VARIoT IoT vulnerabilities database
| VAR-202111-0986 | CVE-2021-32600 | FortiOS Vulnerability regarding information leakage in |
CVSS V2: 2.1 CVSS V3: 3.8 Severity: LOW |
An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user assigned to a specific VDOM to retrieve other VDOMs information such as the admin account list and the network interface list. FortiOS There is a vulnerability related to information leakage.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. An attacker could exploit this vulnerability to expose sensitive information to unauthorized actors
| VAR-202109-1922 | CVE-2021-26116 | FortiAuthenticator In OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
An improper neutralization of special elements used in an OS command vulnerability in the command line interpreter of FortiAuthenticator before 6.3.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. FortiAuthenticator for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-1366 | CVE-2021-30756 | plural Apple Product vulnerabilities |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions
| VAR-202109-1365 | CVE-2021-30755 | Apple Buffer error vulnerabilities in multiple products |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5. An out-of-bounds read was addressed with improved input validation
| VAR-202109-1364 | CVE-2021-30753 | Apple Buffer error vulnerabilities in multiple products |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
Processing a maliciously crafted font may result in the disclosure of process memory. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. An out-of-bounds read was addressed with improved input validation
| VAR-202109-1363 | CVE-2021-30752 | plural Apple Product out-of-bounds read vulnerability |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An out-of-bounds read was addressed with improved input validation. plural Apple The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-1362 | CVE-2021-30751 | macOS Vulnerability in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
This issue was addressed with improved data protection. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass certain Privacy preferences. macOS Exists in unspecified vulnerabilities.Information may be tampered with
| VAR-202109-1361 | CVE-2021-30750 | macOS Vulnerability regarding improper default permissions in |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.3. A malicious application may be able to access the user's recent contacts. macOS There is a vulnerability in improper default permissions.Information may be obtained
| VAR-202109-1314 | CVE-2021-30664 | plural Apple Out-of-bounds write vulnerabilities in the product |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-0502 | CVE-2021-36182 | Fortinet FortiWeb In OS Command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A Improper neutralization of special elements used in a command ('Command Injection') in Fortinet FortiWeb version 6.3.13 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. Fortinet FortiWeb for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. FortiWeb has a buffer error vulnerability that stems from multiple stack-based buffer overflow vulnerabilities in the FortiWeb CLI interface
| VAR-202109-0501 | CVE-2021-36179 | Fortinet FortiWeb Out-of-bounds write vulnerability in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A stack-based buffer overflow in Fortinet FortiWeb version 6.3.14 and below, 6.2.4 and below allows attacker to execute unauthorized code or commands via crafted parameters in CLI command execution. Fortinet FortiWeb Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWeb is a web application layer firewall developed by Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning, etc., to ensure the security of web applications and protect sensitive database content. FortiWeb has a buffer error vulnerability that stems from multiple stack-based buffer overflow vulnerabilities in the FortiWeb CLI interface
| VAR-202109-0347 | CVE-2021-1833 | iOS and iPadOS Vulnerability in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202109-0326 | CVE-2021-1863 | iOS and iPadOS Authentication vulnerability in |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number. iOS and iPadOS There is an authentication vulnerability in.Information may be tampered with
| VAR-202109-0325 | CVE-2021-1862 | Apple iOS and Apple iPadOS Authorization problem vulnerability |
CVSS V2: 2.1 CVSS V3: 2.4 Severity: LOW |
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic
| VAR-202109-0287 | CVE-2021-1770 | plural Apple Buffer error vulnerability in the product |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A buffer overflow may result in arbitrary code execution. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A logic issue was addressed with improved state management. plural Apple The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. macOS Big Sur versions prior to 11.3, iOS versions prior to 14.5 and iPadOS versions prior to 14.5, watchOS versions prior to 7.4, and tvOS versions prior to 14.5 have a security vulnerability due to a buffer overflow that may lead to arbitrary code execution
| VAR-202109-0278 | CVE-2021-1812 | iOS and iPadOS Vulnerability in |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets
| VAR-202109-0170 | CVE-2020-27940 | Fire OS for Apple TV Vulnerabilities in applications |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app
| VAR-202109-0061 | CVE-2020-24672 | Base Software Input verification vulnerability in |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Base Software There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB Base Software is a basic software of Swiss ABB company
| VAR-202109-1570 | CVE-2021-37145 | Poly CX5500 and CX5100 Command injection vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Poly ( Old Polycom) CX5500 and CX5100 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Poly CX5500 and Poly CX5100 are a set of products for video calling from American Plantronics (Poly)
| VAR-202112-0391 | CVE-2021-37061 | Huawei Resource Exhaustion Vulnerability in Smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. Huawei Smartphones have a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state