VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202206-0800 CVE-2022-30711 Google  of  Android  Input verification vulnerability in CVSS V2: 9.4
CVSS V3: 9.1
Severity: CRITICAL
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Google of Android There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Samsung FeedsInfo is a system component of Samsung mobile devices. An elevation of privilege vulnerability exists in Samsung FeedsInfo
VAR-202206-0776 CVE-2022-30726 Samsung mobile SecSettingsIntelligence Unprotected Component Vulnerability CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. Samsung mobile is a mobile phone produced by the South Korean company Samsung. There is an unprotected component vulnerability in Samsung mobile SecSettingsIntelligence. The vulnerability is caused by the existence of unprotected components in DeviceSearchTrampoline
VAR-202206-0615 CVE-2022-30717 Google  of  Android  Vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. Google of Android Exists in unspecified vulnerabilities.Information may be tampered with. Samsung mobile is a mobile phone of South Korea's Samsung (Samsung) company. Samsung mobile AR Emoji has a design flaw
VAR-202206-0482 CVE-2022-30722 Google  of  Android  Vulnerability in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung Account is a mobile account feature for Samsung mobile devices
VAR-202206-0614 CVE-2022-30713 Google  of  Android  Input verification vulnerability in CVSS V2: 9.4
CVSS V3: 9.1
Severity: CRITICAL
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Google of Android There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Samsung LSOItemData is a system component of Samsung mobile devices. An elevation of privilege vulnerability exists in Samsung LSOItemData
VAR-202206-0644 CVE-2021-35531 Hitachi Energy TXpert Hub CoreTec 4 Operating system command injection vulnerability CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1
VAR-202206-0579 CVE-2022-30725 Google  of  Android  Vulnerability in handling exceptional conditions in CVSS V2: 3.3
CVSS V3: 4.3
Severity: MEDIUM
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. Google of Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung mobile Bluetooth is a Bluetooth device on Samsung mobile phones. There is an information disclosure vulnerability in Samsung mobile Bluetooth
VAR-202206-0676 CVE-2022-30714 Google  of  Android  Vulnerability in leaking resources to the wrong area in CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Google of Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea. An information disclosure vulnerability exists in Samsung mobile SemIWCMonitor, which is caused by a misconfiguration of the network system or product during operation
VAR-202206-0601 CVE-2020-36535 MINMAX SQL Injection Vulnerability CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. minmax for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. MINMAX is a high power density 10W DC-DC converter for space critical applications from MINMAX Corporation of China
VAR-202206-0580 CVE-2022-30749 Samsung mobile Authorization problem vulnerability CVSS V2: 4.6
CVSS V3: 7.8
Severity: HIGH
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity
VAR-202206-0820 CVE-2022-30710 Google  of  Android  Input verification vulnerability in CVSS V2: 9.4
CVSS V3: 9.1
Severity: CRITICAL
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. Google of Android There is an input validation vulnerability in.Information may be obtained and information may be tampered with. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea. A privilege escalation vulnerability exists in Samsung mobile RemoteViews that stems from incorrect authentication in RemoteViews
VAR-202206-0678 CVE-2022-30728 Samsung mobile ScanPool Information Disclosure Vulnerability (CNVD-2022-67279) CVSS V2: 2.1
CVSS V3: 3.3
Severity: LOW
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. Samsung mobile is a mobile phone from Samsung (Samsung) in South Korea. An information disclosure vulnerability exists in Samsung mobile ScanPool, which arises from a misconfiguration of the network system or product during operation
VAR-202206-0548 CVE-2022-30719 Google  of  Android  Input verification vulnerability in CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Google of Android There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Samsung mobile devices are a series of mobile products of the South Korean company Samsung (Samsung)
VAR-202206-0578 CVE-2022-30721 Google  of  Android  Input verification vulnerability in CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. Google of Android There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Samsung mobile is a mobile phone of South Korea's Samsung (Samsung) company
VAR-202206-0211 CVE-2022-21762 Google  of  Android  Integer overflow vulnerability in CVSS V2: 4.9
CVSS V3: 4.4
Severity: MEDIUM
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. Google of Android Exists in an integer overflow vulnerability.Service operation interruption (DoS) It may be in a state. MediaTek Inc. is the world's fourth-largest foundry semiconductor company. It is in a leading position in the markets of mobile terminals, smart home applications, wireless connection technology and Internet of Things products, with approximately 1.5 billion units a year End products with built-in MediaTek chips are available all over the world. The vulnerability is caused by the fact that the apusys driver does not properly verify data boundaries when performing operations on memory
VAR-202206-0427 CVE-2021-35118 Qualcomm Buffer error vulnerability CVSS V2: 4.6
CVSS V3: 6.7
Severity: MEDIUM
An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
VAR-202206-0351 CVE-2022-21745 Google  of  Android  Vulnerability in using free memory in CVSS V2: 8.3
CVSS V3: 8.8
Severity: HIGH
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. Google of Android Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202206-0455 CVE-2021-35119 Qualcomm Buffer error vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
VAR-202206-0648 CVE-2022-31028 Minio Inc.  of  Minio  Resource exhaustion vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. Minio Inc. of Minio Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202206-0650 CVE-2022-32204 Huawei  of  cv81-wdm  Firmware vulnerabilities CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. Huawei of cv81-wdm There are unspecified vulnerabilities in the firmware.Service operation interruption (DoS) It may be in a state. Huawei CV81-WDM FW is a laser multifunction printer produced by Huawei, China. There is a security vulnerability in Huawei CV81-WDM FW 01.70.49.29.46