VARIoT IoT vulnerabilities database

Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9150, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8996AU, QCS605, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SXR1130. plural Snapdragon The product contains an access control vulnerability.Information may be obtained and information may be altered. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-109678453, A-111089815, A-112279482, A-112278875, A-109678259, A-111088838, A-111092944, A-112278972, A-112279521, A-112279426, A-112279483, A-112279144, A-112279544, and A-119050566. Qualcomm MDM9640 is a central processing unit (CPU) product of Qualcomm (Qualcomm). An access control error vulnerability exists in several Qualcomm products; the vulnerability results from network systems or products not properly restricting access to resources from unauthorized roles. The following products are affected: Qualcomm MDM9150; MDM9615; MDM9625; MDM9635M; MDM9640; MDM9650; MDM9655; MSM8996AU; ;SD 850;SD 855;SD 8CX;SDA660;SDM630;SDM660;SDX20;SXR1130

A local file inclusion vulnerability exists in the web interface of Systrome Cumilon ISG-600C, ISG-600H, and ISG-800W 1.1-R2.1_TRUNK-20180914.bin devices. When the export function is called from system/maintenance/export.php, it accepts the path provided by the user, leading to path traversal via the name parameter. Systrome Cumilon ISG-600C is an integrated security gateway device of India SYSTORME company. An attacker could exploit this vulnerability to read arbitrary files. The following products and versions are affected: Systrome Cumilon ISG-600C with firmware version 1.1-R2.1_TRUNK-20180914; ISG-600H with firmware version 1.1-R2.1_TRUNK-20180914; ISG-800W

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack without authentication. D-Link DIR-823G There is an access control vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. D-LinkDIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G is prone to a denial-of-service vulnerability. D-Link DIR-823G firmware 1.02B03 is vulnerable; other versions may also be affected

