VARIoT IoT vulnerabilities database

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Insufficient encryption processing (CWE-325) - CVE-2018-5383 Bluetooth Then, elliptic curve Diffie-Hellman key sharing (ECDH) It defines a device pairing mechanism based on technology. In this method, each pair to be paired prepares a key pair consisting of a private key and a public key. When pairing starts, each other's public key is exchanged, and each private key is generated using the private key of the other party and the public key of the other party. The parameters of the elliptic curve encryption to be used must be agreed in advance. Bluetooth The specification recommends that you verify that the public key you received from the other party is appropriate, but it was not required. "Invalid Curve Attack" Or "Invalid Point Attack" In an attack technique called, it is pointed out that searching for a secret key is much easier if a shared key is generated without confirming that the public key received from the other party is appropriate. It is. Some implementations process without verifying the public key received from the other party, Bluetooth If a public key crafted by a third party that exists within the communication distance of is injected, there is a possibility that the secret key is obtained with a high probability. As a result, there is a possibility that the communication contents will be obtained or altered. Secure Connections Pairing Mode and Simple Secure Paring Both modes are affected. Bluetooth SIG Let's make it necessary to verify the received public key. Bluetooth While updating the specifications of Bluetooth Qualification Program Added a test item in this case. Bluetooth SIG See the announcement. Bluetooth SIG Announcement https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig-security-updateBluetooth Man-in-the-middle attack by third parties within the communication range (man-in-the-middle attack) If this is done, you may be able to obtain the private key used by the device. As a result, communication content between devices may be obtained or falsified. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-4 Additional information for APPLE-SA-2018-06-01-6 tvOS 11.4 tvOS 11.4 addresses the following: Bluetooth Available for: Apple TV 4K Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Entry added July 23, 2018 Crash Reporter Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved error handling. CVE-2018-4206: Ian Beer of Google Project Zero FontParser Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2018-4211: Proteas of Qihoo 360 Nirvan Team Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2018-4241: Ian Beer of Google Project Zero CVE-2018-4243: Ian Beer of Google Project Zero Kernel Available for: Apple TV 4K and Apple TV (4th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A denial of service issue was addressed with improved validation. CVE-2018-4249: Kevin Backhouse of Semmle Ltd. libxpc Available for: Apple TV 4K and Apple TV (4th generation) Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved validation. CVE-2018-4237: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to conduct impersonation attacks Description: An injection issue was addressed with improved input validation. CVE-2018-4235: Anurodh Pokharel of Salesforce.com Messages Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted message may lead to a denial of service Description: This issue was addressed with improved message validation. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. Ltd Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent device identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4224: Abraham Masri (@cheesecakeufo) Security Available for: Apple TV 4K and Apple TV (4th generation) Impact: A local user may be able to read a persistent account identifier Description: An authorization issue was addressed with improved state management. CVE-2018-4223: Abraham Masri (@cheesecakeufo) UIKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing a maliciously crafted text file may lead to a denial of service Description: A validation issue existed in the handling of text. This issue was addressed with improved validation of text. CVE-2018-4198: Hunter Byrnes WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4204: found by OSS-Fuzz, Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2018-4200: Ivan Fratric of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfcwwPWJ3e0Ig26mf8ecVjteJiCYFAltUsiMACgkQ8ecVjteJ iCYcZBAAusSQ6lM5Qebyc48iNEu/DUrOwUVyN6MNjo0699Xm+kbu+0u/JQNf75jw ZeelK31NLRyRx9BuK7u4J20gi+hsWI7N9wtVkeOaPiE/Ha45uEVaJ6lSSJOIZ3rZ oXb4PiL8+bSukiRgBvFhnxDwGCGefg8udRjtONRlCuMvyZAY09LT6cgZOXSEJEbF ecVmvDAEEwH1hcTV7PJbQ4nCkv97DA8dPVTbUUbtPXCOPYjsClz1JSUubOSDw3d4 7tq4pfs6ZJFZCE8JFJFY+CCIWuE1FppTE7FVJVfFdpAri+prTeGZJppzEjJDZR2g 4lCOyx926Mp5tqZx6WZc1Xkz8LJaZbEWPrfGW4wKMFIC7WPwhyi7y2NqVfcjbubW aOsfQFwbCx9KlfOfUMJtbAaha7TBiDJV5u2PMILL3ct2BRX+LqEUrlrR1uwhF5VZ npPX9cEwMbWRCj7QJC9bmRT1mPYKD+sK5HqBc7Ftp3NYv1hjhEz6iVcF7HYY9T2j aYzvsXaMilihEaDRu4H/0wLX4abUrOtUwFowuehUkNF30cgBrtyWcJl6K6/WaW2C IdmF0IB4T4MRWyPKY2r1A+rBerCaoxb0IBucOP9JO4V1uDrCoHdxEL9LfjXlz/tx CiPvy4EaV2aIDjSfkf75IXtHx2ueIFfdTGVH1OEdX9JoCSqNRPQ= =8ofX -----END PGP SIGNATURE----- . CVE-2018-4321: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. CVE-2018-4361: found by Google OSS-Fuzz Entry added September 24, 2018 Additional recognition Assets We would like to acknowledge Brandon Azad for their assistance. Core Data