VARIoT IoT vulnerabilities database

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3, watchOS 5.3. An application may be able to read restricted memory. plural Apple The product contains a validation vulnerability due to a flawed input sanitization process.Limited memory can be read through the application. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple macOS High Sierra is a dedicated operating system developed for Mac computers. tvOS is a smart TV operating system

A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3, tvOS 12.3. Users removed from an iMessage conversation may still be able to alter state. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. A security flaw in several Apple products stems from the fact that users who are removed from an iMessage session can still change status

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. Apple macOS Catalina is a set of dedicated operating systems developed by Apple for Mac computers

An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. QSC Q-SYS is a device used in signal processing from QSC Corporation of the United States. The device is used in audio information processing and information exchange, and can be used in conferences, teachers, lecture halls and other multi-person conference scenarios. Attackers can use this vulnerability to traverse TFTP related directories

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the attacker could use the vulnerability to steal user cookies or destroy the page structure. This affects: eVDC ZXCLOUD-iROSV6.03.04. ZTE eVDC Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. ZTE eVDC is a virtualized data center product service of China ZTE Corporation (ZTE)

SNC series cameras are network surveillance products produced by Sony. Sony (China) Co., Ltd. SNC series cameras have unauthorized access vulnerabilities. Attackers can use vulnerabilities to obtain sensitive information.

Beijing Hanbang Hi-Tech Digital Technology Co., Ltd. is a high-tech enterprise. With "video technology" as the core, the company is committed to the research and development of "physical security" and "content security". The core business consists of three parts: smart security, radio and television monitoring and digital watermarking technology. The camera of Hanbang Hi-Tech has weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

BSP Security is an enterprise that provides security systems and video surveillance. BSP Security IPC has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.

Shenzhen Jingyang Technology Co., Ltd. is a leading provider of smart video products and solutions in China, focusing on R&D and innovation of smart video products and solutions for the world. Shenzhen Jingyang Technology Co., Ltd. camera has a weak password vulnerability. Attackers can use vulnerabilities to obtain sensitive information.

D-Link DIR-852 is a wireless router. D-Link DIR-852 has a command execution vulnerability. The attacker can use the leak to directly control the router.

Redmi Note 7 is the first product of Xiaomi's Redmi brand mobile phone. Redmi Note7 has a denial of service vulnerability. Attackers can use this vulnerability to cause the device to restart.

Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Belkin LINKSYS WRT160NL The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router made by Belkin in the United States

GPON/4+1+WIFI (2.4G) is a Unicom optical modem. Unicom Optical modem GPON/4+1+WIFI(2.4G) PT952G has an unauthorized vulnerability. Attackers can use this vulnerability to achieve the purpose of privilege escalation and obtain sensitive information.

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentication or token authentication mechanism that allows remote attackers to forge requests on behalf of a site administrator to change all settings including deleting users, creating new users with escalated privileges. fs.com S3900 24T4S Contains a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. fs.com S3900-24T4S is a gigabit stackable switch from China's fast innovation (fs) company. The FS S3900-24T4S switch is equipped with 24 10/100/1000Base-T ports, 4 10G SFP+ uplink ports, supports stacking of up to 6 switches, simple operation, highly secure business processing capabilities, flexible network deployment, and no Border network experience and complete QoS control strategy. The fs.com S3900 24T4S version 1.7.0 and previous versions have security vulnerabilities. Authentication mechanism

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple The product is vulnerable to out-of-bounds reading due to flawed input validation.Arbitrary code can be executed by processing maliciously created images. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple iTunes for Windows is a media player application based on the Windows platform

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple watchOS is a smart watch operating system

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers

A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6. A user may be unexpectedly logged in to another user’s account. macOS Catalina Has a logic vulnerability due to poor state management.You may be able to log in to another user's account unexpectedly. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers. A security vulnerability exists in the OS X Login Window that could allow one user to accidentally log in to another user's account

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, watchOS 6.2.8. A malicious application may disclose restricted memory. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers. A security vulnerability exists in the OS X Kernel that could allow malicious applications to expose restricted memory