VARIoT IoT vulnerabilities database

Use After Free in Remote logging (which is disabled by default) in McAfee McAfee Agent (MA) 5.x prior to 5.6.0 allows remote unauthenticated attackers to cause a Denial of Service and potentially a remote code execution via a specially crafted HTTP header sent to the logging service. McAfee Agent (MA) Contains a vulnerability in the use of freed memory.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. McAfee Agent is prone to a remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application or cause denial-of-service conditions. McAfee Agent versions 5.5.x and 5.0.x are vulnerable

By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access to resources that should be protected. This has been fixed in SAP NetWeaver AS Java (ServerCore versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). SAP NetWeaver is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks. NetWeaver 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 are vulnerable

SAML 2.0 functionality in SAP NetWeaver AS Java, does not sufficiently validate XML documents received from an untrusted source. This is fixed in versions 7.2, 7.30, 7.31, 7.40 and 7.50. SAP NetWeaver AS Java Contains an input validation vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. SAP NetWeaver AS Java is prone to an XML External Entity injection vulnerability. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service conditions

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter. D-Link DIR-619L Rev.B and DIR-605L Rev.B Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-619LRev.B and DIR-605LRev.B are both router products of D-Link. There is a security vulnerability in /bin/boa in D-LinkDIR-619LRev.B2.06B1 and DIR-605LRev.B2.12B1

An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. There is a stack-based buffer overflow allowing remote attackers to execute arbitrary code without authentication via the goform/formLanguageChange currTime parameter. D-Link DIR-619L Rev.B and DIR-605L Rev.B Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDIR-619LRev.B and DIR-605LRev.B are both router products of D-Link. A stack buffer overflow vulnerability exists in /bin/boa in D-LinkDIR-619LRev.B2.06B1 and DIR-605LRev.B2.12B1

Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method. Jooan JA-Q1H Wi-Fi camera Firmware contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Jooan JA-Q1H Wi-Fi Camera is a network camera product of China Jooan Technology Company

Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on. Jooan JA-Q1H Wi-Fi camera Firmware contains a data processing vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Jooan JA-Q1H Wi-Fi Camera is a network camera product of China Jooan Technology Company. There is a security vulnerability in the Jooan JA-Q1H Wi-Fi Camera with firmware version 21.0.0.91, the vulnerability stems from the fact that the program does not handle the '&' character correctly

LibVNC before 0.9.12 contains multiple heap out-of-bounds write vulnerabilities in libvncclient/rfbproto.c. The fix for CVE-2018-20019 was incomplete. LibVNC Contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LibVNCServer is prone to a local heap-based buffer-overflow vulnerability. Attackers can exploit these issues to execute arbitrary code within the context of the user running the affected application. Failed attempts will likely cause a denial-of-service condition. Note: This issue is the result of an incomplete fix for issue CVE-2018-20019 described in 106821 (LibVNCServer CVE-2018-20019 Multiple Heap Buffer Overflow Vulnerabilities). Software Description: - libvncserver: vnc server library Details: It was discovered that LibVNCServer incorrectly handled certain operations. ========================================================================= Ubuntu Security Notice USN-4587-1 October 20, 2020 italc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in iTALC. Software Description: - italc: didact tool which allows teachers to view and control computer labs Details: Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. (CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. (CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: italc-client 1:2.0.2+dfsg1-4ubuntu0.1 italc-master 1:2.0.2+dfsg1-4ubuntu0.1 libitalccore 1:2.0.2+dfsg1-4ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4587-1 CVE-2014-6051, CVE-2014-6052, CVE-2014-6053, CVE-2014-6054, CVE-2014-6055, CVE-2016-9941, CVE-2016-9942, CVE-2018-15127, CVE-2018-20019, CVE-2018-20020, CVE-2018-20021, CVE-2018-20022, CVE-2018-20023, CVE-2018-20024, CVE-2018-20748, CVE-2018-20749, CVE-2018-20750, CVE-2018-7225, CVE-2019-15681 Package Information: https://launchpad.net/ubuntu/+source/italc/1:2.0.2+dfsg1-4ubuntu0.1

