VARIoT IoT vulnerabilities database

IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894. IBM DataPower Gateway Contains an access control vulnerability. Vendors have confirmed this vulnerability IBM X-Force ID: 144894 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. IBM DataPower Gateway is a security and integration platform specially designed for mobile, cloud, application programming interface (API), network, service-oriented architecture (SOA), B2B and cloud workloads. The platform secures, integrates and optimizes access across channels with a dedicated gateway platform

ShopsN single merchant b2c mall system is an open source online shop system developed using PHP + MySQL. There is a SQL injection vulnerability in the cancel_order function of the ShopsN single merchant b2c mall system v2.3.6 Or ***. Class.php file. An attacker can use this vulnerability to obtain the administrator account password.

ShopsN single merchant b2c mall system is an open source online shop system developed using PHP + MySQL. There is a SQL injection vulnerability in the order_del function of the ShopsN single merchant b2c mall system v2.3.6 Or ***. Class.php file. An attacker can use this vulnerability to obtain the administrator account password.

Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * information leak * Privilege escalation * Service operation interruption (DoS)

An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. OpenSSH Contains an access control vulnerability.Information may be obtained and information may be altered. OpenSSH is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. OpenSSH 7.9 version is vulnerable; other versions may also be affected. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: OpenSSH: Multiple vulnerabilities Date: March 20, 2019 Bugs: #675520, #675522 ID: 201903-16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to gain unauthorized access. Please review the CVE identifiers referenced below for details. Workaround ========== There is no known workaround at this time. Resolution ========== All OpenSSH users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/openssh-7.9_p1-r4" References ========== [ 1 ] CVE-2018-20685 https://nvd.nist.gov/vuln/detail/CVE-2018-20685 [ 2 ] CVE-2019-6109 https://nvd.nist.gov/vuln/detail/CVE-2019-6109 [ 3 ] CVE-2019-6110 https://nvd.nist.gov/vuln/detail/CVE-2019-6110 [ 4 ] CVE-2019-6111 https://nvd.nist.gov/vuln/detail/CVE-2019-6111 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201903-16 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: openssh security, bug fix, and enhancement update Advisory ID: RHSA-2019:3702-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3702 Issue date: 2019-11-05 CVE Names: CVE-2018-20685 CVE-2019-6109 CVE-2019-6111 ===================================================================== 1. Summary: An update for openssh is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. The following packages have been upgraded to a later upstream version: openssh (8.0p1). Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. 1686065 - SSH connections get closed when time-based rekeyring is used and ClientAliveMaxCount=0 1691045 - Rebase OpenSSH to latest release (8.0p1?) 1707485 - Use high-level API to do signatures 1712436 - MD5 is used when writing password protected PEM 1732424 - ssh-keygen -A fails in FIPS mode because of DSA key 1732449 - rsa-sha2-*-cert-v01@openssh.com host key types are ignored in FIPS despite being in the policy 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: openssh-askpass-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm ppc64le: openssh-askpass-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm s390x: openssh-askpass-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm x86_64: openssh-askpass-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: openssh-8.0p1-3.el8.src.rpm aarch64: openssh-8.0p1-3.el8.aarch64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-cavs-8.0p1-3.el8.aarch64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-clients-8.0p1-3.el8.aarch64.rpm openssh-clients-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-debugsource-8.0p1-3.el8.aarch64.rpm openssh-keycat-8.0p1-3.el8.aarch64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-ldap-8.0p1-3.el8.aarch64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.aarch64.rpm