VARIoT IoT vulnerabilities database

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Huawei Smartphones contain a vulnerability related to input validation.Service operation interruption (DoS) It may be in a state

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Huawei Smartphones contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability stems from the fact that the program does not check the message

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Huawei Smartphones contain a vulnerability related to input validation.Service operation interruption (DoS) It may be in a state

There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Huawei Smartphones are vulnerable to information disclosure.Information may be obtained

There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state

There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. Huawei Smartphones contain a vulnerability related to input validation.Service operation interruption (DoS) It may be in a state

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. Huawei Smartphones contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state

There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. Huawei Smartphones contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability stems from the fact that the program does not check the message

Shenzhen Anjoy Vision Information Technology Co., Ltd. (hereinafter referred to as: Anjoy Vision Information Technology Co., Ltd.) is a high-tech enterprise integrating R&D, production, sales and service. Shenzhen Anjia Vision Information Technology Co., Ltd. smart camera has a weak password vulnerability. Attackers can use the vulnerability to log in to the background to obtain sensitive information.

The uri-block plugin in Apache APISIX before 2.10.2 uses $request_uri without verification. The $request_uri is the full original request URI without normalization. This makes it possible to construct a URI to bypass the block list on some occasions. For instance, when the block list contains "^/internal/", a URI like `//internal/` can be used to bypass it. Some other plugins also have the same issue. And it may affect the developer's custom plugin. Apache APISIX Contains a command injection vulnerability.Information may be obtained. Apache Apisix is a cloud-native microservice API gateway service of the Apache Foundation in the United States. The software is implemented based on OpenResty and etcd, with dynamic routing and plug-in hot loading, suitable for API management under the microservice system. Apache APISIX has a security vulnerability, which stems from improper design or implementation issues in the code development process of network systems or products. No detailed vulnerability details are currently provided

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests at ‘mac_filter’ parameter to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘loc_filter’ parameter

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘firm_filter’ parameter

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities. This can be done as any authenticated user or through cross-site request forgery at ‘desc_filter’ parameter

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at '‘ord’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at 'description_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ord’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack

An exploitable SQL injection vulnerability exist in the ‘group_list’ page of the Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted HTTP request at ‘company_filter’ parameter. An attacker can make authenticated HTTP requests to trigger this vulnerability. This can be done as any authenticated user or through cross-site request forgery. Advantech R-SeeNet for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A specially-crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger this vulnerability at ‘name_filter’ parameter. However, the high privilege super-administrator account needs to be used to achieve exploitation without cross-site request forgery attack