VARIoT IoT vulnerabilities database

Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Server Board M10JNP2SB before version 4.7.0.1119 may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Server Board is a server motherboard of Intel Corporation of the United States. A local attacker could exploit this vulnerability to elevate privileges

Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allow privileged user to potentially enable denial of service via local access. Intel(R) LED Manager for NUC There is an authentication vulnerability in.Service operation interruption (DoS) It may be put into a state. The vulnerability is caused by improper authentication. A local attacker could exploit this vulnerability to cause a denial of service

An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.). SmartControl There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. A code issue vulnerability exists in Philips SmartControl version 4.3.15 and versions earlier than 2020-4-15. An attacker can exploit this vulnerability to elevate privileges with a specially crafted DLL file

njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface. njs There is an input verification vulnerability in.Information may be tampered with. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. There is a security vulnerability in the njs_value_property of the njs_value.c file in njs 0.4.3 and earlier versions (used in NGINX). An attacker could exploit this vulnerability to hijack control flow

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. njs Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. The njs_json_stringify_iterator of the njs_json.c file in njs 0.4.3 and earlier versions (used in NGINX) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. njs Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. The njs_lvlhsh_level_find of the njs_lvlhsh.c file in njs 0.4.3 and earlier versions (used in NGINX) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. NGINX Used in njs Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. njs_json_parse_iterator_call in the njs_json.c file in njs 0.4.3 and earlier versions (used in NGINX) has a resource management error vulnerability. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) Wireless for Open Source Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be put into a state. An attacker could exploit this vulnerability to cause a denial of service

eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. iNet wireless daemon (IWD) There is an unspecified vulnerability in.Information may be obtained and tampered with

Advantech WebAccess Node is a HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess Node has a heap overflow vulnerability, which can lead to denial of service.

C2000-B2-SFE0101-BB1 serial server is a serial device network server. A denial of service vulnerability exists in the C2000-B2-SFE0101-BB1 serial port server of Zoomlion Innovation and Connex, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to cause system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service on the server.

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. Huawei smartphone Taurus-AL00B Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Taurus-AL00B is a smart phone of China's Huawei (Huawei) company. There is a resource management error vulnerability in Huawei Taurus-AL00B 10.1.0.126 (C00E125R5P3)

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. Huawei 5G Mobile WiFi E6878-370 Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei (Huawei) company. Attackers can use this vulnerability to operate certain business modules

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Mailbox Interface driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a security vulnerability in the installer of the Intel Mailbox Interface, which is caused by the program not being properly authorized. An attacker could exploit this vulnerability to elevate privileges

Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SSD DCT There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to elevate privileges