VARIoT IoT vulnerabilities database

Classic buffer overflow vulnerability while playing the specific video whose Decode picture buffer size is more than 16 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9650 is a central processing unit (CPU) product of Qualcomm (Qualcomm). A buffer error vulnerability exists in several Qualcomm products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package. Huawei P30 is a smartphone from China's Huawei company. The vulnerability stems from the system failing to properly authorize a user operation

An unquoted search path vulnerability in Multiple Yokogawa products for Windows (Exaopc (R1.01.00 ? R3.77.00), Exaplog (R1.10.00 ? R3.40.00), Exaquantum (R1.10.00 ? R3.02.00 and R3.15.00), Exaquantum/Batch (R1.01.00 ? R2.50.40), Exasmoc (all revisions), Exarqe (all revisions), GA10 (R1.01.01 ? R3.05.01), and InsightSuiteAE (R1.01.00 ? R1.06.00)) allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. Provided by Yokogawa Electric Corporation plural Windows The application has Windows Service executable file path is not quoted (CWE-428) Exists. This vulnerability information is provided by the developer for the purpose of disseminating it to product users. JPCERT/CC Report to JPCERT/CC Is a developer and the United States ICS-CERT I made adjustments with.Windows If the executable file path of the service contains spaces and is not enclosed in quotation marks, the path containing the spaces may be used to execute an invalid file with the authority of the service. Yokogawa Exaopc, etc. are all products of Japan's Yokogawa Electric (Yokogawa) company. Exaopc is an OPC data access server. Exaquantum is a plant information management system (PIMS) for the process industry. InsightSuiteAE is a set of solutions for monitoring, diagnosing and optimizing plant assets. Security flaws exist in several Yokogaw products. An attacker could exploit this vulnerability to execute malicious files. The following products and versions are affected: Yokogaw Exaopc (version R1.01.00 to version R3.77.00); Exaplog (version R1.10.00 to version R3.40.00); Exaquantum (version R1.10.00 to version R3.02.00; Exaquantum/Batch ( R1.01.00 to R2.50.40); Exasmoc (all versions); Exarqe (all versions); GA10 (R1.01.01 to R3.05.01) and InsightSuiteAE (R1.01.00 to R1.06.00)

In the Linux kernel before 5.0.3, a memory leak exits in hsr_dev_finalize() in net/hsr/hsr_device.c if hsr_add_port fails to add a port, which may cause denial of service, aka CID-6caabe7f197d. Linux Kernel Is vulnerable to a lack of free resources after a valid lifetime. Vendors have confirmed this vulnerability CID-6caabe7f197d It is released as.Service operation interruption (DoS) There is a possibility of being put into a state

NETGEAR SRX5308 4.3.5-3 devices allow SQL Injection, as exploited in the wild in September 2019 to add a new user account. NETGEAR SRX5308 The device includes SQL An injection vulnerability exists.Information may be tampered with. NETGEAR SRX5308 is a VPN firewall device of NETGEAR. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands

RSA BSAFE Crypto-C Micro Edition versions from 4.0.0.0 before 4.0.5.4 and from 4.1.0 before 4.1.4, RSA BSAFE Micro Edition Suite versions from 4.0.0 before 4.0.13 and from 4.1.0 before 4.4 and RSA Crypto-C versions from 6.0.0 through 6.4.* are vulnerable to an out-of-bounds read vulnerability when processing DSA signature. A malicious remote user could potentially exploit this vulnerability to cause a crash in the library of the affected system. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. Dell RSA BSAFE Micro Edition Suite is an encryption toolkit of Dell (Dell). This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

RSA BSAFE Micro Edition Suite versions prior to 4.1.6.3 (in 4.1.x) and prior to 4.4 (in 4.2.x and 4.3.x), are vulnerable to an Information Exposure Through an Error Message vulnerability, also known as a “padding oracle attack vulnerability”. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. Dell RSA BSAFE Micro Edition Suite is an encryption toolkit of Dell (Dell). This vulnerability stems from configuration errors in network systems or products during operation

RSA BSAFE Crypto-C Micro Edition versions prior to 4.1.4 and RSA Micro Edition Suite versions prior to 4.4 are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1.6.1 (in 4.1.x) and versions prior to 4.3.3 (4.2.x and 4.3.x) are vulnerable to an Information Exposure Through Timing Discrepancy. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. This vulnerability stems from configuration errors in network systems or products during operation. 3 previous versions

RSA BSAFE Crypto-C Micro Edition, all versions prior to 4.1.4, is vulnerable to three (3) different Improper Clearing of Heap Memory Before Release vulnerability, also known as 'Heap Inspection vulnerability'. A malicious remote user could potentially exploit this vulnerability to extract information leaving data at risk of exposure. RSA BSAFE Crypto-C Micro Edition Contains an information disclosure vulnerability.Information may be obtained. This vulnerability stems from configuration errors in network systems or products during operation