We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. Sandbox Profiles We would like to acknowledge Tencent Keen Security Lab working with Trend Micro's Zero Day Initiative for their assistance. SQLite We would like to acknowledge Andreas Kurtz (@aykay) of NESO Security Labs GmbH for their assistance. WebKit We would like to acknowledge Cary Hartline, Hanming Zhang from 360 Vuclan team, and Zach Malone of CA Technologies for their assistance. CVE-2018-5383: Lior Neumann and Eli Biham The updates below are available for these Mac models: MacBook (Early 2015 and later), MacBook Air (Mid 2012 and later), MacBook Pro (Mid 2012 and later), Mac mini (Late 2012 and later), iMac (Late 2012 and later), iMac Pro (all models), Mac Pro (Late 2013, Mid 2010, and Mid 2012 models with recommended Metal-capable graphics processor, including MSI Gaming Radeon RX 560 and Sapphire Radeon PULSE RX 580) App Store Impact: A malicious application may be able to determine the Apple ID of the owner of the computer Description: A permissions issue existed in the handling of the Apple ID. CVE-2018-4324: Sergii Kryvoblotskyi of MacPaw Inc. CVE-2018-4353: Abhinav Bansal of Zscaler, Inc. Mail We would like to acknowledge Alessandro Avagliano of Rocket Internet SE, John Whitehead of The New York Times, Kelvin Delbarre of Omicron Software Systems, and Zbyszek A>>A3Akiewski for their assistance. Security We would like to acknowledge Christoph Sinai, Daniel Dudek (@dannysapples) of The Irish Times and Filip KlubiAka (@lemoncloak) of ADAPT Centre, Dublin Institute of Technology, Istvan Csanady of Shapr3D, Omar Barkawi of ITG Software, Inc., Phil Caleno, Wilson Ding, and an anonymous researcher for their assistance. ========================================================================= Ubuntu Security Notice USN-4094-1 August 13, 2019 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-gke-4.15: Linux kernel for Google Container Engine (GKE) systems - linux-kvm: Linux kernel for cloud environments - linux-oem: Linux kernel for OEM processors - linux-oracle: Linux kernel for Oracle Cloud systems - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13097, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14616, CVE-2018-13096, CVE-2018-13098, CVE-2018-14615) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14609) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-1125) It was discovered that the PowerPC dlpar implementation in the Linux kernel did not properly check for allocation errors in some situations. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-12614) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23 linux-image-4.15.0-1040-gcp 4.15.0-1040.42 linux-image-4.15.0-1040-gke 4.15.0-1040.42 linux-image-4.15.0-1042-kvm 4.15.0-1042.42 linux-image-4.15.0-1043-raspi2 4.15.0-1043.46 linux-image-4.15.0-1050-oem 4.15.0-1050.57 linux-image-4.15.0-1060-snapdragon 4.15.0-1060.66 linux-image-4.15.0-58-generic 4.15.0-58.64 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64 linux-image-4.15.0-58-lowlatency 4.15.0-58.64 linux-image-gcp 4.15.0.1040.42 linux-image-generic 4.15.0.58.60 linux-image-generic-lpae 4.15.0.58.60 linux-image-gke 4.15.0.1040.43 linux-image-gke-4.15 4.15.0.1040.43 linux-image-kvm 4.15.0.1042.42 linux-image-lowlatency 4.15.0.58.60 linux-image-oem 4.15.0.1050.54 linux-image-oracle 4.15.0.1021.24 linux-image-powerpc-e500mc 4.15.0.58.60 linux-image-powerpc-smp 4.15.0.58.60 linux-image-powerpc64-emb 4.15.0.58.60 linux-image-powerpc64-smp 4.15.0.58.60 linux-image-raspi2 4.15.0.1043.41 linux-image-snapdragon 4.15.0.1060.63 linux-image-virtual 4.15.0.58.60 Ubuntu 16.04 LTS: linux-image-4.15.0-1021-oracle 4.15.0-1021.23~16.04.1 linux-image-4.15.0-1040-gcp 4.15.0-1040.42~16.04.1 linux-image-4.15.0-1055-azure 4.15.0-1055.60 linux-image-4.15.0-58-generic 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-generic-lpae 4.15.0-58.64~16.04.1 linux-image-4.15.0-58-lowlatency 4.15.0-58.64~16.04.1 linux-image-azure 4.15.0.1055.58 linux-image-gcp 4.15.0.1040.54 linux-image-generic-hwe-16.04 4.15.0.58.79 linux-image-generic-lpae-hwe-16.04 4.15.0.58.79 linux-image-gke 4.15.0.1040.54 linux-image-lowlatency-hwe-16.04 4.15.0.58.79 linux-image-oem 4.15.0.58.79 linux-image-oracle 4.15.0.1021.15 linux-image-virtual-hwe-16.04 4.15.0.58.79 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4094-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-20169, CVE-2018-20511, CVE-2018-20856, CVE-2018-5383, CVE-2019-10126, CVE-2019-1125, CVE-2019-12614, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-2024, CVE-2019-2101, CVE-2019-3846 Package Information: https://launchpad.net/ubuntu/+source/linux/4.15.0-58.64 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-gke-4.15/4.15.0-1040.42 https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1042.42 https://launchpad.net/ubuntu/+source/linux-oem/4.15.0-1050.57 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23 https://launchpad.net/ubuntu/+source/linux-raspi2/4.15.0-1043.46 https://launchpad.net/ubuntu/+source/linux-snapdragon/4.15.0-1060.66 https://launchpad.net/ubuntu/+source/linux-azure/4.15.0-1055.60 https://launchpad.net/ubuntu/+source/linux-gcp/4.15.0-1040.42~16.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/4.15.0-58.64~16.04.1 https://launchpad.net/ubuntu/+source/linux-oracle/4.15.0-1021.23~16.04.1 . CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \342\200\230limitSpeed\342\200\231 or \342\200\230limitSpeedup\342\200\231 parameter to cause a denial of service

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. Emily-AL00A Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China's Huawei company. The following products and versions are affected: Huawei Anne-AL00 before 9.1.0.122 (C00E120R1P7T8); Honor Play 7A before 8.0.0.213 (C00); Atomu-L03 before 8.0.0.159 (C605CUSTC605D1); Atomu-L11 8.0. 0.149(C782CUSTC782D1) previous version; Atomu-L21 8.0.0.153(C432CUSTC432D1) previous version; Atomu-L23 8.0.0.162(C605CUSTC605D1) previous version; Atomu-L29A 8.0.0.149(C432CUSTC432D1) previous version, 8.0.0.149(C461CUSTC461D1) Before Version, version before 8.0.0.150(C185CUSTC185D1), version before 8.0.0.165(C636CUSTC636D1); version before Atomu-L41 8.0.0.151(C461CUSTC461D1); version before Atomu-L42 8.0.0.153(C636CUSTC636D1-1.0.8.10Berkeley); Version before (C01E181R1P14T8); Version before Delhi-L42 Version before Delhi-L42C185B123, Version before Delhi-L42C432B136; Version before Duke-L09 Version Duke-L09C10B187, Version Duke-L09C432B189, Version Duke-L09C636B189; Figo-L03 8.0.0.137 (C605) version; Figo-L11 8.0.0.135 (C432) version, 9.1.0

Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352). Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. A remote attacker can use this vulnerability to hijack the administrator's identity through a malicious page and perform unauthorized operations

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. Vendors have confirmed this vulnerability IBM X-Force ID: 142967 It is released as.Information may be obtained and information may be altered. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software supports secure integration of complex B2B processes with diverse partner communities

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. Vendors have confirmed this vulnerability IBM X-Force ID: 138434 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. NA-VIEW has a memory corruption vulnerability. The vulnerability is caused by NA-VIEW's failure to determine whether the return value of the GetNext function is legal when analyzing the project. Attackers can exploit vulnerabilities to cause software to crash by constructing illegal data passed into functions

Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. NAPro has a memory corruption vulnerability. The vulnerability is due to NAPro's failure to determine whether the return value of the strlen function is legal when parsing the project. Attackers can use vulnerabilities to construct illegal data entry functions, causing software to crash

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. E42-80 firmware, e42-80 isk firmware, e52-80 firmware etc. Lenovo The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Bootgaurd is prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker could exploit this vulnerability to cause DNS cache data to persist on the target system. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.2.1 to version 11.5.6

