VARIoT IoT vulnerabilities database

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclose sensitive information from DB tables via crafted requests. Fortinet FortiWLM for, SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. FortiWLMTM is a wireless manager. FortiWLMTM versions 8.6.1 and below have a security vulnerability that could allow an unauthenticated user to pollute database data and extract sensitive information via crafted HTTP requests to send to alerts and device handlers

Multiple improper neutralization of special elements used in a command vulnerabilities [CWE-77] in FortiWeb management interface 6.4.1 and below, 6.3.15 and below, 6.2.5 and below may allow an authenticated attacker to execute unauthorized code or commands via crafted parameters of HTTP requests. FortiWeb The management interface includes OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content

A uncontrolled resource consumption in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows an unauthenticated attacker to make the httpsd daemon unresponsive via huge HTTP packets. Fortinet FortiWeb Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler. Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

A relative path traversal [CWE-23] vulnerabiltiy in FortiOS versions 7.0.0 and 7.0.1 and FortiProxy verison 7.0.0 may allow an unauthenticated, unauthorized attacker to inject path traversal character sequences to disclose sensitive information of the server via the GET request of the login page. FortiOS and FortiProxy Exists in a past traversal vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and reach external or protected hosts via redirection handlers. Fortinet FortiWeb Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage. Fortinet FortiWeb Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

An improper access control vulnerability [CWE-284] in FortiOS autod daemon 7.0.0, 6.4.6 and below, 6.2.9 and below, 6.0.12 and below and FortiProxy 2.0.1 and below, 1.2.9 and below may allow an authenticated low-privileged attacker to escalate their privileges to super_admin via a specific crafted configuration of fabric automation CLI script and auto-script features. FortiOS autod daemon and FortiProxy Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device and trigger it via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated attacker to perform stored cross-site scripting (XSS) by storing a malicious payload

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests. Fortinet FortiWLM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. FortiWLMTM is a wireless manager. FortiWLM 8.6.1 and below have a security vulnerability that could allow an authenticated user to perform an XSS attack via a crafted HTTP GET request

A exposure of sensitive information to an unauthorized actor in Fortinet FortiAuthenticator version 6.4.0, version 6.3.2 and below, version 6.2.1 and below, version 6.1.2 and below, version 6.0.7 to 6.0.1 allows attacker to duplicate a target LDAP user 2 factors authentication token via crafted HTTP requests. Fortinet FortiAuthenticator There is a vulnerability related to information leakage.Information may be obtained

An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. Android Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Samsung FilterProvider is a system app for Samsung mobile devices. Samsung FilterProvider has a privilege escalation vulnerability, which is caused by the lack of correct validation logic in FilterProvider. An attacker could exploit this vulnerability to escalate privileges

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. Android Exists in a permission management vulnerability.Information may be obtained. Samsung lock screen is a feature of Samsung mobile devices. An information disclosure vulnerability exists in the Samsung lock screen

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Android Exists in a vulnerability related to the leakage of resources to the wrong area.Information may be obtained. Samsung SemRewardManager is an application for Samsung mobile devices. Samsung SemRewardManager has an information disclosure vulnerability. Attackers can exploit this vulnerability to access BSSID

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Android Exists in a vulnerability in handling exceptional conditions.Information may be obtained. Samsung RRC MeasurementReport is a radio resource control protocol measurement report for Samsung mobile devices. The vulnerability is caused by the lack of correct RRC security variable checks in the Exynos baseband. Attackers can use this vulnerability to track location

An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. Android Exists in unspecified vulnerabilities.Information may be obtained. Samsung Tags is a tagging feature for Samsung mobile devices. An attacker can exploit this vulnerability to access sensitive information

In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.). WSO2 Identity Server Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Identity Server (IS) is an identity authentication server of WSO2 company in the United States. There is a security vulnerability in WSO2 Identity Server. (recoverpassword. No detailed vulnerability details are currently provided

A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a wireless adapter specific spoofed authentication frames. TP-Link AX10v1 Exists in a vulnerability related to the leakage of resources to the wrong area.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from China's Tp-link company

An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary undetectable proxy to bypass firewall rules. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. plural SonicWALL Appliances contain an external controllable reference vulnerability to other space resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States

An issue was discovered in Couchbase Sync Gateway 2.7.0 through 2.8.2. The bucket credentials used to read and write data in Couchbase Server were insecurely being stored in the metadata within sync documents written to the bucket. Users with read access could use these credentials to obtain write access. (This issue does not affect clusters where Sync Gateway is authenticated with X.509 client certificates. This issue also does not affect clusters where shared bucket access is not enabled on Sync Gateway.). Couchbase Sync Gateway There is a vulnerability related to information leakage.Information may be obtained and information may be tampered with. Couchbase Sync Gateway is a secure Web gateway for data access and data synchronization via the Web from Couchbase Corporation of the United States