VARIoT IoT vulnerabilities database

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM6125, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. A number of Qualcomm products have an input validation error vulnerability, which stems from improper check of the channel id before using the array index in the adsp driver

u'Two threads running simultaneously from user space can lead to race condition in fastRPC driver' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. Many Qualcomm products have a resource management error vulnerability. The vulnerability originates from the fact that two threads running at the same time may cause race conditions in the fastRPC driver

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDM660 is a central processing unit (CPU) product. QCS404 is a central processing unit (CPU) product. QCS605 is a central processing unit (CPU) product. SDX55 is a modem. SDM670 is a central processing unit (CPU) product. SDM710 is a central processing unit (CPU) product. MSM8917 is a central processing unit (CPU) product. SXR2130 is a central processing unit (CPU) product. SDM439 is a central processing unit (CPU) product. MSM8905 is a central processing unit (CPU) product. IPQ6018 is a central processing unit (CPU) product. QCA6390 is a central processing unit (CPU) product. Rennell is a central processing unit (CPU) product. Wire etc. are the products of individual developers. Wire is a chat software. Qualcomm APQ8009 is a central processing unit. Many Qualcomm products have buffer error vulnerabilities. The vulnerability stems from the lack of checking the channel id value received from the MHI device, and out-of-bounds access may occur

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632. plural Qualcomm The product contains an input verification vulnerability.Denial of service (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. Many Qualcomm products have input validation errors. The vulnerability stems from the lack of ability of u to handle unexpected control messages during the encryption process, which leads to DoS

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parameters received from server' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Agatti, Kamorta, Nicobar, QCM6125, QCS610, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250. plural Qualcomm The product contains an input verification vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. A number of Qualcomm products have an input verification error vulnerability. The vulnerability stems from the failure to check the length of the received L2cap data packet, which causes the buffer overread problem in the Bluetooth estack

u'Buffer overflow while processing PDU packet in bluetooth due to lack of check of buffer length before copying into it.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap configuration request received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, SA415M, SA515M, SC8180X, SDX55, SM8250. plural Qualcomm The product contains an input verification vulnerability.Information is obtained and denial of service (DoS) It may be put into a state

IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. IBM DataPower Gateway Contains an information disclosure vulnerability. Vendor is responsible for this vulnerability IBM X-Force ID: 182658 Is published as.Information may be obtained. IBM MQ (IBM WebSphere MQ) and others are products of IBM Corporation in the United States. IBM MQ is a messaging middleware product. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level message middleware. This vulnerability number has been assigned, and the vulnerability details will be updated soon

EKI-1521 is a serial device networking server supporting RS-232/422/485. Advantech (China) Co., Ltd. EKI-1521 has a command execution vulnerability. Attackers can use the vulnerability to remotely execute system commands.

P-660HW-T1 is a wireless router product of Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. Zhongqin Communication Equipment Trading (Shanghai) Co., Ltd. P-660HW-T1 has a weak password vulnerability. Attackers can use the vulnerability to pass Connect to P-660HW-T1 (v3) and perform any operation under root authority to obtain sensitive information.

Shanghai ZLAN Information Technology Co., Ltd. is a high-tech enterprise that provides industrial Internet of Things solutions. Founded in 2008, its products include: serial server, Internet of Things chips, serial to Ethernet, etc. Shanghai ZLAN Information Technology Co., Ltd. ZLAN5102-3/ZLAN5102/ZLAN5103 common single serial port server has a denial of service vulnerability. Attackers can use this vulnerability to cause the program to crash.

The Fengine FR2600 series integrated service access router (hereinafter referred to as FR2600) is a new generation of switching access router platform created by Fiberhome using the industry's new hardware design architecture. FR2600 has powerful processing capabilities and expansion capabilities, rich software functions and hardware modules, and has a wide range of applications in electric power, enterprises, governments, finance, the military, and operators. Fiberhome FR2600 series routers have logic flaws, which can be exploited by remote attackers to obtain sensitive information.

A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. When malicious data is viewed, they can obtain sensitive information or hijack user sessions

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3