VARIoT IoT vulnerabilities database

Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. (DoS) It may be in a state

Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. plural Intel(R) NUC The product contains a vulnerability related to out-of-bounds writes.Service operation interruption (DoS) It may be in a state

Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi

A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Citrix ADC Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication. Citrix ADC Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be in a state

Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. Dell EMC Avamar There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Rust: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #870166, #831638, #821157, #807052, #782367 ID: 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service. Background ========= A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/rust < 1.63.0-r1 >= 1.63.0-r1 2 dev-lang/rust-bin < 1.64.0 >= 1.64.0 Description ========== Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Rust users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-1.63.0-r1" All Rust binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-bin-1.64.0" In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set: # emerge --ask --oneshot --verbose @rust-rebuild References ========= [ 1 ] CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 [ 2 ] CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 [ 3 ] CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 [ 4 ] CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 [ 5 ] CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 [ 6 ] CVE-2021-29922 https://nvd.nist.gov/vuln/detail/CVE-2021-29922 [ 7 ] CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 [ 8 ] CVE-2021-36317 https://nvd.nist.gov/vuln/detail/CVE-2021-36317 [ 9 ] CVE-2021-36318 https://nvd.nist.gov/vuln/detail/CVE-2021-36318 [ 10 ] CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 [ 11 ] CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 [ 12 ] CVE-2022-21658 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 [ 13 ] CVE-2022-36113 https://nvd.nist.gov/vuln/detail/CVE-2022-36113 [ 14 ] CVE-2022-36114 https://nvd.nist.gov/vuln/detail/CVE-2022-36114 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. Dell EMC Avamar Server There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Rust: Multiple Vulnerabilities Date: October 16, 2022 Bugs: #870166, #831638, #821157, #807052, #782367 ID: 202210-09 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service. Background ========= A systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-lang/rust < 1.63.0-r1 >= 1.63.0-r1 2 dev-lang/rust-bin < 1.64.0 >= 1.64.0 Description ========== Multiple vulnerabilities have been discovered in Rust. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Rust users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-1.63.0-r1" All Rust binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">\xdev-lang/rust-bin-1.64.0" In addition, users using Portage 3.0.38 or later should ensure that packages with Rust binaries have no vulnerable code statically linked into their binaries by rebuilding the @rust-rebuild set: # emerge --ask --oneshot --verbose @rust-rebuild References ========= [ 1 ] CVE-2021-28875 https://nvd.nist.gov/vuln/detail/CVE-2021-28875 [ 2 ] CVE-2021-28876 https://nvd.nist.gov/vuln/detail/CVE-2021-28876 [ 3 ] CVE-2021-28877 https://nvd.nist.gov/vuln/detail/CVE-2021-28877 [ 4 ] CVE-2021-28878 https://nvd.nist.gov/vuln/detail/CVE-2021-28878 [ 5 ] CVE-2021-28879 https://nvd.nist.gov/vuln/detail/CVE-2021-28879 [ 6 ] CVE-2021-29922 https://nvd.nist.gov/vuln/detail/CVE-2021-29922 [ 7 ] CVE-2021-31162 https://nvd.nist.gov/vuln/detail/CVE-2021-31162 [ 8 ] CVE-2021-36317 https://nvd.nist.gov/vuln/detail/CVE-2021-36317 [ 9 ] CVE-2021-36318 https://nvd.nist.gov/vuln/detail/CVE-2021-36318 [ 10 ] CVE-2021-42574 https://nvd.nist.gov/vuln/detail/CVE-2021-42574 [ 11 ] CVE-2021-42694 https://nvd.nist.gov/vuln/detail/CVE-2021-42694 [ 12 ] CVE-2022-21658 https://nvd.nist.gov/vuln/detail/CVE-2022-21658 [ 13 ] CVE-2022-36113 https://nvd.nist.gov/vuln/detail/CVE-2022-36113 [ 14 ] CVE-2022-36114 https://nvd.nist.gov/vuln/detail/CVE-2022-36114 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202210-09 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability, leading to the disclosure of the AUI info and performing some unauthorized operation on the AUI. (DoS) It may be in a state

Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access. Windows for Intel(R) Administrative Tools for Intel(R) Network Adapters Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Ethernet Controllers is an Ethernet controller of Intel Corporation of the United States

Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel Ethernet Adapters 800 is an Ethernet adapter produced by Intel Corporation of the United States

Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Serial IO driver for Intel(R) NUC 11 Gen Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) VTune(TM) Profiler There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel VTune Profiler is a performance testing tool used by Intel Corporation to optimize software. The software can perform performance tests on embedded applications of the Internet of Things, media software, Java applications, and high-performance computing applications. Intel VTune Profiler has a security vulnerability that allows local users to upgrade privileges on the system

Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) oneAPI Rendering Toolkit There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. Intel(R) Distribution of OpenVINO Toolkit Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Intel Distribution of OpenVINO(TM) Toolkit is an application and solution developed by Intel Corporation of the United States that uses deep learning intelligence. Based on convolutional neural networks (CNNs), the toolkit scales workloads across Intel® hardware, including accelerators, and maximizes performance

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) Processor There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Xeon Scalable Processors are all products of Intel Corporation of the United States. Intel Xeon Scalable Processors are a scalable server central processing unit (CPU). Intel Core X-series Processors are an X-series central processing unit (CPU). Intel Xeon Processor E3 v6 Family is a central processing unit (CPU) product

Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. (DoS) It may be in a state. Intel Crypto Api Toolkit is an encryption Api toolkit of Intel Corporation. Interfaces for securely running key generation and cryptographic operations to enhance the security of data and key protection applications. Intel is releasing software updates to mitigate this potential vulnerability

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. plural Intel(R) Processor Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Xeon Scalable Processors are all products of Intel Corporation of the United States. Intel Xeon Scalable Processors are a scalable server central processing unit (CPU). Intel Core X-series Processors are an X-series central processing unit (CPU). Intel Xeon Processor E3 v6 Family is a central processing unit (CPU) product

Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel Ethernet Diagnostic is a network adapter management tool of Intel Corporation

Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Thunderbolt(TM) non-DCH Driver contains improper default permissions vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state