VARIoT IoT vulnerabilities database

CVE-2024-10387 IMPACT A Denial-of-Service vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in Denial-of-Service. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time. Rockwell Automation ThinManager has a denial of service vulnerability

CVE-2024-10386 IMPACT An authentication vulnerability exists in the affected product. The vulnerability could allow a threat actor with network access to send crafted messages to the device, potentially resulting in database manipulation. Rockwell Automation of thinmanager Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, USA. It allows thin clients to be assigned to multiple remote desktop servers at the same time

In valid_address of syscall.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability, which is caused by incorrect boundary checking in valid_address of syscall.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. The vulnerability is caused by the lack of boundary checking. Attackers can use this vulnerability to read local information out of bounds

In lwis_allocator_free of lwis_allocator.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google Inc. Google Pixel has a memory misreference vulnerability. The vulnerability is caused by a use-after-free in lwis_allocator_free in lwis_allocator.c

In TrustySharedMemoryManager::GetSharedMemory of ondevice/trusty/trusty_shared_memory_manager.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a buffer overflow vulnerability in Google Pixel. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ffu_flash_pack of ffu.c, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an integer overflow vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause out-of-bounds reading

In sm_mem_compat_get_vmm_obj of lib/sm/shared_mem.c, there is a possible arbitrary physical memory access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause memory access

In gsc_gsa_rescue of gsc_gsa.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone from Google Inc. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by incorrect boundary checking in gsc_gsa_rescue of gsc_gsa.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In vring_size of external/headers/include/virtio/virtio_ring.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Attackers can exploit this vulnerability to cause out-of-bounds write

In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in sms_ExtractCbLanguage of sms_CellBroadcast.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ProtocolEmbmsSaiListAdapter::Init() of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in ProtocolEmbmsSaiListAdapter::Init of protocolembmsadapter.cpp. Attackers can exploit this vulnerability to cause out-of-bounds reading

In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible out of bounds read due to a buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Google Pixel is a smartphone produced by Google in the United States. The vulnerability is caused by the lack of boundary check in pmucal_rae_handle_seq_int of flexpmu_cal_rae.c. Attackers can exploit this vulnerability to cause out-of-bounds reading

In ProtocolMiscHwConfigChangeAdapter::GetData() of protocolmiscadapter.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States. There is a buffer overflow vulnerability in Google Pixel. The vulnerability is caused by the lack of boundary check in protocolmiscmiscadapter.cpp of protocolmiscHwConfigChangeAdapter::GetData. Attackers can exploit this vulnerability to cause out-of-bounds reading

In mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google of Android Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Google Pixel is a smartphone produced by Google in the United States. Google Pixel has a buffer overflow vulnerability. The vulnerability is caused by incorrect boundary checking in mm_GetMobileIdIndexForNsUpdate of mm_GmmPduCodec.c. Attackers can exploit this vulnerability to cause out-of-bounds write

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Google Pixel is a smartphone produced by Google in the United States

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, resulting in a reflected cross-site scripting vulnerability. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-48870 )

Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability. Potential impacts vary depending on the vulnerability, but may include the following: * Crafted HTTP Processing the request causes the product to hang (( CVE-2024-42420 , CVE-2024-43424 , CVE-2024-45829 ) * Crafted HTTP Processing the request allows access to files inside the product (( CVE-2024-45842 ) * Settings registered by a user without administrator privileges API is used (( CVE-2024-47005 ) * Of the product Web The page authentication mechanism is bypassed. (( CVE-2024-47406 ) * A crafted image showing the product URL If you access Web Arbitrary script execution on the browser (( CVE-2024-47549 , CVE-2024-47801 ) * By inputting specially crafted input into the product by a user with administrator privileges, arbitrary scripts can be executed on the web browser of other users who access the product. (( CVE-2024-48870 )