Buffer overflow in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). TRENDnet TV-IP110WN and TV-IP121WN The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TRENDnetTV-IP110WN is a wireless internet surveillance camera. The TRENDnetTV-IP121WN is a network camera solution for surveillance. A buffer overflow vulnerability exists in TRENDnetTV-IP110WN and TV-IP121WN. ########################################### Vulnerabilities found in TRENDnet devices Authors:Prashast Srivastava, Mathias Payer Howard Shrobe, Hamed Okhravi Author contact: https://github.com/prashast/ ########################################### Multiple vulnerabilties including Command Injection, Buffer Overflow and Reflective XSS vulnerabilties were found in the following TRENDnet devices: Routers: TEW-634GRU, TEW-673GRU, TEW-632BRP IP-Cameras: TV-IP110WN, TV-IP121WN These were found using our dynamic analysis tool for embedded devices. The POC's will be made available upon the public release of our tool. A more detailed breakdown is presented below on a per vulnerability basis:- Command Injection ------------------ CVE-ID: CVE-2018-19239 Product: TEW-673GRU Module affected: `start_arpping` function in `timer` binary Firmware version: v1.00b40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the `start_arpping` function of the `timer binary`, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. Exploiting the vulnerability requires a user to be authenticated with the router with administrative credentials. The `start_arpping` function reads the following values from the NVRAM namely: dhcpd_start, dhcpd_end, lan_ipaddr, lan_bridge and lan_eth. These values are then passed to the `arpping` utility without any sort of sanity checks. Out of these values, the outward facing configuration webserver(httpd) running at `IP:192.168.10.1 Port: 80` allows a user to modify the first three values `dhcpd_start`, `dhcpd_end`, `lan_ipaddr` via the LAN and DHCP server configuration webpage available at `http://192.168.10.1/lan.asp` by making a POST request to `apply.cgi` binary with the appropriate parameters. We have observed that the by directly making a POST request to the `apply.cgi` binary with the values of the above mentioned three parameters containing Command Injection based payloads, it is possible to execute arbitrary commands on the router with root privileges. A sub-routine respondAsp is called that copies a user-controlled parameter into a stack variable using strcpy without any bounds check. This makes the subroutine vulnerable to BoF and can be exploited without authentication x-----------x Products: - TV-IP110WN (V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64) - TV-IP121WN (V1.2.2 build 28) Module affected: `watch.cgi` A BoF vulnerability exists in the `watch.cgi` binary and how it handles the `url` parameter. An attacker can deliver its payload using a POST request in the `url` parameter to trigger the BoF vulnerability without authentication. Reflective XSS --------------- Products: - TEW-632BRP (1.010B32) - TEW-673GRU (v1.00b40) - TEW-634GRU (v1.01B14) Module affected: `login.cgi` `Login.cgi` in TRENDNet TEW-632BRP, TEW-673GRU and TEW-634GRU has a reflected XSS vulnerability that does not require any authentication. Vendor Disclosure ------------------ The vulnerabilities had been notified to the vendor 12/03. The vendor replied on 12/05 that since the products had reached their end-of-life no future development or firmware updates would be provided for these devices

Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (with authentication). TRENDnet TEW-632BRP and TEW-673GRU The device contains a buffer error vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. TRENDnetTEW-632BRP is a router. The TRENDnetTEW-673GRU is a dual-band green router. A buffer overflow vulnerability exists in TRENDnetTEW-632BRP and TEW-673GRU. ########################################### Vulnerabilities found in TRENDnet devices Authors:Prashast Srivastava, Mathias Payer Howard Shrobe, Hamed Okhravi Author contact: https://github.com/prashast/ ########################################### Multiple vulnerabilties including Command Injection, Buffer Overflow and Reflective XSS vulnerabilties were found in the following TRENDnet devices: Routers: TEW-634GRU, TEW-673GRU, TEW-632BRP IP-Cameras: TV-IP110WN, TV-IP121WN These were found using our dynamic analysis tool for embedded devices. The POC's will be made available upon the public release of our tool. A more detailed breakdown is presented below on a per vulnerability basis:- Command Injection ------------------ CVE-ID: CVE-2018-19239 Product: TEW-673GRU Module affected: `start_arpping` function in `timer` binary Firmware version: v1.00b40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the `start_arpping` function of the `timer binary`, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. Exploiting the vulnerability requires a user to be authenticated with the router with administrative credentials. The `start_arpping` function reads the following values from the NVRAM namely: dhcpd_start, dhcpd_end, lan_ipaddr, lan_bridge and lan_eth. These values are then passed to the `arpping` utility without any sort of sanity checks. Out of these values, the outward facing configuration webserver(httpd) running at `IP:192.168.10.1 Port: 80` allows a user to modify the first three values `dhcpd_start`, `dhcpd_end`, `lan_ipaddr` via the LAN and DHCP server configuration webpage available at `http://192.168.10.1/lan.asp` by making a POST request to `apply.cgi` binary with the appropriate parameters. We have observed that the by directly making a POST request to the `apply.cgi` binary with the values of the above mentioned three parameters containing Command Injection based payloads, it is possible to execute arbitrary commands on the router with root privileges. A sub-routine respondAsp is called that copies a user-controlled parameter into a stack variable using strcpy without any bounds check. This makes the subroutine vulnerable to BoF and can be exploited without authentication x-----------x Products: - TV-IP110WN (V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64) - TV-IP121WN (V1.2.2 build 28) Module affected: `watch.cgi` A BoF vulnerability exists in the `watch.cgi` binary and how it handles the `url` parameter. Reflective XSS --------------- Products: - TEW-632BRP (1.010B32) - TEW-673GRU (v1.00b40) - TEW-634GRU (v1.01B14) Module affected: `login.cgi` `Login.cgi` in TRENDNet TEW-632BRP, TEW-673GRU and TEW-634GRU has a reflected XSS vulnerability that does not require any authentication. Vendor Disclosure ------------------ The vulnerabilities had been notified to the vendor 12/03. The vendor replied on 12/05 that since the products had reached their end-of-life no future development or firmware updates would be provided for these devices

