VARIoT IoT vulnerabilities database

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c. njs Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. The njs_json_stringify_iterator of the njs_json.c file in njs 0.4.3 and earlier versions (used in NGINX) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. njs Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be put into a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. The njs_lvlhsh_level_find of the njs_lvlhsh.c file in njs 0.4.3 and earlier versions (used in NGINX) has a buffer error vulnerability. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. NGINX Used in njs Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. NGINX is a lightweight web server/reverse proxy server and e-mail (IMAP/POP3) proxy server of the American NGINX company. njs is one of the scripting language components that supports extending NGINX functionality. njs_json_parse_iterator_call in the njs_json.c file in njs 0.4.3 and earlier versions (used in NGINX) has a resource management error vulnerability. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products

Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow an unauthenticated user to potentially enable denial of service via adjacent access. Intel(R) Wireless for Open Source Exists in a buffer error vulnerability.Service operation interruption (DoS) It may be put into a state. An attacker could exploit this vulnerability to cause a denial of service

eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4. iNet wireless daemon (IWD) There is an unspecified vulnerability in.Information may be obtained and tampered with

Advantech WebAccess Node is a HMI/SCADA monitoring software completely based on IE browser. Advantech WebAccess Node has a heap overflow vulnerability, which can lead to denial of service.

C2000-B2-SFE0101-BB1 serial server is a serial device network server. A denial of service vulnerability exists in the C2000-B2-SFE0101-BB1 serial port server of Zoomlion Innovation and Connex, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to cause system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability, which can be exploited by attackers to make the system denial of service.

China Pulian Technology Co., Ltd. is the world's leading supplier of network communication equipment. China Pulian Technology Co., Ltd. WR740N has a denial of service vulnerability. Attackers can use the vulnerability to cause a denial of service on the server.

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability. A module is lack of lock protection. Attackers can exploit this vulnerability by launching specific request. This could compromise normal service of the affected device. Huawei smartphone Taurus-AL00B Is vulnerable to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei Taurus-AL00B is a smart phone of China's Huawei (Huawei) company. There is a resource management error vulnerability in Huawei Taurus-AL00B 10.1.0.126 (C00E125R5P3)

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability. The device does not restrict certain data received from WAN port. Successful exploit could allow an attacker at WAN side to manage certain service of the device. Huawei 5G Mobile WiFi E6878-370 Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei E6878-370 is a portable 5G router from China's Huawei (Huawei) company. Attackers can use this vulnerability to operate certain business modules

Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) NUC There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Mailbox Interface driver There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. There is a security vulnerability in the installer of the Intel Mailbox Interface, which is caused by the program not being properly authorized. An attacker could exploit this vulnerability to elevate privileges

Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a privileged user to potentially enable escalation of privilege via local access. Intel(R) SSD DCT There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker could exploit this vulnerability to elevate privileges

Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2.4.5718 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Computing Improvement Program Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Computing Improvement Program is a software improvement program application program of Intel Corporation. This program is used to collect computer function usage information, component usage information, operating system information, etc. An attacker could exploit this vulnerability to elevate privileges

FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. FusionCompute To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei FusionCompute is a computer virtualization engine developed by Huawei in China. The product provides Virtual Resource Manager (VRM) and Compute Node Agent (CNA), etc. The vulnerability is caused by the device not fully verifying some parameters submitted by the user. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2020.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Distribution of OpenVINO(TM) Toolkit Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. A security vulnerability exists in version 2020.2 of the Intel Distribution of OpenVINO(TM) Toolkit. A local attacker could exploit this vulnerability to elevate privileges

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in SFAPV9601 - APC Easy UPS On-Line Software (V2.0 and earlier) when accessing a vulnerable method of `SoundUploadServlet` which may lead to uploading executable files to non-specified directories. * Past traversal (CWE-22) - CVE-2020-7521 , CVE-2020-7522By a remote third party, " FileUploadServlet , " SoundUploadServlet Accessed the method and uploaded the executable file to an unspecified directory - CVE-2020-7521 , CVE-2020-7522. Authentication is not required to exploit this vulnerability.The specific flaw exists within the SoundUploadServlet class. When parsing the filename parameter, the process does not properly validate a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Remote attackers can use this vulnerability to submit special requests and upload any files to any directory