VARIoT IoT vulnerabilities database

RIOT-OS 2021.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c through the _parse_options() function. RIOT-OS Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. RIOT is a real-time multi-threaded IoT operating system that supports a series of devices commonly found in the Internet of Things. No detailed vulnerability details are currently provided. RIOT-OS 2021.01 has a security vulnerability, which stems from a buffer overflow vulnerability in the parse options() function in sys net gnrc routing rpl gnrc rpl control messages.c

RIOT-OS 2020.01 contains a buffer overflow vulnerability in /sys/net/gnrc/routing/rpl/gnrc_rpl_control_messages.c. RIOT-OS Contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. RIOT is a real-time multi-threaded IoT operating system that supports a series of devices commonly found in the Internet of Things. No detailed vulnerability details are currently provided

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China. ASUS BMC firmware Web management page has a security feature vulnerability

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. plural ASUS The product contains a classic buffer overflow vulnerability.Denial of service (DoS) It may be put into a state. ASUS BMC Firmware is a firmware of ASUS Corporation of China

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks Co., Ltd. RSR router has an arbitrary file reading vulnerability. Attackers can use this vulnerability to perform arbitrary file reading operations.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services. Ruijie Networks Co., Ltd. RSR router has a logic flaw vulnerability. Attackers can use this vulnerability to log in a low-privileged user to vertically override a user with administrator privileges.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. An arbitrary command execution vulnerability exists in the wireless SmartWeb management system of Ruijie Networks. An attacker can use this vulnerability to execute arbitrary commands and obtain user passwords.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks NBR router has a logic flaw vulnerability. Attackers can use this vulnerability to log in a low-privileged user to vertically override a user with administrator privileges.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks NBR router has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

The Big Wisdom Fire Fighting Digital Monitoring Center Platform is a remote monitoring system for the Internet of Fire Fighting. The system is suitable for smart fire fighting platforms under the new smart city, suitable for urban networking, industry networking, large-scale enterprise networking and remote unattended places. There is a SQL injection vulnerability in the Big Wisdom Fire Digital Monitoring Center platform, which can be used by attackers to obtain sensitive information in the database.

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. plural WSO2 Product Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Management Console is an application software of American WSO2 Company

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a double release vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a double release vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state