VARIoT IoT vulnerabilities database
| VAR-202109-0170 | CVE-2020-27940 | Fire OS for Apple TV Vulnerabilities in applications |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
This issue was addressed with improved file handling. This issue is fixed in Apple TV app for Fire OS 6.1.0.6A142:7.1.0. An attacker with file system access may modify scripts used by the app
| VAR-202109-0061 | CVE-2020-24672 | Base Software Input verification vulnerability in |
CVSS V2: 6.8 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . Base Software There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ABB Base Software is a basic software of Swiss ABB company
| VAR-202109-1570 | CVE-2021-37145 | Poly CX5500 and CX5100 Command injection vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
A command-injection vulnerability in an authenticated Telnet connection in Poly (formerly Polycom) CX5500 and CX5100 1.3.5 leads an attacker to Privilege Escalation and Remote Code Execution capability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Poly ( Old Polycom) CX5500 and CX5100 Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Both Poly CX5500 and Poly CX5100 are a set of products for video calling from American Plantronics (Poly)
| VAR-202112-0391 | CVE-2021-37061 | Huawei Resource Exhaustion Vulnerability in Smartphones |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. Huawei Smartphones have a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202112-0355 | CVE-2021-37037 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an Invalid address access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart. plural Huawei Smartphone products have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202112-0354 | CVE-2021-37039 | plural Huawei Input validation vulnerability in smartphone products |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. No detailed vulnerability details were provided at this time
| VAR-202112-0353 | CVE-2021-37044 | plural Huawei Vulnerability related to improper retention of permissions in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. plural Huawei A vulnerability related to improper retention of permissions exists in smartphone products.Service operation interruption (DoS) It may be in a state
| VAR-202112-0352 | CVE-2021-37045 | plural Huawei Vulnerability related to use of freed memory in smartphone products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
There is an UAF vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart unexpectedly and the kernel-mode code to be executed. plural Huawei A vulnerability related to use of freed memory exists in smartphone products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0351 | CVE-2021-37049 | plural Huawei Out-of-bounds write vulnerability in smartphone products |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
There is a Heap-based buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may rewrite the memory of adjacent objects. plural Huawei Smartphone products contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0350 | CVE-2021-37050 | plural Huawei Vulnerability related to lack of encryption of important data in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Missing sensitive data encryption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality
| VAR-202112-0349 | CVE-2021-37051 | plural Huawei Out-of-bounds reading vulnerability in smartphone products |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is an Out-of-bounds read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds memory access. plural Huawei Smartphone products contain an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202112-0348 | CVE-2021-37052 | plural Huawei Vulnerability related to exceptional state handling in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an Exception log vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause address information leakage. plural Huawei A vulnerability related to exceptional state handling exists in smartphone products.Information may be obtained
| VAR-202112-0347 | CVE-2021-37053 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Service logic vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause WLAN DoS. plural Huawei Smartphone products have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202112-0346 | CVE-2021-37054 | plural Huawei Authentication Vulnerability in Smartphone Products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. plural Huawei Smartphone products contain an authentication vulnerability.Information may be obtained
| VAR-202112-0345 | CVE-2021-37069 | plural Huawei Race Condition Vulnerability in Smartphone Products |
CVSS V2: 5.8 CVSS V3: 7.4 Severity: HIGH |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. plural Huawei A race condition vulnerability exists in smartphone products.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202112-0344 | CVE-2021-37074 | plural Huawei Race Condition Vulnerability in Smartphone Products |
CVSS V2: 9.3 CVSS V3: 8.1 Severity: HIGH |
There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user root privilege escalation. plural Huawei A race condition vulnerability exists in smartphone products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202112-0343 | CVE-2021-37092 | plural Huawei Incomplete Cleanup Vulnerability in Smartphone Products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. plural Huawei An incomplete cleanup vulnerability exists in smartphone products.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. HUAWEI HarmonyOS has a resource management error vulnerability. This vulnerability is caused by a resource not closing or releasing vulnerability in a certain component of HarmonyOS. No detailed vulnerability details were provided at this time
| VAR-202112-0342 | CVE-2021-37093 | plural Huawei Vulnerabilities in smartphone products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. plural Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability is caused by a component of the product that does not effectively authenticate user identities. No detailed vulnerability details were provided at this time
| VAR-202112-0335 | CVE-2021-37020 | plural Huawei Input validation vulnerability in smartphone products |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. plural Huawei A vulnerability related to input validation exists in smartphone products.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202112-0334 | CVE-2021-37021 | plural Huawei Input validation vulnerability in smartphone products |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. plural Huawei A vulnerability related to input validation exists in smartphone products.Information is obtained and service operation is interrupted (DoS) It may be in a state