openssh-server-8.0p1-3.el8.aarch64.rpm openssh-server-debuginfo-8.0p1-3.el8.aarch64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.aarch64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.aarch64.rpm ppc64le: openssh-8.0p1-3.el8.ppc64le.rpm openssh-askpass-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-cavs-8.0p1-3.el8.ppc64le.rpm openssh-cavs-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-clients-8.0p1-3.el8.ppc64le.rpm openssh-clients-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-debugsource-8.0p1-3.el8.ppc64le.rpm openssh-keycat-8.0p1-3.el8.ppc64le.rpm openssh-keycat-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-ldap-8.0p1-3.el8.ppc64le.rpm openssh-ldap-debuginfo-8.0p1-3.el8.ppc64le.rpm openssh-server-8.0p1-3.el8.ppc64le.rpm openssh-server-debuginfo-8.0p1-3.el8.ppc64le.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.ppc64le.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.ppc64le.rpm s390x: openssh-8.0p1-3.el8.s390x.rpm openssh-askpass-debuginfo-8.0p1-3.el8.s390x.rpm openssh-cavs-8.0p1-3.el8.s390x.rpm openssh-cavs-debuginfo-8.0p1-3.el8.s390x.rpm openssh-clients-8.0p1-3.el8.s390x.rpm openssh-clients-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debuginfo-8.0p1-3.el8.s390x.rpm openssh-debugsource-8.0p1-3.el8.s390x.rpm openssh-keycat-8.0p1-3.el8.s390x.rpm openssh-keycat-debuginfo-8.0p1-3.el8.s390x.rpm openssh-ldap-8.0p1-3.el8.s390x.rpm openssh-ldap-debuginfo-8.0p1-3.el8.s390x.rpm openssh-server-8.0p1-3.el8.s390x.rpm openssh-server-debuginfo-8.0p1-3.el8.s390x.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.s390x.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.s390x.rpm x86_64: openssh-8.0p1-3.el8.x86_64.rpm openssh-askpass-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-cavs-8.0p1-3.el8.x86_64.rpm openssh-cavs-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-clients-8.0p1-3.el8.x86_64.rpm openssh-clients-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-debugsource-8.0p1-3.el8.x86_64.rpm openssh-keycat-8.0p1-3.el8.x86_64.rpm openssh-keycat-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-ldap-8.0p1-3.el8.x86_64.rpm openssh-ldap-debuginfo-8.0p1-3.el8.x86_64.rpm openssh-server-8.0p1-3.el8.x86_64.rpm openssh-server-debuginfo-8.0p1-3.el8.x86_64.rpm pam_ssh_agent_auth-0.10.3-7.3.el8.x86_64.rpm pam_ssh_agent_auth-debuginfo-0.10.3-7.3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-20685 https://access.redhat.com/security/cve/CVE-2019-6109 https://access.redhat.com/security/cve/CVE-2019-6111 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.1_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXcHzKNzjgjWX9erEAQiytQ/6Apphov2V0QmnXA+KO3ZZKBPXtgKv8Sv1 dPtXhTC+Keq4yX9/bXlIuyk6BUsMeaiIMlL5bSSKtq2I7rVxwubTcPX4rD+pQvx8 ArNJgn7U2/3xqwc0R8dNXx6o8vB1M6jXDtu8fKJOxW48evDJf6gE4gX2KUM9yxR2 MhCoHVkLp9a5f0T11yFPI11H0P8gXXQgboAkdt82Ui35T4tD8RndVyPCsllN2c/X QCCbvZ9e8OLJJoxsOryLcw8tpQHXK2AJMXWv0Us99kQtbaBULWWahhrg/tftLxtT pILFBaB/RsmGg1O6OkxJ2CuKl6ATC2Wlj/Z7uYPrS7MQDn+fXkH2gfcjb4Z4rqIL IyKbUpsyFEAaV5rJUeRaS7dGfuQldQbS96P8lUpCcOXPbYD8FgTrW2q3NjOKgYMU +gh2xPwmlRm+iYfmedPoR2+bTWNYv8JS+Cp/fZF4IFx2EJPQcxKLYshNKgcfkNkR rIZ4brUI79p84H01TcTh4mFAbR63Y+c36UAI3/fM/W/RkZn/PdoJtpfwg/tjOYZH rt9kL7SfAEhjHNtBuJGNol6e124srS6300hnfFovAr6llDOcYlrh3ZgVZjVrn6E8 TZhyZ84TGMOqykfH7B9XkJH82X+x3rd2m0ovCPq+Ly62BasdXVd0C2snzbx8OAM8 I+am8dhVlyM= =iPw4 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . scp client multiple vulnerabilities =================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Overview -------- SCP clients from multiple vendors are susceptible to a malicious scp server performing unauthorized changes to target directory and/or client output manipulation. Description ----------- Many scp clients fail to verify if the objects returned by the scp server match those it asked for. This issue dates back to 1983 and rcp, on which scp is based. A separate flaw in the client allows the target directory attributes to be changed arbitrarily. Finally, two vulnerabilities in clients may allow server to spoof the client output. Impact ------ Malicious scp server can write arbitrary files to scp target directory, change the target directory permissions and to spoof the client output. Details ------- The discovered vulnerabilities, described in more detail below, enables the attack described here in brief. 