Buffer overflow in video.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication). TRENDnet TV-IP110WN and TV-IP121WN The device contains a buffer error vulnerability.Information may be tampered with. TRENDnetTV-IP110WN is a wireless internet surveillance camera. The TRENDnetTV-IP121WN is a network camera solution for surveillance. There are BoF vulnerabilities in TRENDnetTV-IP110WN and TV-IP121WN. An attacker could use a POST request to deliver its payload to trigger a BoF vulnerability in the \"url\" parameter without authentication. ########################################### Vulnerabilities found in TRENDnet devices Authors:Prashast Srivastava, Mathias Payer Howard Shrobe, Hamed Okhravi Author contact: https://github.com/prashast/ ########################################### Multiple vulnerabilties including Command Injection, Buffer Overflow and Reflective XSS vulnerabilties were found in the following TRENDnet devices: Routers: TEW-634GRU, TEW-673GRU, TEW-632BRP IP-Cameras: TV-IP110WN, TV-IP121WN These were found using our dynamic analysis tool for embedded devices. The POC's will be made available upon the public release of our tool. A more detailed breakdown is presented below on a per vulnerability basis:- Command Injection ------------------ CVE-ID: CVE-2018-19239 Product: TEW-673GRU Module affected: `start_arpping` function in `timer` binary Firmware version: v1.00b40 TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the `start_arpping` function of the `timer binary`, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. Exploiting the vulnerability requires a user to be authenticated with the router with administrative credentials. The `start_arpping` function reads the following values from the NVRAM namely: dhcpd_start, dhcpd_end, lan_ipaddr, lan_bridge and lan_eth. These values are then passed to the `arpping` utility without any sort of sanity checks. Out of these values, the outward facing configuration webserver(httpd) running at `IP:192.168.10.1 Port: 80` allows a user to modify the first three values `dhcpd_start`, `dhcpd_end`, `lan_ipaddr` via the LAN and DHCP server configuration webpage available at `http://192.168.10.1/lan.asp` by making a POST request to `apply.cgi` binary with the appropriate parameters. We have observed that the by directly making a POST request to the `apply.cgi` binary with the values of the above mentioned three parameters containing Command Injection based payloads, it is possible to execute arbitrary commands on the router with root privileges. A sub-routine respondAsp is called that copies a user-controlled parameter into a stack variable using strcpy without any bounds check. Reflective XSS --------------- Products: - TEW-632BRP (1.010B32) - TEW-673GRU (v1.00b40) - TEW-634GRU (v1.01B14) Module affected: `login.cgi` `Login.cgi` in TRENDNet TEW-632BRP, TEW-673GRU and TEW-634GRU has a reflected XSS vulnerability that does not require any authentication. Vendor Disclosure ------------------ The vulnerabilities had been notified to the vendor 12/03. The vendor replied on 12/05 that since the products had reached their end-of-life no future development or firmware updates would be provided for these devices

