VARIoT IoT vulnerabilities database

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges to the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system

A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. FortiWAN Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Linux version 7.0.2 and below, 6.4.7 and below and 6.2.9 and below may allow an unauthenticated attacker to access the confighandler webserver via external binaries. Linux for FortiClient There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiClient is a structural agent of Fortinet Corporation in the United States. Used to provide protection, compliance and secure access in a single modular lightweight client

IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance. IBM MQ Appliance Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in a fraudulent authentication vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability. This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products. An attacker could exploit this vulnerability to cause unauthorized access

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. Linux for FortiClient Contains a vulnerability in improper permission assignment for critical resources.Information may be obtained

Connected Components Workbench (v13.00.00 and prior), ISaGRAF Workbench (v6.0 though v6.6.9), and Safety Instrumented System Workstation (v1.2 and prior (for Trusted Controllers)) do not limit the objects that can be deserialized. This allows attackers to craft a malicious serialized object that, if opened by a local user in Connected Components Workbench, may result in arbitrary code execution. This vulnerability requires user interaction to be successfully exploited. Rockwell Automation Provided by ISaGRAF Deserialization of untrusted data ( CWE-502 , CVE-2022-1118 ) Is vulnerable.By opening a specially crafted, malicious file, an attacker may be able to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the handling of CCWARC files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process

The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Rockwell Automation Connected Components Workbench. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of ccwsln files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.

Alt-N MDaemon Security Gateway through 8.5.0 allows SecurityGateway.dll?view=login XML Injection. MDaemon Technologies of securitygateway Blinds XPath There is an injection vulnerability.Information may be obtained

The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles. An attacker could exploit this vulnerability to cause unauthorized access

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The Huawei HarmonyOS DFX module has a reuse-after-free vulnerability. This vulnerability stems from the confusion of the instructions responsible for releasing memory in the DFX module

The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings.Secure data.Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has an authorization issue vulnerability. An attacker could exploit this vulnerability to bypass web authentication and gain administrative access to the device

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS There is an authentication vulnerability in.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. An attacker could exploit this vulnerability to bypass web authentication and gain administrative access to the device

The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity. Huawei of EMUI , HarmonyOS , Magic UI Exists in a permission management vulnerability.Information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

The Wi-Fi module has an event notification vulnerability.Successful exploitation of this vulnerability may allow third-party applications to intercept event notifications and add information and result in elevation-of-privilege. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a privilege escalation vulnerability in the Huawei HarmonyOS WIFI module. The vulnerability stems from an erroneous program calling a high-level native procedure. An attacker could exploit this vulnerability for privilege escalation

The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability. Huawei of EMUI and HarmonyOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. This vulnerability stems from the failure to properly process the input error message, and an attacker can exploit this vulnerability to cause a denial of service for the application

IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487. IBM MQ Appliance contains an observable mismatch vulnerability. Vendors may IBM X-Force ID: 220487 It is published as.Information may be obtained. IBM MQ Appliance is an all-in-one device used by IBM in the United States for rapid deployment of enterprise-level messaging middleware

The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability. Huawei of EMUI , HarmonyOS , Magic UI contains a vulnerability related to insufficient data integrity verification.Information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system