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5BIG-IP version 13.0.0 through 13.1.0, 12.1.0 through 12.1.3, and 11.2.1 through 11.6.3. The vulnerability stems from a configuration file associated with QoE. Security vulnerabilities exist in F5 BIG-IP versions 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, and 11.2.1 to 11.6.3

Under certain conditions on F5 BIG-IP 13.1.0-13.1.0.5, 13.0.0, 12.1.0-12.1.3.1, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker can exploit this vulnerability to cause the communication management microkernel (TMM) to generate a core file and interrupt the service. The following versions are affected: F5 BIG-IP version 13.1.0 to 13.1.0.5, 13.0.0, 12.1.0 to 12.1.3.1, 11.6.0 to 11.6.3.1, 11.5.0 to 11.5 .6 version

Under certain conditions on F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.5.0-11.5.6, TMM may core while processing SSL forward proxy traffic. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5BIG-IP that can be exploited by remote attackers to cause the Communication Management Microkernel (TMM) to generate a core file and interrupt the service. A security vulnerability exists in the F5 BIG-IP. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.5.0 to version 11.5.6

TP-LINK WAR302 is an enterprise-class 300M wireless VPN router that supports multiple VPN clients and supports online behavior management. A command execution vulnerability exists in the TP-LINK WAR302 router. The vulnerability stems from the failure to properly filter the parameters submitted by users. Attackers can use the vulnerability to execute arbitrary code.

Yestv camera is a smart monitor for wireless network wifi. An unauthorized access vulnerability exists in the camera of yestv. By obtaining the address and username and password, an attacker can use the vulnerability to obtain video information of the camera.

On F5 BIG-IP 13.0.0-13.0.1, 12.1.0-12.1.3.3, 11.6.0-11.6.3.1, or 11.5.1-11.5.6, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.1.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.1.0-2.3.0 the big3d process does not irrevocably minimize group privileges at start up. plural F5 The product contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained. F5 BIG-IP big3d Process is prone to a local privilege escalation vulnerability. Local attackers may exploit this issue to gain elevated privileges. F5 BIG-IP and so on are all products of F5 Company in the United States. F5 BIG-IP is an all-in-one network device that integrates functions such as network traffic management, application security management, and load balancing. Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. Security flaws exist in several F5 products. The vulnerability stems from the fact that the big3d process does not remove elevated group privileges at startup

AVEVA InduSoft Web Studio v8.1 and v8.1SP1, and InTouch Machine Edition v2017 8.1 and v2017 8.1 SP1 a remote user could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. AVEVA InduSoft Web Studio and InTouch Machine Edition Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA InduSoft Web Studio and InTouch Machine Edition are products of AVEVA Group plc, UK. AVEVA InduSoft Web Studio is a set of industrial control configuration software. InTouch Machine Edition is an embedded HMI package. Attackers can exploit this issue to execute arbitrary code within the context of the affected device. Failed exploit attempts will likely cause a denial-of-service condition

AVEVA InTouch 2014 R2 SP1 and prior, InTouch 2017, InTouch 2017 Update 1, and InTouch 2017 Update 2 allow an unauthenticated user to send a specially crafted packet that could overflow the buffer on a locale not using a dot floating point separator. Exploitation could allow remote code execution under the privileges of the InTouch View process. AVEVA InTouch 2014 and InTouch 2017 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AVEVA InTouch is an embedded HMI software package from AVEVA Group plc, UK. The product provides read, write tag and event monitoring for HMI clients. There is a security hole in AVEVA InTouch. AVEVA InTouch is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Failed exploit attempts will likely cause a denial-of-service condition

TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses. TP-Link WR840N The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The TP-LinkWR840N is a wireless router product from China Unicom (TP-LINK). A buffer overflow vulnerability exists in TP-LinkWR840N

In Moxa NPort 5210, 5230, and 5232 versions 2.9 build 17030709 and prior, the amount of resources requested by a malicious actor are not restricted, allowing for a denial-of-service condition. Moxa NPort 5210 , 5230 and 5232 Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Moxa's NPort 5210, 5230 and 5232 are all Moxa's serial communication servers for connecting industrial serial devices to the network. A security vulnerability exists in Moxa's NPort 5210, 5230, and 52322.9build17030709 and earlier versions that caused the program to fail to limit the size of the requested resource. An attacker could exploit the vulnerability to cause a denial of service. Moxa NPort is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to resource exhaustion and crash the affected application, denying service to legitimate users. There are security vulnerabilities in Moxa NPort 5210, 5230, and 5232 2.9 build 17030709 and earlier versions