TRENDnet TEW-673GRU v1.00b40 devices have an OS command injection vulnerability in the start_arpping function of the timer binary, which allows remote attackers to execute arbitrary commands via three parameters (dhcpd_start, dhcpd_end, and lan_ipaddr) passed to the apply.cgi binary through a POST request. TRENDnet TEW-673GRU The device includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TRENDnetTEW-673GRU is a dual-band green router. There is a command injection vulnerability in TRENDnetTEW-673GRU. ########################################### Vulnerabilities found in TRENDnet devices Authors:Prashast Srivastava, Mathias Payer Howard Shrobe, Hamed Okhravi Author contact: https://github.com/prashast/ ########################################### Multiple vulnerabilties including Command Injection, Buffer Overflow and Reflective XSS vulnerabilties were found in the following TRENDnet devices: Routers: TEW-634GRU, TEW-673GRU, TEW-632BRP IP-Cameras: TV-IP110WN, TV-IP121WN These were found using our dynamic analysis tool for embedded devices. The POC's will be made available upon the public release of our tool. Exploiting the vulnerability requires a user to be authenticated with the router with administrative credentials. The `start_arpping` function reads the following values from the NVRAM namely: dhcpd_start, dhcpd_end, lan_ipaddr, lan_bridge and lan_eth. These values are then passed to the `arpping` utility without any sort of sanity checks. Out of these values, the outward facing configuration webserver(httpd) running at `IP:192.168.10.1 Port: 80` allows a user to modify the first three values `dhcpd_start`, `dhcpd_end`, `lan_ipaddr` via the LAN and DHCP server configuration webpage available at `http://192.168.10.1/lan.asp` by making a POST request to `apply.cgi` binary with the appropriate parameters. Buffer Overflows ------------------ CVE-ID: CVE-2018-19240 Products: - TV-IP110WN (V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64) - TV-IP121WN (V1.2.2 build 28) Module affected: `network.cgi` Buffer overflow can be exploited by using the `iptype` parameter in network.cgi on TRENDnet TV-IP110WN V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64 and TV-IP121WN V1.2.2 build 28 devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload (without authentication) x-----------x CVE-ID: CVE-2018-19241 Products: - TV-IP110WN (V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64) - TV-IP121WN (V1.2.2 build 28) Module affected: `video.cgi` A BoF vulnerability exists in the CGI binary which can modify the quality of the video recorded on the camera. A sub-routine respondAsp is called that copies a user-controlled parameter into a stack variable using strcpy without any bounds check. This makes the subroutine vulnerable to BoF and can be exploited without authentication x-----------x Products: - TV-IP110WN (V1.2.2 build 68, V1.2.2.65, and V1.2.2 build 64) - TV-IP121WN (V1.2.2 build 28) Module affected: `watch.cgi` A BoF vulnerability exists in the `watch.cgi` binary and how it handles the `url` parameter. An attacker can deliver its payload using a POST request in the `url` parameter to trigger the BoF vulnerability without authentication. x-----------x CVE-ID: CVE-2018-19242 Products: - TEW-632BRP (1.010B32) - TEW-673GRU (v1.00b40) Module affected: `apply.cgi` Buffer overflow in apply.cgi on TRENDnet TEW-632BRP 1.010B32 and TEW-673GRU devices allows attackers to hijack the control flow to any attacker-specified location by crafting a POST request payload(with authentication). Reflective XSS --------------- Products: - TEW-632BRP (1.010B32) - TEW-673GRU (v1.00b40) - TEW-634GRU (v1.01B14) Module affected: `login.cgi` `Login.cgi` in TRENDNet TEW-632BRP, TEW-673GRU and TEW-634GRU has a reflected XSS vulnerability that does not require any authentication. Vendor Disclosure ------------------ The vulnerabilities had been notified to the vendor 12/03. The vendor replied on 12/05 that since the products had reached their end-of-life no future development or firmware updates would be provided for these devices

An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HUB, and can use IP Changer to change destination IP addresses (of all packets whose destination IP address is Server) to a proxy-server IP address. This allows sniffing of cleartext between Server and Controller. The cleartext command data is transmitted to Controller using the proxy server's fake certificate, and it is able to control each Node of the HUB. Also, by operating HUB in Z-Wave Pairing Mode, it is possible to obtain the Z-Wave network key. There is a security vulnerability in KT MC01507L Z-Wave S0, which is caused by the program not enabling the HPKP mechanism. A local attacker could exploit this vulnerability to sniff the plaintext between the server and the controller and obtain the Z-Wave network key

UNIFI SDN Controller is an SDN controller produced by Ubiquiti Network. A code execution vulnerability exists in the UNIFI SDN Controller. An attacker could use this vulnerability to execute arbitrary code.

