VARIoT IoT vulnerabilities database

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13343). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13343 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing BMP files. This could result in a memory corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13342). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-13342 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13060). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13060 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Gif_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing GIF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12956). JT2Go and Teamcenter Visualization There is an input verification vulnerability and an out-of-bounds write vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12956 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GIF files

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12959). JT2Go and Teamcenter Visualization There is a vulnerability related to out-of-bounds reading and a vulnerability related to input verification. Zero Day Initiative To this vulnerability ZDI-CAN-12959 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIFF files

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The BMP_Loader.dll library in affected applications lacks proper validation of user-supplied data prior to performing further free operations on an object when parsing BMP files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-13196). JT2Go and Teamcenter Visualization There is a vulnerability related to input verification and a vulnerability related to the use of freed memory. Zero Day Initiative To this vulnerability ZDI-CAN-13196 Was numbered.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of BMP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object

A vulnerability has been identified in JT2Go (All versions < V13.2), Teamcenter Visualization (All versions < V13.2). The Tiff_Loader.dll library in affected applications lacks proper validation of user-supplied data when parsing TIFF files. This could result in an out of bounds read past the end of an allocated buffer. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-13199). JT2Go and Teamcenter Visualization There are input validation and out-of-bounds read vulnerabilities. Zero Day Initiative To this vulnerability ZDI-CAN-13199 Was numbered.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of TIF files

IBM Security Verify Access Docker 10.0.0 reveals version information in HTTP requests that could be used in further attacks against the system. IBM X-Force ID: 197972. Vendor is responsible for this vulnerability IBM X-Force ID: 197972 Is published as.Information may be obtained

IBM Security Verify Access Docker 10.0.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 198813. IBM Security Verify Access Docker There is an unspecified vulnerability in. Vendor exploits this vulnerability IBM X-Force ID: 198813 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The product implements access management control through integrated devices for Web, mobile and cloud computing

IBM Security Verify Access Docker 10.0.0 could allow an authenticated user to bypass input due to improper input validation. IBM X-Force ID: 197966. Vendor exploits this vulnerability IBM X-Force ID: 197966 Is published as.Information may be tampered with

IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 198299. Vendor is responsible for this vulnerability IBM X-Force ID: 198299 Is published as.Information may be obtained

Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference)

IBM Security Verify Access Docker 10.0.0 could reveal highly sensitive information to a local privileged user. IBM X-Force ID: 197980. Vendor exploits this vulnerability IBM X-Force ID: 197980 Is published as.Information may be obtained

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660. Vendor is responsible for this vulnerability IBM X-Force ID: 198660 Is published as.Information may be obtained

MFC-8510DN is a multifunctional all-in-one machine. Brother MFC-8510DN has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. Vendor is responsible for this vulnerability IBM X-Force ID: 198661 Is published as.Information may be obtained and information may be tampered with

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973. Vendor is responsible for this vulnerability IBM X-Force ID: 197973 Is published as.Information may be obtained

MFC-L2700DW series, etc. are all printer products of Brother Company. Many Brother products have unauthorized access vulnerabilities, which can be exploited by attackers to obtain sensitive information.

RG-UAC 6000-ISG series video surveillance security gateway is a video surveillance network security reinforcement product independently developed by Ruijie Networks. Ruijie RG-UAC 6000-ISG video access security gateway has an information disclosure vulnerability. Attackers can use this vulnerability to obtain sensitive information.

IBM Security Access Manager 9.0 and IBM Security Verify Access Docker 10.0.0 stores user credentials in plain clear text which can be read by an unauthorized user