1. The attacker controlled server or Man-in-the-Middle(*) attack drops .bash_aliases file to victim's home directory when the victim performs scp operation from the server. The transfer of extra files is hidden by sending ANSI control sequences via stderr. For example: user@local:~$ scp user@remote:readme.txt . readme.txt 100% 494 1.6KB/s 00:00 user@local:~$ 2. Once the victim launches a new shell, the malicious commands in .bash_aliases get executed. *) Man-in-the-Middle attack does require the victim to accept the wrong host fingerprint. Vulnerabilities --------------- 1. CWE-20: scp client improper directory name validation [CVE-2018-20685] The scp client allows server to modify permissions of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0 .\n") directory name. 2. CWE-20: scp client missing received object name validation [CVE-2019-6111] Due to the scp implementation being derived from 1983 rcp [1], the server chooses which files/directories are sent to the client. However, scp client only perform cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example overwrite .ssh/authorized_keys). The same vulnerability in WinSCP is known as CVE-2018-20684. 3. 4. Proof-of-Concept ---------------- Proof of concept malicious scp server will be released at a later date. Vulnerable versions ------------------- The following software packages have some or all vulnerabilities: ver #1 #2 #3 #4 OpenSSH scp <=7.9 x x x x PuTTY PSCP ? - - x x WinSCP scp mode <=5.13 - x - - Tectia SSH scpg3 is not affected since it exclusively uses sftp protocol. Mitigation ---------- 1. OpenSSH 1.1 Switch to sftp if possible 1.2 Alternatively apply the following patch to harden scp against most server-side manipulation attempts: https://sintonen.fi/advisories/scp-name-validator.patch NOTE: This patch may cause problems if the the remote and local shells don't agree on the way glob() pattern matching works. YMMV. 2. PuTTY 2.1 No fix is available yet 3. WinSCP 3.1. Upgrade to WinSCP 5.14 or later Similar or prior work --------------------- 1. CVE-2000-0992 - scp overwrites arbitrary files References ---------- 1. https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access Credits ------- The vulnerability was discovered by Harry Sintonen / F-Secure Corporation. Timeline -------- 2018.08.08 initial discovery of vulnerabilities #1 and #2 2018.08.09 reported vulnerabilities #1 and #2 to OpenSSH 2018.08.10 OpenSSH acknowledged the vulnerabilities 2018.08.14 discovered & reported vulnerability #3 to OpenSSH 2018.08.15 discovered & reported vulnerability #4 to OpenSSH 2018.08.30 reported PSCP vulnerabilities (#3 and #4) to PuTTY developers 2018.08.31 reported WinSCP vulnerability (#2) to WinSCP developers 2018.09.04 WinSCP developers reported the vulnerability #2 fixed 2018.11.12 requested a status update from OpenSSH 2018.11.16 OpenSSH fixed vulnerability #1 2019.01.07 requested a status update from OpenSSH 2019.01.08 requested CVE assignments from MITRE 2019.01.10 received CVE assignments from MITRE 2019.01.11 public disclosure of the advisory 2019.01.14 added a warning about the potential issues caused by the patch . All the vulnerabilities are in found in the scp client implementing the SCP protocol. The check added in this version can lead to regression if the client and the server have differences in wildcard expansion rules. If the server is trusted for that purpose, the check can be disabled with a new -T option to the scp client. For the stable distribution (stretch), these problems have been fixed in version 1:7.4p1-10+deb9u5. For the detailed security status of openssh please refer to its security tracker page at: https://security-tracker.debian.org/tracker/openssh Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlxe0w0ACgkQ3rYcyPpX RFs85AgA0GrSHO4Qf5FVsE3oXa+nMkZ4U6pbOA9dHotX54DEyNuIJrOsOv01cFxQ t2Z6uDkZptmHZT4uSWg2xIgMvpkGo9906ziZfHc0LTuHl8j++7cCDIDGZBm/iZaX ueQfl85gHDpte41JvUtpSBAwk1Bic7ltLUPDIGEiq6nQboxHIzsU7ULVb1l0wNxF sEFDPWGBS01HTa+QWgQaG/wbEhMRDcVz1Ck7dqpT2soQRohDWxU01j14q1EKe9O9 GHiWECvFSHBkkI/v8lNfSWnOWYa/+Aknri0CpjPc/bqh2Yx9rgp/Q5+FJ/FxJjmC bHFd+tbxB1LxEO96zKguYpPIzw7Kcw== =5Fd8 -----END PGP SIGNATURE-----

