VARIoT IoT vulnerabilities database

Jector Smart TV FM-K75 devices allow remote code execution because there is an adb open port with root permission. Jector Smart TV FM-K75 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Jector Smart TV FM-K75 is a smart TV. A security vulnerability exists in the Jector Smart TV FM-K75. A remote attacker could exploit this vulnerability to execute code

The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "suddenly accelerate" commands. This occurs because Bluetooth Low Energy commands have no server-side authentication check. Other affected commands include suddenly braking, locking, and unlocking. Xiaomi M365 Scooter is vulnerable to authorization.Information may be tampered with

An out-of-bounds read was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to leak memory. AppleAirPortBaseStation is a wireless router from Apple Inc. of the United States. A buffer overflow vulnerability exists in AppleAirPortBaseStation using firmware prior to 7.9.1. The vulnerability stems from a network system or product that does not properly validate data boundaries when performing operations on memory, causing erroneous read and write operations to be performed on other associated memory locations. An attacker could exploit the vulnerability to cause a buffer overflow or heap overflow. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. Apple AirPort Base Station could allow a remote malicious user to obtain sensitive information, caused by an out-of-bounds read error. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

A use after free issue was addressed with improved memory management. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. A resource management error vulnerability exists in Apple AirPort Base Stations using firmware versions prior to 7.9.1. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

The issue was addressed with improved data deletion. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A base station factory reset may not delete all user information. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. An attacker could exploit this vulnerability to gain access to user information. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Source-routed IPv4 packets were disabled by default. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. Source-routed IPv4 packets may be unexpectedly accepted. An attacker can use this vulnerability to cause a denial of service. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause arbitrary code execution. The vulnerability stems from improper design or implementation in the code development process of network systems or products. No detailed vulnerability details are currently provided. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

A denial of service issue was addressed with improved memory handling. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. An attacker in a privileged position may be able to perform a denial of service attack. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

A null pointer dereference was addressed with improved input validation. This issue is fixed in AirPort Base Station Firmware Update 7.8.1, AirPort Base Station Firmware Update 7.9.1. A remote attacker may be able to cause a system denial of service. Attackers can exploit these issues to execute arbitrary code, bypass security restrictions, gain sensitive information and cause denial-of-service conditions. CVE-2019-8581: Lucio Albornoz AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8588: Vince Cali (@0x56) AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause a system denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-6918: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8575: joshua stein AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved memory handling. CVE-2019-7291: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: Source-routed IPv4 packets may be unexpectedly accepted Description: Source-routed IPv4 packets were disabled by default. CVE-2019-8580: Maxime Villard AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: A remote attacker may be able to cause arbitrary code execution Description: A null pointer dereference was addressed with improved input validation. CVE-2019-8572: Maxime Villard Installation note: Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzwO9kACgkQeC9tht7T K3E14A/+LIUEHIyDAewGNwmeNdmIEg25JJQbn2GheSuEo3toK8OTxxo0JEqIp8wO gDEWxC4WUgLUUliu4QpBl0R3Jy573EF5WEzDF0vl9vP6/AP0X5LT0kkuK7GSpRTA 7N+zvRCRjLYtBsqhRxqDwpDfrCgmjjPTPbjpx/Mk94mpWcLIbmfp8a9JUVXWpm17 60hhkWIc4NP15uZZ1GAt2IiWE8ZnvQ3SiWtj/bbbdw9IX5KRbfyRs/rWOwqqIXpb 1SKZClEfTECZtbCyvg9jFK3hKKUbW/A7rfkCqQGkYPU1O4L5eBQY+o+V9Hkwg6V9 WdqUOLF+bA1NlwqXinBypf0wmLfMImRHEID0w0660T+2+l6sOrJOEZDuMy47ltYi newJ92HL79uvKvz3gkpRS84hrZlcmp7JAS8+c+BV2SriY3J5V8hIAVmjbkxAUOM8 wRv2FJXbvibo5eI+ceYOXZ/gMtsH5trlbskKHCoiYnhqxu4vXnNK4UKik7xn+QtB Q1UxDAA8VmlK9hw/PNrA9RuBsrkxBGj5Hwr0WpiZrmFsDoCiSdjMb3NltSmKL+nd 0TthDSbr7iHTPtkREORvf+4FjGXfwUnOa6/xjAI6JN/RLcjNdqMli6TBUlVMGa2C ZVmolUQCqoB82IwmFt2ZhuQIa2liLv5zOeJuXuZcGQ7GpoEynV8= =VaIH -----END PGP SIGNATURE-----

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. Century Star WebViewer.ocx control Fl *** initialization parameter has a stack overflow vulnerability. Attackers can trick users who install this control to visit malicious web pages, trigger vulnerabilities, remotely execute malicious code on the user's system, and ultimately gain control of the user's system. CSMaker Development system and CSViewer Composition of the operating system

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys HT8000 has a memory corruption vulnerability in the processing of sh *** files. An attacker can trick users who have installed HT8000 to open a malicious sh *** file. Or crash the program

Taiwan Yonghong Motor focuses on the high-function small and medium-sized PLC market. There is a memory corruption vulnerability in the FAT300 FD300 fpj project file. An attacker can trick the user into opening a malicious fpj file, execute malicious code, and finally gain control of the user system or crash the program

Century Star configuration software is a blocking software launched by Beijing Century Changqiu Technology Co., Ltd. It is a real-time human-machine interface utility generator, composed of CSMaker development system and CSViewer operating system. CenturyStar WebViewer.ocx control Da *** and other initialization parameter global variables have overflow vulnerabilities. Attackers can trick users who install this control to visit malicious web pages, trigger vulnerabilities, remotely execute malicious code on the user's system, and ultimately gain control of the user's system. CSMaker Development system and CSViewer Composition of the operating system

Hollysys Group is a professional automation company integrating R & D, production, sales and technical services. Hollysys HT8000 has a memory corruption vulnerability in the processing of sh *** files. An attacker can trick users who have installed HT8000 to open a malicious sh *** file. Or crash the program

Beijing Turing Kaiwu Technology Co., Ltd. is a company engaged in technology development; computer system services; data processing; basic software services; application software services and other projects. The Turing Kaiwu configuration software Studio.exe has a stack overflow vulnerability in processing SPJ files. An attacker can trick users into opening a project containing a malicious SPJ file, and then trigger the vulnerability, remotely execute malicious code on the user system, and finally gain control of the user system

TP-LINK is a brand of Pulian Technology Co., Ltd., which is the mainstream manufacturer engaged in the research, development, manufacturing and marketing of network and communication terminal equipment. A remote code execution vulnerability exists in the TP-Link Wi-Fi Extender. Allows an attacker to execute arbitrary shell commands on the target Wi-Fi extender. Failed attempts will likely cause a denial-of-service condition. TP-LINK Wi-Fi Range Extenders RE365, RE650, RE350 and RE500 are vulnerable

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iCloud for Windows 7.12, tvOS 12.3, iTunes 12.9.5 for Windows, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. Processing a maliciously crafted font may result in the disclosure of process memory. plural Apple The product has an out-of-bounds read vulnerability due to a flawed boundary check.Processing maliciously created fonts can expose process memory. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation * Arbitrary code execution * information leak * Service operation interruption (DoS). Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. The CTFramesetterCreateWithAttributedString method in Apple macOS has a buffer error vulnerability, which is caused by the program's lack of validation of user-supplied data. Attackers can use malicious files or pages to exploit this vulnerability to disclose sensitive information

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Video Recording Manager (VRM), Video Streaming Gateway (VSG), Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The vulnerability potentially allows the unauthorized execution of code in the system via the network interface. plural Bosch The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Bosch DIVAR IP 2000 and so on are all products of Bosch Company in Germany. Bosch DIVAR IP 2000 is a 2000 series video recorder. Video Recording Manager (VRM) is a video recording manager. Bosch DIVAR IP 3000 is a 3000 series video recorder. A buffer overflow vulnerability exists in several Bosch products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS) versions 9.0 and below, DIVAR IP 2000, 3000, 5000 and 7000, Configuration Manager, Building Integration System (BIS) with Video Engine, Access Professional Edition (APE), Access Easy Controller (AEC), Bosch Video Client (BVC) and Video SDK (VSDK). The RCP+ network port allows access without authentication. Adding authentication feature to the respective library fixes the issue. The issue is classified as "CWE-284: Improper Access Control." This vulnerability, for example, allows a potential attacker to delete video or read video data. plural Bosch The product contains an access control vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Bosch DIVAR IP 2000 and so on are all products of Bosch Company in Germany. Bosch DIVAR IP 2000 is a 2000 series video recorder. Video Recording Manager (VRM) is a video recording manager. Bosch DIVAR IP 3000 is a 3000 series video recorder. An access control error vulnerability exists in several Bosch products. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

A CSRF (Cross Site Request Forgery) in the web interface of the Yeahlink Ultra-elegant IP Phone SIP-T41P firmware version 66.83.0.35 allows a remote attacker to trigger code execution or settings modification on the device by providing a crafted link to the victim. Yeahlink Ultra-elegant IP Phone SIP-T41P The firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Yealink Ultra-elegant IP Phone SIP-T41P is an IP phone produced by China Yealink. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client