png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. For the stable distribution (stretch), these problems have been fixed in version 60.7.0esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzlvbsACgkQEMKTtsN8 Tjbjdw//SFhYHCEUthqN3/dLBiaxWDgroWKROjsm13N+83Tc859m5oGFutT1X5Ry C57MaxZ6Jfv5lh2jnIzFbOOTc3iMZak5NhhvMeq/SK9FlR/IqZ3wXIzUELBC8o3v iEXZfD6MDycNnlhe4034zzwevxy4+/olXk1mU9ePsoO3LWkFIFRpkE5EhV+5ZIUh OPadgArSzVe2mS/+HpIAzAaJHii8fe3PmUprYzf1rNReR7NfA21mZtHiD/X57Sq4 NT6st/W8aqEblc57fcAMJJve3H7lvbPqB7GPoVsFhIauHV6Sa6/ks8cyqMiF5KLj dz7DSAFkdpd0cRF/94jWy13dzeZ3+koH4M4pdqk41R3Cb4VixNdBxMsJKsn25efE AbR/6rF6IFmWe0PswyHHPmwsd/+5w2r5Az/mlQn/3vVtVL8XoZLpGrLx4WT03Fi7 c9Ax/TniB/tAVseR7SkaawuvAzCtN9RtQ/7q7z9jEvSZV6AgYsQzQuCzn/jHXGuq Ay3coWxRAFBHTE4HgFrZRtZmRuoZ2lMIoN+jYiicZ9UAG5IXVexo9JWZGWR1QWnS U3AwK0Qi7firv3/lz3IgTdAdwK/P38nfVRtQmtZfnsk6wCDDp7F67Fb1kH4ZXPUl 0DjtVTaxSXqtsqDXhx6jS26w9n9NThax2+JRpdcAnDx5gyCu1zo= =r0k3 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: java-1.8.0-ibm security update Advisory ID: RHSA-2019:2737-01 Product: Red Hat Satellite Advisory URL: https://access.redhat.com/errata/RHSA-2019:2737 Issue date: 2019-09-11 CVE Names: CVE-2019-2762 CVE-2019-2769 CVE-2019-2786 CVE-2019-2816 CVE-2019-7317 CVE-2019-11772 CVE-2019-11775 ==================================================================== 1. Summary: An update for java-1.8.0-ibm is now available for Red Hat Satellite 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Satellite 5.8 (RHEL v.6) - s390x, x86_64 3. Description: IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40. Security Fix(es): * IBM JDK: Out-of-bounds access in the String.getBytes method (CVE-2019-11772) * IBM JDK: Failure to privatize a value pulled out of the loop by versioning (CVE-2019-11775) * OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) (CVE-2019-2762) * OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) (CVE-2019-2769) * OpenJDK: Missing URL format validation (Networking, 8221518) (CVE-2019-2816) * OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) (CVE-2019-2786) * libpng: use-after-free in png_image_free in png.c (CVE-2019-7317) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1672409 - CVE-2019-7317 libpng: use-after-free in png_image_free in png.c 1730056 - CVE-2019-2769 OpenJDK: Unbounded memory allocation during deserialization in Collections (Utilities, 8213432) 1730099 - CVE-2019-2816 OpenJDK: Missing URL format validation (Networking, 8221518) 1730255 - CVE-2019-2786 OpenJDK: Insufficient restriction of privileges in AccessController (Security, 8216381) 1730415 - CVE-2019-2762 OpenJDK: Insufficient checks of suppressed exceptions in deserialization (Utilities, 8212328) 1738547 - CVE-2019-11772 IBM JDK: Out-of-bounds access in the String.getBytes method 1738549 - CVE-2019-11775 IBM JDK: Failure to privatize a value pulled out of the loop by versioning 6. Package List: Red Hat Satellite 5.8 (RHEL v.6): s390x: java-1.8.0-ibm-1.8.0.5.40-1jpp.1.el6_10.s390x.rpm java-1.8.0-ibm-devel-1.8.0.5.40-1jpp.1.el6_10.s390x.rpm x86_64: java-1.8.0-ibm-1.8.0.5.40-1jpp.1.el6_10.x86_64.rpm java-1.8.0-ibm-devel-1.8.0.5.40-1jpp.1.el6_10.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-2762 https://access.redhat.com/security/cve/CVE-2019-2769 https://access.redhat.com/security/cve/CVE-2019-2786 https://access.redhat.com/security/cve/CVE-2019-2816 https://access.redhat.com/security/cve/CVE-2019-7317 https://access.redhat.com/security/cve/CVE-2019-11772 https://access.redhat.com/security/cve/CVE-2019-11775 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXXkN19zjgjWX9erEAQh/fg/9HFMBddvgH3NO7oY+Of9OO2bPeS8/P6BF LaupsMXf16Y8KZkFfOt6Gd2jFkXKkfhaRtF0fXzy95cl2UR9Rbhy3iU8Lscw954f MoLTXSsRLXYiu7FI78ZJhYKxskipJw9WWVnxNb5Agxkh+tuTQ1xWgL2n3XD9fpxr 9+S2h2Btau3I4VPVSECmgjat7j5wTZun2B4ptKThTWk8zMs79ZfuFugkXbvcD1kp 6ZQt4JtAmtQsKH9rCXsc9mPRea/XTBd5zZs28Gty7XVfSjgNSAG+hiQTcIKTN+Yg zfvEFvj6r+vGN5gekVc2BktMN2RdRusH45uj3Mk73gHRD883gB8Vndt0KRXRlTef Ghe3tD4c3RLyQdYhORmkNVp5jtMtGDoGNO8VpBXdWXjGpi/RzS/3LlKX3inZ+b6U 8KnnO50YkdMV7J37ll+RdrS93IBXqRstzpnwUZ48J5zBff5MAa/1ZDDuDpsefXz/ JEIjEZ+DEiMFllKDD1E48nsI8Cz03Y5m5Lj5MloNdxda6ZAzRNTOsL2caoDiSz+R CioMmOSs4NW870hGSzA6O239OIA3IYMhuucLiYu8rh67rBrwA27fIt0cNcR+Ixsw bR3M52/LZdJzx6aV4Z5pDAj2dbuYzvUE9Y5Upk51mCl94bA7OmRV3oLn62B32SsB mbahXGlbEcQ=jy51 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . (CVE-2019-2816) It was discovered that the ChaCha20Cipher implementation in OpenJDK did not use constant time computations in some situations. Some of the patched flaws are considered critical, and could be used to run attacker code and install software, requiring no user interaction beyond normal browsing. ========================================================================= Ubuntu Security Notice USN-4080-1 July 31, 2019 openjdk-8 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in OpenJDK. Software Description: - openjdk-8: Open Source Java implementation Details: Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side-channel attacks. An attacker could possibly use this to expose sensitive information. (CVE-2019-2745) It was discovered that OpenJDK did not sufficiently validate serial streams before deserializing suppressed exceptions in some situations. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service. (CVE-2019-2762) It was discovered that in some situations OpenJDK did not properly bound the amount of memory allocated during object deserialization. An attacker could use this to specially craft an object that, when deserialized, would cause a denial of service (excessive memory consumption). (CVE-2019-2769) It was discovered that OpenJDK did not properly restrict privileges in certain situations. An attacker could use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. (CVE-2019-2786) Jonathan Birch discovered that the Networking component of OpenJDK did not properly validate URLs in some situations. An attacker could use this to bypass restrictions on characters in URLs. (CVE-2019-2816) Nati Nimni discovered that the Java Cryptography Extension component in OpenJDK did not properly perform array bounds checking in some situations. An attacker could use this to cause a denial of service. (CVE-2019-2842) It was discovered that OpenJDK incorrectly handled certain memory operations. If a user or automated system were tricked into opening a specially crafted PNG file, a remote attacker could use this issue to cause OpenJDK to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2019-7317) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: openjdk-8-jdk 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jdk-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-headless 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-jamvm 8u222-b10-1ubuntu1~16.04.1 openjdk-8-jre-zero 8u222-b10-1ubuntu1~16.04.1 This update uses a new upstream release, which includes additional bug fixes. After a standard system update you need to restart any Java applications or applets to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] libpng (SSA:2019-107-01) New libpng packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/libpng-1.6.37-i586-1_slack14.2.txz: Upgraded. Fixed a memory leak in the ARM NEON implementation of png_do_expand_palette. Fixed a memory leak in pngtest.c. Fixed two vulnerabilities (CVE-2018-14048, CVE-2018-14550) in contrib/pngminus; refactor. For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14048 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14550 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated package for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libpng-1.6.37-i586-1_slack14.2.txz Updated package for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libpng-1.6.37-x86_64-1_slack14.2.txz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libpng-1.6.37-i586-1.txz Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libpng-1.6.37-x86_64-1.txz MD5 signatures: +-------------+ Slackware 14.2 package: 829f6c020ad10fe9b09e94bceb7fae26 libpng-1.6.37-i586-1_slack14.2.txz Slackware x86_64 14.2 package: e141813a42551a3c31df15b8495dc1a3 libpng-1.6.37-x86_64-1_slack14.2.txz Slackware -current package: 0f711d15bd85893a02f398b95b7d3f06 l/libpng-1.6.37-i586-1.txz Slackware x86_64 -current package: d8bdd5c1a73fa487c5f1a1a4b3ec2f63 l/libpng-1.6.37-x86_64-1.txz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg libpng-1.6.37-i586-1_slack14.2.txz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address

Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site. Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which isa cost-effective and helpful networking alternative for any locationwithout structured network wiring. Especially in buildings or residenceslacking network cables or where updating the wiring would be expensiveand complicated, Powerline adapters provide networking at high transmissionrates.The web application allows users to perform certain actions via HTTPrequests without performing any validity checks to verify the requests

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters. Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which isa cost-effective and helpful networking alternative for any locationwithout structured network wiring. Especially in buildings or residenceslacking network cables or where updating the wiring would be expensiveand complicated, Powerline adapters provide networking at high transmissionrates.The web application allows users to perform certain actions via HTTPrequests without performing any validity checks to verify the requests. Thedevolo web application uses predictable URL/form actions in a repeatable way.This can be exploited to perform certain actions with administrative privilegesif a logged-in user visits a malicious web site.Tested on: Linux 2.6.31

HiLEME is a miniature surveillance camera. HiLEME's ftp has an information disclosure vulnerability. Attackers can use the vulnerability to obtain sensitive information.

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to get sensitive information (such as MAC address) about all clients in the WLAN via the GetClientInfo HNAP API. Consequently, an attacker can achieve information disclosure without authentication. D-Link DIR-823G There is an access control vulnerability in the device firmware.Information may be obtained. D-LinkDIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G Router is prone to an information-disclosure vulnerability

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 request. This occurs when any HNAP API function triggers a call to the system function with untrusted input from the request body, such as a body of ' /bin/telnetd' for the GetDeviceSettingsset API function. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple D-Link Products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions. D-Link DIR-823G is a wireless router made by Taiwan D-Link Company. There is an operating system command injection vulnerability in D-Link DIR-823G using version 1.02B03 firmware. The vulnerability comes from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with firmware 1.02B03. There is incorrect access control allowing remote attackers to hijack the DNS service configuration of all clients in the WLAN, without authentication, via the SetWanSettings HNAP API. D-Link DIR-823G There is an access control vulnerability in the device firmware.Information may be tampered with. D-Link DIR-823G is a wireless router from D-Link Corporation of Taiwan, China. D-Link DIR-823G Router is prone to a remote security vulnerability. An attacker can leverage this issue to perform unauthorized actions. This may aid in further attacks. D-Link DIR-823G with firmware 1.02B03 version is vulnerable; other versions may also be affected

