VARIoT IoT vulnerabilities database

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product has NULL A pointer dereference vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330. plural Qualcomm The product contains unspecified vulnerabilities.Information may be obtained

u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330. plural Qualcomm The product is vulnerable to integer overflow.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm QCS605, etc. are all products of Qualcomm. QCS605 is a central processing unit (CPU) product. Qualcomm MSM8909W is a central processing unit (CPU) product. These are the products of individual developers. It is a javascript code library for managing objects and class loading order. Qualcomm QM215 is a central processing unit. Qualcomm SA6155 is a central processing unit. Qualcomm QCS605 is a central processing unit. Qualcomm APQ8009W is a central processing unit. Qualcomm Bluetooth HOST has a resource management error vulnerability, which stems from the improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344. plural Qualcomm The product contains an out-of-bounds read vulnerability. This vulnerability is CVE-2019-17060 , CVE-2019-17061 , CVE-2019-17517 It is the same vulnerability as.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm AR9344 is a Qualcomm mobile device chip from Qualcomm. Several components in AR9344 have security vulnerabilities, which can cause buffer overflow problems

PACSystems Rx3i is a programmable automation controller of General Electric Company. GE PACSystems Rx3i has a denial of service vulnerability, which can be exploited by attackers to cause device crashes.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

Tianqing Security Isolation and Information Exchange System is an access control switch device with network isolation technology independently developed by Beijing Venustech Information Technology Co., Ltd. It provides high-security isolation protection for key data. Tianqing security isolation and information exchange system has a command execution vulnerability, which can be used by attackers to execute arbitrary operating system commands.

China Mobile Railway Tongyao Router is a home router. China Mobile Railcom Co., Ltd. Yao routing has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect usability.

Zhejiang Dahua DSS (digital surveillance system) is a comprehensive management platform that integrates four security subsystem management functions: video, alarm, access control, and intercom. The DSS of Zhejiang Dahua Technology Co., Ltd. has an arbitrary file download vulnerability. Attackers can use this vulnerability to download arbitrary files on the login interface to obtain sensitive information.

Hangzhou Hikvision System Technology Co., Ltd. is a provider of security products and industry solutions. Hangzhou Hikvision System Technology Co., Ltd. video encoding equipment access gateway has a weak password vulnerability. Attackers can use this vulnerability to log in to the gateway backend to obtain sensitive information.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have a stack buffer overflow vulnerability, which can be exploited by attackers to affect system availability.

Siemens is the world's leading technology company, relying on innovations in the fields of electrification, automation and digitalization to provide customers with solutions in the fields of power generation and transmission and distribution, infrastructure, industrial automation, drives and software. Siemens X200 series industrial Ethernet switches have permission and access control loopholes, which can be exploited by attackers to affect system availability.

New H3C Technology Co., Ltd. is committed to becoming the most reliable partner for customers' business innovation and digital transformation. Main products include routers, big data, switches, Internet of Things, cloud computing, servers, etc. H3C's H3C intrusion prevention system product iWare series has a SQL injection vulnerability. Attackers can use this vulnerability to obtain sensitive database information.

Rockchip Microelectronics Co., Ltd. has a R&D team specializing in system-level chip design and algorithm research, providing professional chip solutions for high-end smart hardware, mobile phone peripherals, tablet computers, TV set-top boxes, industrial control and other fields. Rockchip Microchip has loopholes in conditional competition. Attackers can use this vulnerability to cause the program to crash.

China Mobile Yu Router is a router. There are unauthorized access vulnerabilities in China Mobile Yu routing. Attackers can use this vulnerability to directly access the router backend.

China Mobile Yu Router is a router. There is a weak password vulnerability in China Mobile Yu routing. Attackers can use this vulnerability to log in to the router backend to obtain sensitive information.