VARIoT IoT vulnerabilities database
| VAR-202206-0656 | CVE-2022-30914 | H3C of magic r100 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm. H3C of magic r100 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. H3C Magic R100 is a router from H3C company.
H3C Magic R100 has a buffer overflow vulnerability, which can be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code in the context of the application
| VAR-202206-0821 | CVE-2022-30724 | Google of Android Vulnerability in handling exceptional conditions in |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Google of Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung mobile Bluetooth is a Bluetooth device on Samsung mobile phones.
There is an information disclosure vulnerability in Samsung mobile Bluetooth. address
| VAR-202206-0820 | CVE-2022-30710 | Google of Android Input verification vulnerability in |
CVSS V2: 9.4 CVSS V3: 9.1 Severity: CRITICAL |
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Google of Android There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea.
A privilege escalation vulnerability exists in Samsung mobile RemoteViews that stems from incorrect authentication in RemoteViews
| VAR-202206-0516 | CVE-2022-22305 | Multiple Fortinet Product Trust Management Issue Vulnerability |
CVSS V2: - CVSS V3: 4.2 Severity: MEDIUM |
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the listed products and some external peers
| VAR-202206-0680 | CVE-2022-30734 | Samsung Account Information Disclosure Vulnerability (CNVD-2022-81377) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Samsung Account is a comprehensive free membership for Samsung mobile devices, Samsung services available on smartphones, tablets, websites, TVs and other devices. Attackers can exploit this vulnerability to obtain user emails or phone numbers
| VAR-202206-0615 | CVE-2022-30717 | Google of Android Vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Google of Android Exists in unspecified vulnerabilities.Information may be tampered with. Samsung mobile is a mobile phone of South Korea's Samsung (Samsung) company.
Samsung mobile AR Emoji has a design flaw
| VAR-202206-0730 | CVE-2022-30737 | Samsung Account Implicit Intent Hijacking Vulnerability (CNVD-2022-76510) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. Samsung Account is a mobile account feature for Samsung mobile devices. The vulnerability stems from not properly securing email IDs in Samsung Accounts. An attacker could exploit this vulnerability to obtain email IDs
| VAR-202206-0786 | CVE-2022-30716 | Google of Android Vulnerability in handling exceptional conditions in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. Google of Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea.
An information disclosure vulnerability exists in Samsung mobile DisplayToast
| VAR-202206-0579 | CVE-2022-30725 | Google of Android Vulnerability in handling exceptional conditions in |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Google of Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung mobile Bluetooth is a Bluetooth device on Samsung mobile phones.
There is an information disclosure vulnerability in Samsung mobile Bluetooth
| VAR-202206-0644 | CVE-2021-35531 | Hitachi Energy TXpert Hub CoreTec 4 Operating system command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.7 Severity: MEDIUM |
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1
| VAR-202206-0678 | CVE-2022-30728 | Samsung mobile ScanPool Information Disclosure Vulnerability (CNVD-2022-67279) |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea.
An information disclosure vulnerability exists in Samsung mobile ScanPool, which arises from a misconfiguration of the network system or product during operation
| VAR-202206-0578 | CVE-2022-30721 | Google of Android Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Google of Android There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Samsung mobile is a mobile phone of South Korea's Samsung (Samsung) company
| VAR-202206-0482 | CVE-2022-30722 | Google of Android Vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Account is a mobile account feature for Samsung mobile devices
| VAR-202206-0676 | CVE-2022-30714 | Google of Android Vulnerability in leaking resources to the wrong area in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Google of Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea.
An information disclosure vulnerability exists in Samsung mobile SemIWCMonitor, which is caused by a misconfiguration of the network system or product during operation
| VAR-202206-0549 | CVE-2022-30723 | Google of Android Vulnerability in handling exceptional conditions in |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Google of Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung mobile Bluetooth is a Bluetooth device on Samsung mobile phones.
Samsung mobile Bluetooth has an information disclosure vulnerability
| VAR-202206-0552 | CVE-2022-30747 | Samsung's Android for SmartThings Vulnerability regarding improper default permissions in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. Samsung's Android for SmartThings There is a vulnerability in improper default permissions.Information may be obtained. SmartThings is a powerful Samsung smart home mobile app.
There is a PendingIntent hijacking vulnerability in Samsung SmartThings versions prior to 1.7.85.25
| VAR-202206-0481 | CVE-2022-30715 | Google of Android Vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. Google of Android Exists in unspecified vulnerabilities.Information may be tampered with. Samsung mobile is a mobile phone of South Korea's Samsung (Samsung) company.
Samsung mobile DofViewer has an access control error vulnerability
| VAR-202206-0664 | CVE-2022-30727 | Samsung mobile PersonaManagerService authorization issue vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea.
An authorization issue vulnerability exists in Samsung mobile PersonaManagerService. The vulnerability stems from improper permission management in addAppPackageNameToAllowList. This vulnerability can be exploited by a local attacker to set some settings in the workspace
| VAR-202206-0431 | CVE-2022-25651 | Qualcomm Chip input verification error vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
| VAR-202206-0675 | CVE-2022-28794 | Google of Android Vulnerability in leaking resources to the wrong area in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. Google of Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea