VARIoT IoT vulnerabilities database

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. ASUS BMC Firmware is a firmware of ASUS Corporation of China

The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. plural ASUS The product contains a classic buffer overflow vulnerability.Denial of service (DoS) It may be put into a state. ASUS BMC Firmware is a firmware of ASUS Corporation of China

Sensitive smart card data is logged in default INFO logs by Teradici's PCoIP Connection Manager and Security Gateway prior to version 21.01.3

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks Co., Ltd. RSR router has an arbitrary file reading vulnerability. Attackers can use this vulnerability to perform arbitrary file reading operations.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services. Ruijie Networks Co., Ltd. RSR router has a logic flaw vulnerability. Attackers can use this vulnerability to log in a low-privileged user to vertically override a user with administrator privileges.

Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage. An arbitrary command execution vulnerability exists in the wireless SmartWeb management system of Ruijie Networks. An attacker can use this vulnerability to execute arbitrary commands and obtain user passwords.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks NBR router has a logic flaw vulnerability. Attackers can use this vulnerability to log in a low-privileged user to vertically override a user with administrator privileges.

Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services and other projects. Ruijie Networks NBR router has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands.

The Big Wisdom Fire Fighting Digital Monitoring Center Platform is a remote monitoring system for the Internet of Fire Fighting. The system is suitable for smart fire fighting platforms under the new smart city, suitable for urban networking, industry networking, large-scale enterprise networking and remote unattended places. There is a SQL injection vulnerability in the Big Wisdom Fire Digital Monitoring Center platform, which can be used by attackers to obtain sensitive information in the database.

WSO2 Management Console through 5.10 allows XSS via the carbon/admin/login.jsp msgId parameter. plural WSO2 Product Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. WSO2 Management Console is an application software of American WSO2 Company

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

A double free condition can occur when the device moves to suspend mode during secure playback in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a double release vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a double release vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Out of bound memory read while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability regarding the lack of free memory after expiration.Denial of service (DoS) It may be put into a state

A SQL injection vulnerability in Knowage Suite version 7.1 exists in the documentexecution/url analytics driver component via the 'par_year' parameter when running a report

Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter