VARIoT IoT vulnerabilities database

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or upgrade firmware request to trigger this vulnerability. Anker Roav A1 Dashcam Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Novatek NT9665X Chipset is a chip for camera equipment. The vulnerability stems from the failure of the network system or product to properly validate the input data

In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/pin" and $rphyinf2."/media/wps/enrollee/pin" and $rphyinf3."/media/wps/enrollee/pin" internal configuration memory without any regex checking. And in the do_wps function of the wps.php source code, the data in $rphyinf3."/media/wps/enrollee/pin" is used with the wpatalk command without any regex checking. A vulnerable /HNAP1/SetWiFiVerifyAlpha XML message could have shell metacharacters in the WPSPIN element such as the `telnetd` string. D-Link DIR-822 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 is a wireless router produced by Taiwan D-Link Company. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. ASUS RT-AC3200 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUS RT-AC3200 is a wireless router manufactured by Taiwan ASUS Corporation. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

In the /HNAP1/SetQoSSettings message, the uplink parameter is vulnerable, and the vulnerability affects D-Link DIR-822 Rev.B 202KRb06 and DIR-822 Rev.C 3.10B06 devices. In the SetQoSSettings.php source code, the uplink parameter is saved in the /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth internal configuration memory without any regex checking. And in the bwc_tc_spq_start, bwc_tc_wfq_start, and bwc_tc_adb_start functions of the bwcsvcs.php source code, the data in /bwc/entry:1/bandwidth and /bwc/entry:2/bandwidth is used with the tc command without any regex checking. A vulnerable /HNAP1/SetQoSSettings XML message could have shell metacharacters in the uplink element such as the `telnetd` string. D-Link DIR-822 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 is a wireless router produced by Taiwan D-Link Company. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

D-Link DIR-822 Rev.B 202KRb06, DIR-822 Rev.C 3.10B06, DIR-860L Rev.B 2.03.B03, DIR-868L Rev.B 2.05B02, DIR-880L Rev.A 1.20B01_01_i3se_BETA, and DIR-890L Rev.A 1.21B02_BETA devices mishandle IsAccessPoint in /HNAP1/SetAccessPointMode. In the SetAccessPointMode.php source code, the IsAccessPoint parameter is saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. A vulnerable /HNAP1/SetAccessPointMode XML message could have shell metacharacters in the IsAccessPoint element such as the `telnetd` string. plural D-Link Product devices contain a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 and so on are all wireless routers produced by Taiwan D-Link Company. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands. The following products and versions are affected: D-Link DIR-822 Rev.B 202KRb06; DIR-822 Rev.C 3.10B06; DIR-860L Rev.B 2.03.B03; DIR-868L Rev.B 2.05B02; DIR-880L Rev.A 1.20B01_01_i3se_BETA, version; DIR-890L Rev.A 1.21B02_BETA version

In the /HNAP1/SetRouterSettings message, the RemotePort parameter is vulnerable, and the vulnerability affects D-Link DIR-818LW Rev.A 2.05.B03 and DIR-822 B1 202KRb06 devices. In the SetRouterSettings.php source code, the RemotePort parameter is saved in the $path_inf_wan1."/web" internal configuration memory without any regex checking. And in the IPTWAN_build_command function of the iptwan.php source code, the data in $path_inf_wan1."/web" is used with the iptables command without any regex checking. A vulnerable /HNAP1/SetRouterSettings XML message could have shell metacharacters in the RemotePort element such as the `telnetd` string. DIR-818LW and DIR-822 The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-822 and so on are all wireless routers produced by Taiwan D-Link Company. There is an operating system command injection vulnerability in /HNAP1/SetAccessPointMode in several D-Link products. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands. The following products and versions are affected: D-Link DIR-822 Rev.B 202KRb06; DIR-822 Rev.C 3.10B06; DIR-860L Rev.B 2.03.B03; DIR-868L Rev.B 2.05B02; DIR-880L Rev.A 1.20B01_01_i3se_BETA, version; DIR-890L Rev.A 1.21B02_BETA version

In the /HNAP1/SetClientInfoDemo message, the AudioMute and AudioEnable parameters are vulnerable, and the vulnerabilities affect D-Link DIR-868L Rev.B 2.05B02 devices. In the SetClientInfoDemo.php source code, the AudioMute and AudioEnble parameters are saved in the ShellPath script file without any regex checking. After the script file is executed, the command injection occurs. It needs to bypass the wget command option with a single quote. A vulnerable /HNAP1/SetClientInfoDemo XML message could have single quotes and backquotes in the AudioMute or AudioEnable element, such as the '`telnetd`' string. D-Link DIR-868L The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-Link DIR-868L is a wireless router made by Taiwan D-Link Company. The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

A vulnerability in the logic that handles access control to one of the hardware components in Cisco's proprietary Secure Boot implementation could allow an authenticated, local attacker to write a modified firmware image to the component. This vulnerability affects multiple Cisco products that support hardware-based Secure Boot functionality. The vulnerability is due to an improper check on the area of code that manages on-premise updates to a Field Programmable Gate Array (FPGA) part of the Secure Boot hardware implementation. An attacker with elevated privileges and access to the underlying operating system that is running on the affected device could exploit this vulnerability by writing a modified firmware image to the FPGA. A successful exploit could either cause the device to become unusable (and require a hardware replacement) or allow tampering with the Secure Boot verification process, which under some circumstances may allow the attacker to install and boot a malicious software image. An attacker will need to fulfill all the following conditions to attempt to exploit this vulnerability: Have privileged administrative access to the device. Be able to access the underlying operating system running on the device; this can be achieved either by using a supported, documented mechanism or by exploiting another vulnerability that would provide an attacker with such access. Develop or have access to a platform-specific exploit. An attacker attempting to exploit this vulnerability across multiple affected platforms would need to research each one of those platforms and then develop a platform-specific exploit. Although the research process could be reused across different platforms, an exploit developed for a given hardware platform is unlikely to work on a different hardware platform. Cisco's Trust Anchor module (TAm) can be bypassed through manipulating the bitstream of the Field Programmable Gate Array (FPGA). Additionally, Cisco's IOS XE web UI improperly sanitizes user-input, and could allow an authenticated, remote attack to execute commands. An authenticated, remote attacker could execute commands as root on the vulnerable device. A local attacker can leverage this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. This issue is being tracked by Cisco Bug IDsCSCvn77141, CSCvn77142,CSCvn77143,CSCvn77147, CSCvn77150, CSCvn77151, CSCvn77152, CSCvn77153, CSCvn77154, CSCvn77155,CSCvn77156, CSCvn77158, CSCvn77159, CSCvn77160, CSCvn77162, CSCvn77166, CSCvn77167, CSCvn77168, CSCvn77169, CSCvn77170, CSCvn77171, CSCvn77172, CSCvn77175, CSCvn77180, CSCvn77181, CSCvn77182, CSCvn77183, CSCvn77184, CSCvn77185, CSCvn77191, CSCvn77201, CSCvn77202, CSCvn77205, CSCvn77207, CSCvn77209, CSCvn77212, CSCvn77219, CSCvn77220, CSCvn77245, CSCvn77246, CSCvn77248, CSCvn77249, CSCvn89137, CSCvn89138, CSCvn89140, CSCvn89143, CSCvn89144, CSCvn89145, CSCvn89146,CSCvn89150, and CSCvp42792. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, tvOS 12.3, watchOS 5.2.1. A remote attacker may be able to cause arbitrary code execution. Apple Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Insufficient access restrictions * Privilege escalation * Service operation interruption (DoS) * Sandbox avoidance * Information falsification * information leak * Arbitrary code execution. Failed exploit attempts will likely result in denial-of-service conditions. Both Apple iOS and Apple watchOS are products of Apple Inc. in the United States. Apple iOS is an operating system developed for mobile devices. Mail Message Framework is one of the email message frameworks. A resource management error vulnerability exists in the Mail Message Framework component in Apple iOS versions prior to 12.3 and watchOS versions prior to 5.2.1. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-4 watchOS 5.2.1 watchOS 5.2.1 is now available and addresses the following: AppleFileConduit Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) CoreAudio Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: Apple Watch Series 1 and later Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: Apple Watch Series 1 and later Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Mail Available for: Apple Watch Series 1 and later Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: Apple Watch Series 1 and later Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: Apple Watch Series 1 and later Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) SQLite Available for: Apple Watch Series 1 and later Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: Apple Watch Series 1 and later Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: Apple Watch Series 1 and later Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research sysdiagnose Available for: Apple Watch Series 1 and later Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: Apple Watch Series 1 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero Wi-Fi Available for: Apple Watch Series 1 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EsdA/7 BI575/+FpdHwLot0f7lOojOxmzIXi42mNBINAsGRj8Maaz/dvBErOf4p3viMLLWp bhkHfqdvlPH6C0/vx+Nlzs7M+XSX+MqQIQi5D4bGqem59DD9UibZb+MPX4gbICSp JVkIGIA2yM4u5VciJzGyqfBIap3EEOqhyCzr50eiG7BCXX0/Vx9HxhViyEbl2Yeq x4h2WsUi5WI8bDdRfnH8zOMCWlOgv7jzbo/bGAeZDhlDTSxBlVvbApOtpbBbRPMD +BPhlzldxEPFmv4f05otW1z9sH6pv7LO2k5//h5ZL/Xox49LW1ZQTmtim44W7dIj Qq5OE3ttpckVyv2zQlUEeLDAQ3WYihQYR7h8BUalMo5We515OXzyZBHfn5a4uCkZ +wCKolQ8l+wQIt6zbNgLMRPM/CZ644sP1M8nUE6fXLENbN1hUW6S0DLWjDIJgKuS xbfgcfTXde6zHGdh2IPnpexU1ZzHG94l+c2KKbCjwr1YuazMFVEcrsCsjwTAZ5xP hKs5Uuygwa/IGEuMWPzjCtZCLK8nf5sbctRV9ENyUjzDf/YWfZ9Wmmew3MIVwDfQ BaAeTQk49Rp+QczIXmArijS/rxu5ODUwOY/7c/QS6rWB6B3LVTQotcWXTxZ/RLTg pfnIwbEjwi7VVEAY1vFBs/SzV7YCu0r3Q7g5t9ldiY8= =E5sS -----END PGP SIGNATURE-----

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges. Failed exploit attempts will likely result in denial-of-service conditions. Apple iOS, etc. are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple tvOS is a smart TV operating system. Apple macOS Mojave is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. A resource management error vulnerability exists in the Kernel component of several Apple products. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. The following products and versions are affected: Apple iOS prior to 12.3; macOS Mojave prior to 10.14.5; tvOS prior to 12.3; watchOS prior to 5.2.1. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-5-13-1 iOS 12.3 iOS 12.3 is now available and addresses the following: AppleFileConduit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8593: Dany Lisiansky (@DanyL931) Contacts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research CoreAudio Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Disk Images Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero Lock Screen Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to see the email address used for iTunes Description: A logic issue was addressed with improved restrictions. CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of North Florida Mail Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing a maliciously crafted message may lead to a denial of service Description: An input validation issue was addressed with improved input validation. CVE-2019-8626: Natalie Silvanovich of Google Project Zero Mail Message Framework Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8613: Natalie Silvanovich of Google Project Zero MobileInstallation Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) MobileLockdown Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to gain root privileges Description: An input validation issue was addressed with improved input validation. CVE-2019-8637: Dany Lisiansky (@DanyL931) Photos Storage Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8617: an anonymous researcher SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research SQLite Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: The lock screen may show a locked icon after unlocking Description: The issue was addressed with improved UI handling. CVE-2019-8630: Jon M. Morlan StreamingZip Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931) sysdiagnose Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo) WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team WebKit Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt Additional recognition Clang We would like to acknowledge Brandon Azad of Google Project Zero for their assistance. CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent's Xuanwu Lab for their assistance. Kernel We would like to acknowledge Brandon Azad of Google Project Zero and an anonymous researcher for their assistance. MediaLibrary We would like to acknowledge Angel Ramirez and Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. for their assistance. MobileInstallation We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance. Safari We would like to acknowledge Ben Guild (@benguild) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12.3". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlzZrUopHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3FJJxAA hLu4GEYEBPNLxDWhh49P7k7pe33N8cguJw2iPt6sYkF9swBwzL1AC1y0WiNJejGT Y0PPMG7evpaEVGQwCZvHarNT4g35OUeHdHy4gYAIPfTY15G25jmELL4YTJutWQ0O z6KseXhEq9EqpHKlsT5Q6QOEoUyXVHan33d+H9+4t/jQHFvDqMmwHWO7bKlYyhWW ctG8jbXSgy/OFjSrmbPhfbBfDXQHah8GsFGJAFtlWk+UtQhXNifJT1tj9XAKDtGK V5EQ/hYkYRyyeNPXLiZ/wn6Jesbg8QIrmZB2RHAl1w8XZZY2Gsd1//dTXqn1LkqK gwOV0+Vs//LJwIqix435KKc0ULMwJjIfKy9whzPyf+4lqcD4kx4OdQrakZz4+L7g 4ZZeeyJ0LFFnO4eavtn6lVrYcTXVhJlRkJ6cWZcf9Dfr28bPTSSHda1Nd9quZFJn QPFt7CHRPL1MelgfDKZNeTy7WUDnoTwbdMZCyd0MszCxCeaSahny7066jmfKyXGI OoQQyyz96OmBABcqG3WeCRSeJ3ymmoy2d+JzjA4boIHo4k+nq5ifKikyI8qiHIBB uS3K3DEzMSj/0u2vNcDMjQ6vogbxeWnK8fxCCxkfedYZEdHg4Oj4lK1HStbhweoJ cB3S2pWUIPt8HRcnbUYgypZ0ZJgtnTom+0mgi3a0+64= =fsAj -----END PGP SIGNATURE-----

A security vulnerability in the HPE Virtual Connect SE 16Gb Fibre Channel Module for HPE Synergy running firmware 5.00.50, which is part of the HPE Synergy Custom SPP 2018.11.20190205, could allow local or remote unauthorized elevation of privilege. HPE Synergy running Firmware contains vulnerabilities related to authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

An issue was discovered on XiongMai Besder IP20H1 V4.02.R12.00035520.12012.047500.00200 cameras. An attacker on the same local network as the camera can craft a message with a size field larger than 0x80000000 and send it to the camera, related to an integer overflow or use of a negative number. This then crashes the camera for about 120 seconds. xiongmaitech of besder ip20h1 An integer overflow vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. XiongMai Besder IP20H1 is an IP camera produced by China XiongMai Technology (XiongMai). An input validation error vulnerability exists in XiongMai Besder IP20H1 4.02.R12.00035520.12012.047500.00200 version. The vulnerability stems from the failure of the network system or product to properly validate the input data

An HTML Injection vulnerability has been discovered on the RICOH SP 4520DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn or entryDisplayNameIn parameter. RICOHSP4520DN is a multi-function printer from Ricoh (RICOH). There is a code injection vulnerability in RICOHSP4520DN. This vulnerability is caused by the external input data constructing code segment. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to generate illegal code segments and modify the network system or component. The expected execution control flow. RICOH SP 4520DN is a multi-function printer produced by Ricoh Corporation of Japan. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

An HTML Injection vulnerability has been discovered on the RICOH SP 4510DN via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter. RICOHSP4510DN is a multi-function printer from Ricoh (RICOH). There is a code injection vulnerability in RICOHSP4510DN. This vulnerability is caused by the external input data constructing code segment. The network system or product does not properly filter the special elements. The attacker can use this vulnerability to generate illegal code segments and modify the network system or component. The expected execution control flow. RICOH SP 4510DN is a multi-function printer produced by Ricoh Corporation of Japan. The vulnerability stems from the fact that the network system or product lacks correct verification of user input data during the operation process of user input to construct commands, data structures, or records, and does not filter or correctly filter out special elements in it, resulting in parsing or failure of the system or product. Wrong way of interpreting

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. (Exploit prerequisites are the same as for CVE-2018-1052). postgresql Contains an information disclosure vulnerability.Information may be obtained. PostgreSQL is a set of free object relational database management system organized by PostgreSQL. The system supports most SQL standards and provides many other features, such as foreign keys, triggers, views, and more. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: PostgreSQL: Multiple vulnerabilities Date: March 12, 2020 Bugs: #685846, #688420, #709708 ID: 202003-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in the execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/postgresql < 9.4.26:9.4 >= 9.4.26:9.4 < 9.5.21:9.5 >= 9.5.21:9.5 < 9.6.17:9.6 >= 9.6.17:9.6 < 10.12:10 >= 10.12:10 < 11.7:11 >= 11.7:11 < 12.2:12 >= 12.2:12 Description =========== Multiple vulnerabilities have been discovered in PostgreSQL. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, bypass certain client-side connection security features, read arbitrary server memory, alter certain data or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All PostgreSQL 9.4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.4.26:9.4" All PostgreSQL 9.5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.5.21:9.5" All PostgreSQL 9.6.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-9.6.17:9.6" All PostgreSQL 10.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-10.12:10" All PostgreSQL 11.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-11.7:11" All PostgreSQL 12.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/postgresql-12.2:12" References ========== [ 1 ] CVE-2019-10129 https://nvd.nist.gov/vuln/detail/CVE-2019-10129 [ 2 ] CVE-2019-10130 https://nvd.nist.gov/vuln/detail/CVE-2019-10130 [ 3 ] CVE-2019-10164 https://nvd.nist.gov/vuln/detail/CVE-2019-10164 [ 4 ] CVE-2020-1720 https://nvd.nist.gov/vuln/detail/CVE-2020-1720 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-3972-1 May 13, 2019 postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in PostgreSQL. This issue only affected Ubuntu 19.04. (CVE-2019-10129) Dean Rasheed discovered that PostgreSQL incorrectly handled selectivity estimators. A remote attacker could possibly use this issue to bypass row security policies. (CVE-2019-10130) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: postgresql-11 11.3-0ubuntu0.19.04.1 Ubuntu 18.10: postgresql-10 10.8-0ubuntu0.18.10.1 Ubuntu 18.04 LTS: postgresql-10 10.8-0ubuntu0.18.04.1 Ubuntu 16.04 LTS: postgresql-9.5 9.5.17-0ubuntu0.16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart PostgreSQL to make all the necessary changes. References: https://usn.ubuntu.com/usn/usn-3972-1 CVE-2019-10129, CVE-2019-10130 Package Information: https://launchpad.net/ubuntu/+source/postgresql-11/11.3-0ubuntu0.19.04.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.10.1 https://launchpad.net/ubuntu/+source/postgresql-10/10.8-0ubuntu0.18.04.1 https://launchpad.net/ubuntu/+source/postgresql-9.5/9.5.17-0ubuntu0.16.04.1

The EnGenius EWS660AP router with firmware 2.0.284 allows an attacker to execute arbitrary commands using the built-in ping and traceroute utilities by using different payloads and injecting multiple parameters. This vulnerability is fixed in a later firmware version. EnGenius EWS660AP There is a command injection vulnerability in the router firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EnGenius Technologies EWS660AP is a wireless access point device produced by EnGenius Technologies in the United States. An attacker could exploit this vulnerability to execute arbitrary commands

Information exposure through process environment vulnerability in Synology Calendar before 2.3.3-0620 allows local users to obtain credentials via cmdline. Synology Calendar Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Synology Calendar is a file protection program run on Synology NAS (Network Storage Server) devices by Synology, a Taiwan-based company. A trust management issue vulnerability exists in Synology Calendar prior to 2.3.3-0620. This vulnerability stems from the lack of an effective trust management mechanism in network systems or products. Attackers can use default passwords or hard-coded passwords, hard-coded certificates, etc. to attack affected components

The Chuango 433 MHz burglar-alarm product line is vulnerable to a Denial of Service attack. When the condition is triggered, the OV2 base station is unable to process sensor states and effectively prevents the alarm from setting off, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System. plural Chuango The product contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Chuango Wifi Alarm System, etc. are a set of security alarm systems of China Chuango Company. Security flaws exist in several Chuango products. The following products and versions are affected: Chuango Wifi Alarm System (all versions); Chuango Wifi/Cellular Smart Home System H4 Plus (all versions); Wifi Alarm System AWV Plus (all versions); G5W 3G (all versions); GSM/SMS /RFID Touch Alarm System G5 Plus (all versions); Chuango GSM/SMS Alarm System G3 (all versions); G5W (all versions); Dual-Network Alarm System B11 (all versions); PSTN Alarm System A8 (all versions); PSTN/LCD/RFID Touch Alarm System A11 (all versions); CG-105S On-Site Alarm System (all versions)

An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. Winco Fireworks FireFly FW-1007 is a firework launch control system. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles

Hikvision is a video-centric IoT solution provider, providing integrated security, smart business and big data services. Hikvision cameras in 2013 and earlier versions have weak password vulnerabilities. Attackers can use weak passwords to remotely connect and control the camera.