VARIoT IoT vulnerabilities database

A race condition was addressed with additional validation. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kernel extension. The issue results from the lack of proper locking when performing operations on an object. Apple OS X is a set of dedicated operating systems developed by Apple for Mac computers. Apple macOS could allow a local authenticated malicious user to gain elevated privileges on the system, caused by a time-of-check time-of-use race condition in the AppleIntelKBLGraphics kernel extension

AM600 is a medium-sized programmable logic controller (PLC) designed with a modular structure. Suzhou Inovance Technology Co., Ltd. AM600 has a buffer overflow vulnerability. The attacker sent malformed Modbus data packets, causing abnormalities inside the PLC and crashing the program.

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise that provides industrial IoT solutions. It was established in 2008. Its products include serial server, IoT chips, serial to Ethernet, etc. Shanghai ZLAN Information Technology Co., Ltd. ZLAN7144N2 has an information disclosure vulnerability. An attacker can use the vulnerability to send a specific message to the UDP port through the network to obtain the WiFi hotspot connection password of the device.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

The precision air conditioner network monitoring terminal is an intelligent network monitoring device based on precision air conditioners, which is connected to the network through a network cable, and continuously collects air conditioner operating status data. Guangzhou Junda Intelligent Software Technology Co., Ltd. intelligent precision air-conditioning network monitoring and alarm terminal has a file upload vulnerability. Attackers can use this vulnerability to gain server control rights.

H3C Magic R2+ is a wireless dual-band router specially designed by New H3C Technology Co., Ltd. H3C Magic R2+ProG router has an unauthorized access vulnerability, which can be exploited by attackers to obtain sensitive information.

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability. Certain remote users with low privileges may exploit this vulnerability to perform 'nsrmmdbd' operations in an unintended manner. The software provides backup and recovery, deduplication, backup reporting, and more

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment vulnerability. A non-LDAP remote user with low privileges may exploit this vulnerability to perform 'saveset' related operations in an unintended manner. The vulnerability is not exploitable by users authenticated via LDAP. The software provides backup and recovery, deduplication, backup reporting, and more

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. It provides services across public and private clouds, Docker container and KVM Hypervisor servers provide cost and usage reports, RBAC , management, provisioning, orchestration, monitoring and automation. The following products and versions are affected: 2020 Year 9 moon 2 version before date

When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. It provides cost and usage reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and private clouds, Docker containers and KVM hypervisors. The following products and versions are affected: Versions before September 2, 2020

When Security Assertion Markup Language (SAML) authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly process invalid authentication certificates which could allow a malicious network-based user to access unauthorized data. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. It provides cost and usage reporting, RBAC, management, provisioning, orchestration, monitoring and automation for servers across public and private clouds, Docker containers and KVM hypervisors. The following products and versions are affected: Versions before September 2, 2020. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions

The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. Advantech Provided by the company WebAccess/SCADA Is browser-based SCADA It is a software package. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech WebAccess/SCADA. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.The specific flaw exists within the WADashboard component. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides functions of remote control and management of automation equipment. There are security vulnerabilities in WebAccess/SCADA WADashboard version 9.0 and earlier versions

Delta Electronics was established in 1971 to provide power management and cooling solutions worldwide. ScreenEditor is a configuration software in Delta CNCSoft software suite. The ScreenEditor of Delta Electronics Industry Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

Delta Electronics was established in 1971 to provide power management and cooling solutions worldwide. ScreenEditor is a configuration software in Delta CNCSoft software suite. The ScreenEditor of Delta Electronics Industry Co., Ltd. has a binary vulnerability that can be exploited by attackers to cause a denial of service.

Advantech WebAccess SCADA is a HMI/SCADA monitoring software based entirely on IE browser. Advantech (China) Co., Ltd. has a binary vulnerability in WebAccess/SCADA. Attackers can use the vulnerability to cause a denial of service.

Rockwell Automation is an industrial automation and information company. Rockwell Automation 1769-L33ER has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.

On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series deployed in a Virtual Chassis configuration, receipt of a stream of specific layer 2 frames can cause high CPU load, which could lead to traffic interruption. This issue does not occur when the device is deployed in Stand Alone configuration. The offending layer 2 frame packets can originate only from within the broadcast domain where the device is connected. This issue affects Juniper Networks Junos OS on EX4300-MP Series, EX4600 Series and QFX5K Series: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S11, 17.4R3-S2, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S1, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2. Juniper Networks Junos OS Is vulnerable to a resource exhaustion.Denial of service (DoS) It may be put into a state. Junos OS EX/QFX has a security loophole in the processing of via Virtual Chassis. Remote attackers can use this loophole to submit special requests, perform denial of service attacks, and crash the service program

IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503. IBM Resilient OnPrem Contains a command injection vulnerability. Vendor exploits this vulnerability IBM X-Force ID: 185503 Is published as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state