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. Fortinet FortiOS Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fortinet FortiOS is prone to a format string vulnerability. Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application. Fortinet FortiOS version 5.6.0 is vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam

The Junos Space application, which allows Device Image files to be uploaded, has insufficient validity checking which may allow uploading of malicious images or scripts, or other content types. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. Juniper Networks Junos Space Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. The vulnerability is due to insufficient validation checks

A malicious authenticated user may be able to delete a device from the Junos Space database without the necessary privileges through crafted Ajax interactions obtained from another legitimate delete action performed by another administrative user. Affected releases are Juniper Networks Junos Space versions prior to 18.3R1. The solution supports automated configuration, monitoring, and troubleshooting of devices and services throughout their lifecycle. A security vulnerability exists in Juniper Junos Space 18.3R1. An attacker could exploit this vulnerability to delete a device from the Junos Space database

On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. Junos OS Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Juniper Junos is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks. Juniper EX2300 and EX3400 series are switch products of Juniper Networks (Juniper Networks). Junos OS is a set of operating systems running on it. A security vulnerability exists in Junos OS Release 15.1X53, Release 18.1, and Release 18.2 on the Juniper EX2300 and EX3400 series. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Remote Management is one of the remote management components. A remote attacker can exploit this vulnerability to gain root privileges

In iOS before 11.4, iCloud for Windows before 7.5, watchOS before 4.3.1, iTunes before 12.7.5 for Windows, and macOS High Sierra before 10.13.5, an out-of-bounds read was addressed with improved input validation. plural Apple The product has a flaw in reading due to incomplete processing related to input validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

In iOS before 11.2.5, macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, watchOS before 4.2.2, and tvOS before 11.2.5, a memory corruption issue exists and was addressed with improved memory handling. plural Apple The product has a memory corruption vulnerability due to incomplete memory handling.There is a possibility of memory corruption

In Safari before 11.1, an information leakage issue existed in the handling of downloads in Safari Private Browsing. This issue was addressed with additional validation. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. An attacker could exploit this vulnerability to disclose information

In iOS before 11.3, tvOS before 11.3, watchOS before 4.3, and macOS before High Sierra 10.13.4, an information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. plural Apple The product contains a vulnerability in state processing, so there is a vulnerability in which information is disclosed.Information may be disclosed. in the United States. Apple iOS is an operating system developed for mobile devices; tvOS is a smart TV operating system; watchOS is a smart watch operating system; macOS High Sierra is a dedicated operating system developed for Mac computers. Kernel is one of the kernel components. An attacker could exploit this vulnerability with a malicious application to determine the kernel memory layout

In macOS High Sierra before 10.13.4, there was an issue with the handling of smartcard PINs. This issue was addressed with additional logic. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Local Authentication is one of the local authentication components. A local attacker could exploit the vulnerability to view sensitive user information

In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation. Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance (OHA). An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges

In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling. plural Apple There are multiple memory corruption vulnerabilities in the product due to flaws in memory handling.There is a possibility of memory corruption. Apple iOS, Safari and iCloud for Windows are all products of Apple (Apple). Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is one of the web browser engine components. A security vulnerability exists in the WebKit component of several Apple products. An attacker using maliciously crafted website content could exploit this vulnerability to execute arbitrary code (memory corruption)

In macOS High Sierra before 10.13.5, a privacy issue in the handling of Open Directory records was addressed with improved indexing. Apple macOS High Sierra is a set of dedicated operating systems developed by Apple (Apple) for Mac computers. Identity Services is one of the identity authentication service components. An attacker could exploit this vulnerability with a malicious application to gain access to a local user's Apple ID

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved bounds checking. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsControl is one of the integrated graphics drivers. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges

In macOS High Sierra before 10.13.5, a buffer overflow was addressed with improved size validation. Apple macOS High Sierra is a dedicated operating system developed by Apple for Mac computers. AppleGraphicsPowerManagement is one of the graphics card power management components. An attacker could exploit this vulnerability to execute arbitrary code with kernel privileges