Dell OS10 versions prior to 10.4.2.1 contain a vulnerability caused by lack of proper input validation on the command-line interface (CLI). Dell OS10 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell Networking OS10 is prone to a remote arbitrary command-execution vulnerability because it fails to sanitize user-supplied input. A local attacker can exploit this issue to execute arbitrary commands with root privileges. Dell OS10 versions prior to 10.4.2.1 are vulnerable. Dell OS10 is a Linux-based network switch operating system developed by Dell

Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125(C00E125R2P14T8) have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This vulnerability can be exploited to perform operations beyond the scope of authorization. Huawei Honor V10 is a smartphone from China's Huawei

There is a double free vulnerability on certain drivers of Huawei Mate10 smartphones versions earlier than ALP-AL00B 9.0.0.181(C00E87R2P20T8). An attacker tricks the user into installing a malicious application, which makes multiple processes operate the same resource at the same time. Successful exploit could cause a denial of service condition. Huawei Mate10 Smartphones contain a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiMate10 is a smartphone product from China's Huawei company. A driver in the previous version of HuaweiMate10ALP-AL00B9.0.0.181 (C00E87R2P20T8) has a memory re-release vulnerability that an attacker can use to induce a user to install a malicious mobile phone application to cause a denial of service

An issue was discovered on D-Link DIR-823G devices with firmware through 1.02B03. A command Injection vulnerability allows attackers to execute arbitrary OS commands via shell metacharacters in a crafted /HNAP1 request. This occurs when the GetNetworkTomographyResult function calls the system function with an untrusted input parameter named Address. Consequently, an attacker can execute any command remotely when they control this input. D-Link DIR-823G Device firmware includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-LinkDIR-823G is a wireless router from (D-Link). A command injection vulnerability exists in D-LinkDIR-823G with firmware prior to 1.02B03. Multiple D-Link products are prone to a command-injection vulnerability. Failed exploit attempts will likely result in denial-of-service conditions

On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. A remote attacker could exploit this vulnerability to inject malicious content

On BIG-IP LTM 13.0.0 to 13.0.1 and 12.1.0 to 12.1.3.6, under certain conditions, the TMM may consume excessive resources when processing SSL Session ID Persistence traffic. BIG-IP LTM Contains a resource exhaustion vulnerability.Denial of service (DoS) May be in a state. F5 BIG-IP LTM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. The following versions of F5 BIG-IP LTM are vulnerable: 13.0.0 through 13.0.1 , 12.1.0 through 12.1.3, and 11.5.1 through 11.6.3. F5 BIG-IP LTM is a local traffic manager of F5 company in the United States

LibVNC through 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

LibVNC before 0.9.12 contains a heap out-of-bounds write vulnerability in libvncserver/rfbserver.c. The fix for CVE-2018-15127 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to multiple heap-based buffer overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause a denial-of-service condition. Versions prior to LibVNCServer 0.9.12 are vulnerable. Note: This issue is the result of an incomplete fix for issue CVE-2018-15127 described in 106820 (LibVNCServer CVE-2018-15127 Heap Buffer Overflow Vulnerability). ========================================================================== Ubuntu Security Notice USN-4547-1 September 28, 2020 italc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: It was discovered that an information disclosure vulnerability existed in the LibVNCServer vendored in iTALC when sending a ServerCutText message. An attacker could possibly use this issue to expose sensitive information. (CVE-2019-15681) It was discovered that the LibVNCServer and LibVNCClient vendored in iTALC incorrectly handled certain packet lengths. (CVE-2018-15127 CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: italc-client 1:3.0.3+dfsg1-3ubuntu0.1 italc-master 1:3.0.3+dfsg1-3ubuntu0.1 libitalccore 1:3.0.3+dfsg1-3ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4547-1 CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:3.0.3+dfsg1-3ubuntu0.1 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

ARM Trusted Firmware-A allows information disclosure. The product implements various Arm interface standards such as PSCI, SMC calling convention, SCMI and SDEI. An attacker could exploit this vulnerability to disclose information

Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL. Comodo UTM Firewall Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Comodo UTM Firewall is a UTM firewall developed by American Comodo Group. The product includes features such as antispam, content filtering, Web filtering and antivirus. Web Console is one of the web-based management console programs