An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending divided "Nonce Get (0x98 0x81)" frames. The reason for dividing the "Nonce Get" frame is that, in security version S0, when a node receives a "Nonce Get" frame, the node produces a random new nonce and sends it to the Src node of the received "Nonce Get" frame. After the nonce value is generated and transmitted, the node transitions to wait mode. At this time, when "Nonce Get" is received again, the node discards the previous nonce value and generates a random nonce again. Therefore, because the frame is encrypted with previous nonce value, the received normal frame cannot be decrypted. are power management devices. A local attacker could exploit this vulnerability to prevent the device from decrypting received normal frames

The _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service (memory consumption), as demonstrated by nm. GNU Binutils Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. GNU Binutils is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause denial-of-service condition, denying service to legitimate users. GNU Binutils 2.31 is vulnerable; other versions may also be affected. Archive tools. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Binutils: Multiple vulnerabilities Date: August 03, 2019 Bugs: #672904, #672910, #674668, #682698, #682702 ID: 201908-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Binutils, the worst of which may allow remote attackers to cause a Denial of Service condition. Background ========= The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Please review the referenced CVE identifiers for details. Impact ===== A remote attacker, by enticing a user to compile/execute a specially crafted ELF, object, PE, or binary file, could possibly cause a Denial of Service condition or have other unspecified impacts. Workaround ========= There is no known workaround at this time. Resolution ========= All Binutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.32-r1" References ========= [ 1 ] CVE-2018-10372 https://nvd.nist.gov/vuln/detail/CVE-2018-10372 [ 2 ] CVE-2018-10373 https://nvd.nist.gov/vuln/detail/CVE-2018-10373 [ 3 ] CVE-2018-10534 https://nvd.nist.gov/vuln/detail/CVE-2018-10534 [ 4 ] CVE-2018-10535 https://nvd.nist.gov/vuln/detail/CVE-2018-10535 [ 5 ] CVE-2018-12641 https://nvd.nist.gov/vuln/detail/CVE-2018-12641 [ 6 ] CVE-2018-12697 https://nvd.nist.gov/vuln/detail/CVE-2018-12697 [ 7 ] CVE-2018-12698 https://nvd.nist.gov/vuln/detail/CVE-2018-12698 [ 8 ] CVE-2018-12699 https://nvd.nist.gov/vuln/detail/CVE-2018-12699 [ 9 ] CVE-2018-12700 https://nvd.nist.gov/vuln/detail/CVE-2018-12700 [ 10 ] CVE-2018-13033 https://nvd.nist.gov/vuln/detail/CVE-2018-13033 [ 11 ] CVE-2018-19931 https://nvd.nist.gov/vuln/detail/CVE-2018-19931 [ 12 ] CVE-2018-19932 https://nvd.nist.gov/vuln/detail/CVE-2018-19932 [ 13 ] CVE-2018-20002 https://nvd.nist.gov/vuln/detail/CVE-2018-20002 [ 14 ] CVE-2018-20651 https://nvd.nist.gov/vuln/detail/CVE-2018-20651 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-01 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService. Anker Nebula Capsule Pro Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. AnkerNebulaCapsulePro is a projector device from AnkerInnovations, USA. A security vulnerability exists in the AnkerNebulaCapsuleProNBUI_M1_V2.1.9 release

IBM DataPower Gateway 7.1.0.0 through 7.1.0.19, 7.2.0.0 through 7.2.0.16, 7.5.0.0 through 7.5.0.10, 7.5.1.0 through 7.5.1.9, 7.5.2.0 through 7.5.2.9, and 7.6.0.0 through 7.6.0.2 and IBM MQ Appliance 8.0.0.0 through 8.0.0.8 and 9.0.1 through 9.0.5 could allow a local user to cause a denial of service through unknown vectors. IBM X-Force ID: 144724. Vendors have confirmed this vulnerability IBM X-Force ID: 144724 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition. IBM DataPower Gateway is a secure and integrated platform designed for mobile, cloud, application programming interface (API), web, service-oriented architecture (SOA), B2B and cloud workloads. MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware. The following products and versions are affected: IBM DataPower Gateway Version 7.1.0.0 to Version 7.1.0.19, Version 7.2.0.0 to Version 7.2.0.16, Version 7.5.0.0 to Version 7.5.0.10, Version 7.5.1.0 to Version 7.5.1.9, Version 7.5.2.0 to version 7.5.2.9, version 7.6.0.0 to version 7.6.0.2; MQ Appliance version 8.0.0.0 to version 8.0.0.8, version 9.0.1 to version 9.0.5

ZTE C520 is a smart Wi-Fi care camera. ZTE C520 smart camera has authentication flaws. The vulnerability is because the smart camera requires user name and password authentication to log in, view images and parameter settings. At the same time, authentication after login is based on IP, that is, as long as an IP is logged in with an account, the IP will automatically authorize access to the management background. Attackers can use the vulnerability to randomly call the management background and perform various operations.

ZTE C520 is a smart Wi-Fi care camera. ZTE C520 smart camera has a directory crossing vulnerability. An attacker could exploit the vulnerability to read arbitrary files.