
VAR-202209-0080 CVE-2022-34382 Vulnerabilities in multiple Dell products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. (DoS) It may be in a state
VAR-202209-0100 CVE-2022-25680 Qualcomm's  MSM8996AU  Classic buffer overflow vulnerability in firmware CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto. Qualcomm's MSM8996AU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202209-0228 CVE-2022-34369 Dell's  emc powerscale onefs  Vulnerability regarding information leakage from log files in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS
VAR-202209-0115 CVE-2022-34371 Dell's  emc powerscale onefs  Vulnerability regarding insufficient protection of authentication information in CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. Dell's emc powerscale onefs There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerScale OneFS is an operating system of Dell (Dell). Offers the PowerScale OneFS operating system for scale-out NAS
VAR-202209-0112 CVE-2022-37435 Apache Software Foundation  of  ShenYu  Vulnerability in improper permission assignment for critical resources in CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. Apache Software Foundation of ShenYu Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state