VARIoT IoT vulnerabilities database
| VAR-202110-1389 | CVE-2021-22452 | HarmonyOS Input verification vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address
| VAR-202110-1363 | CVE-2021-22401 | Huawei Vulnerabilities in smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202110-1362 | CVE-2021-22404 | Huawei Path Traversal Vulnerability in Smartphones |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have a path traversal vulnerability.Information may be obtained
| VAR-202110-1361 | CVE-2021-22405 | Huawei Vulnerabilities in smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. Huawei Smartphones have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202110-1246 | CVE-2021-22453 | HarmonyOS Out-of-bounds read vulnerability in |
CVSS V2: 2.1 CVSS V3: 3.3 Severity: LOW |
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. HarmonyOS Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202110-1059 | CVE-2021-22278 | PCM600 Update Manager Vulnerability in Certificate Verification |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed
| VAR-202110-1484 | CVE-2021-36992 | Huawei Vulnerabilities in smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained
| VAR-202110-1248 | CVE-2021-29713 | IBM Jazz Team Cross-site scripting vulnerability in server products |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Provides basic services that enable a set of tools to work together as a single logical server, and include any number of Jazz Team Server Extensions that provide tool-specific functions. Attackers can use this vulnerability to cause credential leakage
| VAR-202110-1247 | CVE-2021-29774 | IBM Jazz Team Vulnerabilities in server products |
CVSS V2: 6.0 CVSS V3: 7.5 Severity: HIGH |
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. Vendors may IBM X-Force ID: 203025 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202110-1505 | CVE-2021-29786 | IBM Jazz Team Server Vulnerability in plaintext storage of important information in |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. Vendors may IBM X-Force ID: 203172 It is published as.Information may be obtained. Provides basic services that enable a set of tools to work together as a single logical server, and include any number of Jazz Team Server Extensions that provide tool-specific functions. An authenticated attacker can use the vulnerability to read these credentials
| VAR-202110-1242 | CVE-2021-29673 | IBM Jazz Team Cross-site scripting vulnerability in server products |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199482. Vendors may IBM X-Force ID: 199482 It is published as.Information may be obtained and information may be tampered with
| VAR-202110-1065 | CVE-2021-34762 | Cisco Firepower Management Center Software Past traversal vulnerability in |
CVSS V2: 5.5 CVSS V3: 8.1 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to perform a directory traversal attack on an affected device. The attacker would require valid device credentials. The vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTPS request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to read or write arbitrary files on the device
| VAR-202110-1796 | CVE-2021-34704 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software In HTTP Request Smuggling Vulnerability |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. The platform provides features such as highly secure access to data and network resources
| VAR-202110-1763 | CVE-2021-1573 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software In HTTP Request Smuggling Vulnerability |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a malicious HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. The platform provides features such as highly secure access to data and network resources
| VAR-202110-1402 | CVE-2021-40125 | Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software Resource exhaustion vulnerability in |
CVSS V2: 6.3 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. This vulnerability is due to improper control of a resource. An attacker with the ability to spoof a trusted IKEv2 site-to-site VPN peer and in possession of valid IKEv2 credentials for that peer could exploit this vulnerability by sending malformed, authenticated IKEv2 messages to an affected device. A successful exploit could allow the attacker to trigger a reload of the device
| VAR-202110-1395 | CVE-2021-34781 | Cisco Firepower Threat Defense Software Vulnerability in handling exceptional conditions in |
CVSS V2: 7.1 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to a lack of proper error handling when an SSH session fails to be established. An attacker could exploit this vulnerability by sending a high rate of crafted SSH connections to the instance. A successful exploit could allow the attacker to cause resource exhaustion, which causes a DoS condition on the affected device. The device must be manually reloaded to recover
| VAR-202110-1394 | CVE-2021-34783 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Input verification vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the software-based SSL/TLS message handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient validation of SSL/TLS messages when the device performs software-based SSL/TLS decryption. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: Datagram TLS (DTLS) messages cannot be used to exploit this vulnerability
| VAR-202110-1393 | CVE-2021-34790 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming
| VAR-202110-1392 | CVE-2021-34791 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Input verification vulnerability in |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Multiple vulnerabilities in the Application Level Gateway (ALG) for the Network Address Translation (NAT) feature of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the ALG and open unauthorized connections with a host located behind the ALG. For more information about these vulnerabilities, see the Details section of this advisory. Note: These vulnerabilities have been publicly discussed as NAT Slipstreaming
| VAR-202110-1377 | CVE-2021-34792 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource exhaustion vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A vulnerability in the memory management of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper resource management when connection rates are high. An attacker could exploit this vulnerability by opening a significant number of connections on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. The platform provides features such as highly secure access to data and network resources