A logic issue applied the incorrect restrictions. This issue was addressed by updating the logic to apply the correct restrictions. This issue is fixed in iOS 13.1.1 and iPadOS 13.1.1. Third party app extensions may not receive the correct sandbox restrictions. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Sandbox is one of the sandbox components. A security vulnerability exists in the Sandbox component in Apple iOS versions prior to 13.1.1 and iPadOS versions prior to 13.1.1. An attacker could exploit this vulnerability to bypass sandbox restrictions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-9-27-1 iOS 13.1.1 and iPadOS 13.1.1 iOS 13.1.1 and iPadOS 13.1.1 are now available and address the following: Sandbox Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation Impact: Third party app extensions may not receive the correct sandbox restrictions Description: A logic issue applied the incorrect restrictions. CVE-2019-8779: Apple Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 13.1.1 and iPadOS 13.1.1". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEM5FaaFRjww9EJgvRBz4uGe3y0M0FAl2OQv8ACgkQBz4uGe3y 0M0khhAAlJIPFCMoN9t7dBGCAv7pAN/DB4vdQQe0GMf4wRI9gYWEZCZs5GGl3DWl lki8MyOl4kImWJrgYdK+muLCFo4oMhm2ieAyPYau14n/4ZBITe/PIP3JQT0jn+BA mtY+H2Lf1fACX49bNjpkIC0j05r4JGk7yggki0IOIkUyaoFCmCUNR8fV7clP8RK1 UUvo4scZ90axMMk4YzCqAEnHTeoUhqaYyCXirUThpMHhsZjbRbUQ497OOQ1B/N5W QSx0fsor2N6XvHA7g0dR4XrM+4U3xQgsdyQabMoqZG4Ua9UBnZ5n0kQi53kwLKWL wJtNb9VB27MvnwE4WmoHJcJPqXDE/4RaXV1Vd6m/0LGlRIHQRragKHzfYJSUhZ80 xd8H/E9yisSWGfflRziw5haPAatPKNvkHEy7kwC2/skbQ4vpb/CXnToiNIsSBnDl vn+wdjeW1gcnl2+q+BrhTPU2/wSxl3jUncjfNpq6LPzk+O3m9IN3Q6MTib4xkfZo poNmT0qCcTIK+7BZ3j5INP51ZCz7n9otD3l7LEI7dcb0bP2rM9yZZfdLILsNOyXc uAS6IFoq4Gwclma3rYbD2mgKPu94DQWTsiSBS3ZqSk+mc4cKphNc2U0Qq9Li31zB EEbk4iAT3QemSf7aAII5VhfRE+UOQ69JdIwJvIiN/tA3t4VsibQ= =12Lw -----END PGP SIGNATURE-----

Huawei HG530 is a router that integrates ADSL2, broadband sharer, 4-port switch and 54M wireless access point. Huawei HG530 has a cross-site request forgery vulnerability. An attacker could use this vulnerability to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, or perform unauthorized operations.

Huawei HG530 is a router that integrates ADSL2, broadband sharer, 4-port switch and 54M wireless access point. Huawei HG530 Reboot Restore has an elevation of privilege vulnerability, which originates from the fact that the program does not perform complete verification and error detection on the file path. An attacker could exploit this vulnerability to upload privileges by uploading malicious software using the REST API.

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 displays sensitive information in HTTP requests which could be used in further attacks against the system. IBM X-Force ID: 160503. Vendors have confirmed this vulnerability IBM X-Force ID: 160503 It is released as.Information may be obtained. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. An attacker could exploit this vulnerability to obtain information

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a stored cross-site scripting vulnerability. A remote malicious ACM admin user may potentially exploit this vulnerability to store malicious HTML or JavaScript code in Cloud DR add-on specific field. When victim users access the page through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 contain a password storage vulnerability in the ACM component. A remote authenticated malicious user with root privileges may potentially use a support tool to decrypt encrypted passwords stored locally on the system to use it to access other components using the privileges of the compromised user. ACM is one of the application configuration management components

Dell EMC Integrated Data Protection Appliance versions prior to 2.3 do not limit the number of authentication attempts to the ACM API. An authenticated remote user may exploit this vulnerability to launch a brute-force authentication attack in order to gain access to the system. The vulnerability is due to the fact that the program does not limit the number of requests

IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 162769. Vendors have confirmed this vulnerability IBM X-Force ID: 162769 It is released as.Information may be obtained. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Mitsubishi Electric MELSEC FX5U PLC is the MELSEC FX series programmable logic controller (PLC) product of Japan's Mitsubishi Electric (Mitsubishi Electric) company. MITSUBISHI Electric FX5U-32MT/ES has a denial of service vulnerability. An attacker can use this vulnerability to cause a denial of service