VARIoT IoT vulnerabilities database

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a race condition vulnerability and a free memory usage vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm Graphics是美国高通（Qualcomm）公司的一个用于处理器上的图形支撑固件. Qualcomm Graphics 存在安全漏洞，该漏洞源于附件没有被正确清理。以下产品及版本受到影响：APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9250, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM6125, QCS405, QCS410, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains a vulnerability in the use of uninitialized resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1. DriverGenius Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. Cmcm Drivergenius (Drive Wizard) is a software for Windows system to solve driver adaptation update and download from Beijing Cheetah Mobile Technology Co., Ltd. (Cmcm) in China

The business scope of Nanjing Jiuze Software Technology Co., Ltd. includes: software development, technical services, technical consulting services, technology transfer, etc. The intelligent IoT system of Nanjing Jiuze Software Technology Co., Ltd. has a SQL injection vulnerability. Attackers can use the vulnerability to obtain sensitive information in the database.

Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions . There is a binary vulnerability in KINCO DTools. Attackers can use this vulnerability to construct malformed bmp images and cause the program to crash.

Shanghai Buke Automation Co., Ltd. has been focusing on the research and development, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions Wait. There is a binary vulnerability in KINCO DTools. Attackers can use the vulnerability to construct malformed wav audio and cause the program to crash.

TP-LINK TL-WR740N adopts advanced 11N wireless technology, with a wireless transmission rate of up to 150Mbps, which can meet more wireless client access, while avoiding data congestion, reducing network delay, and making voice and video, online on-demand, and online games smoother. TP-LINK TL-WR740N has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service attack.

The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system. Beijing Zhongchuang Video Technology Co., Ltd. UCM collaborative communication platform has a command execution vulnerability. Attackers can use this vulnerability to execute commands remotely.

The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system. The UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files.

The UCM cooperative communication platform is a SIP communication control hardware device, which can realize terminal registration, multi-party conference (MCU), device management, firewall traversal, etc. in the traditional video conference system. The UCM collaborative communication platform of Beijing Zhongchuang Video Technology Co., Ltd. has a weak password vulnerability. Attackers can use the vulnerability to log in to the background to obtain sensitive information and perform unauthorized operations.

Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China. There is a binary vulnerability in the KINCO touch screen configuration editing software of Shanghai Baike. Attackers can use the vulnerability to cause the program to crash.

Shanghai Buke Automation Co., Ltd. has been focusing on the R&D, production, sales and related technical services of the core components of industrial automation equipment control and industrial Internet of Things/Internet software and hardware, and provides customers with equipment automation control, digital factory and industrial Internet solutions , Is a leading supplier of machine automation and factory intelligent solutions in China. There is a binary vulnerability in the KINCO touch screen configuration editing software of Shanghai Baike. Attackers can use the vulnerability to cause the program to crash.

Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers. The iray infrared camera AM310420 has a command execution vulnerability. Attackers can use this vulnerability to execute system commands and gain control of the server.

Arrow Optoelectronics focuses on the R&D and manufacturing of infrared imaging technology and products, with completely independent intellectual property rights, and is committed to providing professional and competitive infrared thermal imaging products and industry solutions to global customers. The iray infrared camera has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

New Cape Electronics Co., Ltd. is a professional enterprise dedicated to the development, production, sales and system integration of all-in-one card software and products. New Cape Electronics Co., Ltd. Internet of Things platform has an arbitrary file download vulnerability. Attackers can use the vulnerability to arbitrary files next week.

Shenzhen Jixiang Tengda Technology Co., Ltd. (hereinafter referred to as "Tengda") is a professional supplier of network communication equipment and solutions, as well as a high-tech enterprise integrating R&D, production, supply, sales and service. Tenda AC9V3.0 router web management page has a command execution vulnerability. Attackers can use vulnerabilities to execute arbitrary commands.