VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202208-0172 CVE-2022-33939 CENTUM  controller  FCS  Inadequate processing of communication packets in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. This vulnerability information is provided by the developer for the purpose of dissemination to product users
VAR-202208-0354 CVE-2022-36967 Progress Software Corporation  of  ipswitch ws ftp server  Cross-site scripting vulnerability in CVSS V2: -
CVSS V3: 6.1
Severity: MEDIUM
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator's web session. This would allow the attacker to execute code within the context of the victim's browser. There is a security vulnerability in Progress WS_FTP Server versions before 8.7.3
VAR-202208-0295 CVE-2022-23442 FortiOS  Vulnerability in CVSS V2: -
CVSS V3: 4.3
Severity: MEDIUM
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. FortiOS Exists in unspecified vulnerabilities.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam
VAR-202208-0231 CVE-2022-22299 plural  Fortinet  Product Format String Vulnerability CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. plural Fortinet The product contains a vulnerability in format strings.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Fortinet FortiOS and Fortinet FortiGate are products of Fortinet. Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Fortinet FortiGate is a network security platform. The platform provides functions such as firewall, antivirus and intrusion prevention (IPS), application control, antispam, wireless controller and WAN acceleration. Fortinet FortiGate and FortiOS have security vulnerabilities that can be exploited to run code via CLI format strings
VAR-202208-0159 CVE-2022-35919 Minio Inc.  of  Minio  Past traversal vulnerability in CVSS V2: -
CVSS V3: 2.7
Severity: LOW
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. Minio Inc. of Minio Exists in a past traversal vulnerability.Information may be obtained
VAR-202208-0142 CVE-2022-26009 TCL Technology  of  linkhub mesh wifi ac1200  Out-of-bounds write vulnerability in CVSS V2: 10.0
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TCL LinkHub Mesh Wi-Fi is a router of TCL company. The vulnerability stems from the lack of proper validation of user-provided data in the confsrv ucloud_set_node_location function. Attackers can exploit this vulnerability to execute arbitrary code on the system
VAR-202208-0176 CVE-2022-27660 TCL Technology  of  linkhub mesh wifi ac1200  Vulnerability in CVSS V2: 7.8
CVSS V3: 9.3
Severity: CRITICAL
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability
VAR-202208-0179 CVE-2022-21201 TCL Technology  of  linkhub mesh wifi ac1200  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0181 CVE-2022-23103 TCL Technology  of  linkhub mesh wifi ac1200  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0164 CVE-2022-25996 TCL Technology  of  linkhub mesh wifi ac1200  Out-of-bounds write vulnerability in CVSS V2: -
CVSS V3: 8.8
Severity: HIGH
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. TCL Technology of linkhub mesh wifi ac1200 Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0123 CVE-2022-27178 TCL Technology  of  linkhub mesh wifi ac1200  Vulnerability in CVSS V2: -
CVSS V3: 9.6
Severity: CRITICAL
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. (DoS) It may be in a state
VAR-202208-0163 CVE-2022-27630 TCL Technology  of  linkhub mesh wifi ac1200  Vulnerability regarding information leakage in CVSS V2: 7.8
CVSS V3: 6.5
Severity: MEDIUM
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. TCL LinkHub Mesh Wi-Fi is a router of TCL company
VAR-202208-0158 CVE-2022-37315 graphql-go project  of  graphql-go  Recursion control vulnerability in CVSS V2: -
CVSS V3: 7.5
Severity: HIGH
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. graphql-go project of graphql-go Exists in a recursive control vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202208-0117 CVE-2022-25668 Double release vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 9.8
Severity: CRITICAL
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, including firmware, contain a double release vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0136 CVE-2022-22059 Out-of-bounds read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. APQ8017 firmware, APQ8053 firmware, AQT1000 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0141 CVE-2022-22140 TCL LinkHub Mesh Wi-Fi Operating System Command Injection Vulnerability CVSS V2: 10.0
CVSS V3: 9.6
Severity: CRITICAL
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. (DoS) It may be in a state. TCL LinkHub Mesh Wi-Fi is a router of TCL company
VAR-202208-0197 CVE-2022-22062 Out-of-bounds read vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 9.1
Severity: CRITICAL
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. APQ8009 firmware, APQ8009W firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
VAR-202208-0410 CVE-2022-22080 Out-of-bounds write vulnerability in multiple Qualcomm products CVSS V2: -
CVSS V3: 7.8
Severity: HIGH
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. APQ8053 firmware, APQ8096AU firmware, AQT1000 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202208-0078 CVE-2022-27185 TCL Technology  of  linkhub mesh wifi ac1200  Vulnerability in CVSS V2: 7.8
CVSS V3: 9.3
Severity: CRITICAL
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. TCL LinkHub Mesh Wi-Fi is a router of TCL company
VAR-202208-0371 CVE-2022-26346 TCL Technology  of  linkhub mesh wifi ac1200  Vulnerability in CVSS V2: 8.3
CVSS V3: 9.6
Severity: CRITICAL
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. (DoS) It may be in a state