VARIoT IoT vulnerabilities database

An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. Natus Xltek NeuroWorks Contains an out-of-bounds vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Natus Xltek NeuroWorks is a universal software platform for EEG testing, long-term monitoring, ICU monitoring and sleep research at Natus Medical. Natus Xltek NeuroWorks/SleepWorks are prone to the following security vulnerabilities: 1. Multiple stack-based buffer-overflow vulnerabilities 2. Multiple denial-of-service vulnerabilities An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Xltek NeuroWorks/SleepWorks 8 are vulnerable

On F5 BIG-IP 13.1.0-13.1.0.3, 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 and Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, restrictions on allowed commands may not be enforced. plural F5 BIG-IP The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to elevate privileges. The following products and versions are affected: F5 BIG-IP LTM Release 13.1.0, Release 13.0.0, Release 12.1.0 to Release 12.1.3, Release 11.6.1 to Release 11.6.3, Release 11.5.1 to Release 11.5.5 Version, 11.2.1; BIG-IP AAM 13.1.0, 13.0.0, 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5 , version 11.2.1; BIG-IP AFM version 13.1.0, version 13.0.0, version 12.1.0 to version 12.1.3, version 11.6.1 to version 11.6.3, version 11.5.1 to version 11.5.5, Version 11.2.1; BIG-IP Analytics 13.1.0, 13.0.0, 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2 .1 version; BIG-IP APM version 13.1.0, version 13.0.0, version 12.1.0 to version 12.1.3, version 11.6.1 to version 11.6.3, version 11.5.1 to version 11.5.5, version 11.2. 1 release; BIG-IP ASM releases 13.1.0, 13.0.0, 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1 Versions; BIG-IP DNS 13.1.0, 13.0.0, 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1 ; BIG-IP Edge Gateway Version 13.1.0, Version 13.0.0, Version 12.1.0 to Version 12.1.3, Version 11.6.1 to Version 11.6.3, Version 11.5.1 to Version 11.5

Features in F5 BIG-IP 13.0.0-13.1.0.3, 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 system that utilizes inflate functionality directly, via an iRule, or via the inflate code from PEM module are subjected to a service disruption via a "Zip Bomb" attack. plural F5 BIG-IP The product contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to cause a denial of service by implementing a 'Zip Bomb' attack. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0.3, 12.1.0 to 12.1.3.1, 11.6.1 to 11.6.3.1, 11.5.1 to 11.5.5 Version, 11.2.1; BIG-IP AAM 13.0.0 to 13.1.0.3, 12.1.0 to 12.1.3.1, 11.6.1 to 11.6.3.1, 11.5.1 to 11.5.5 , version 11.2.1; BIG-IP AFM version 13.0.0 to version 13.1.0.3, version 12.1.0 to version 12.1.3.1, version 11.6.1 to version 11.6.3.1, version 11.5.1 to version 11.5.5, Version 11.2.1; BIG-IP Analytics 13.0.0 through 13.1.0.3, 12.1.0 through 12.1.3.1, 11.6.1 through 11.6.3.1, 11.5.1 through 11.5.5, 11.2 .1 version; BIG-IP APM versions 13.0.0 to 13.1.0.3, 12.1.0 to 12.1.3.1, 11.6.1 to 11.6.3.1, 11.5.1 to 11.5.5, 11.2. 1 release; BIG-IP ASM 13.0.0 to 13.1.0.3, 12.1.0 to 12.1.3.1, 11.6.1 to 11.6.3.1, 11.5.1 to 11.5.5, 11.2.1 Version; BIG-IP DNS 13.0.0 to 13.1.0.3, 12.1.0 to 12.1.3.1, 11.6.1 to 11.6.3.1, 11.5.1 to 11.5.5, 11.2.1 ; BIG-IP Edge Gateway version 13.0.0 to 13

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. plural Huawei Server products contain injection vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei1288HV5 and other Huawei server models are different types of servers. IntelligentBaseboardManagementController (iBMC) is one of the embedded server intelligent management systems. Huawei 1288H V5, etc. The following products and versions are affected: Huawei 1288H V5 V100R005C00 Version; 2288H V5 V100R005C00 Version; 2488 V5 V100R005C00 Version; CH121 V3 V100R001C00 Version; CH121L V3 V100R001C00 Version; CH121L V5 V100R001C00 Version; CH121 V5 V100R001C00 Version; CH140 V3 V100R001C00 Version; CH140L V3 V100R001C00 Version; CH220 V3 V100R001C00 Version; CH222 V3 V100R001C00 Version; CH242 V3 V100R001C00 Version; CH242 V5 V100R001C00 Version; RH1288 V3 V100R003C00 Version; RH2288 V3 V100R003C00 Version; RH2288H V3 V100R003C00 Version; XH310 V3 V100R003C00 Version; XH321 V3 V100R003C00 Version; XH321 V5 V100R005C00 version; XH620 V3 V100R003C00 version

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a JSON injection vulnerability due to insufficient input validation. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Successful exploit may allow attackers to obtain the management privilege of the system. plural Huawei Server products contain injection vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei1288HV5 and other Huawei server models are different types of servers. IntelligentBaseboardManagementController (iBMC) is one of the embedded server intelligent management systems. Huawei 1288H V5, etc. The following products and versions are affected: Huawei 1288H V5 V100R005C00 Version; 2288H V5 V100R005C00 Version; 2488 V5 V100R005C00 Version; CH121 V3 V100R001C00 Version; CH121L V3 V100R001C00 Version; CH121L V5 V100R001C00 Version; CH121 V5 V100R001C00 Version; CH140 V3 V100R001C00 Version; CH140L V3 V100R001C00 Version; CH220 V3 V100R001C00 Version; CH222 V3 V100R001C00 Version; CH242 V3 V100R001C00 Version; CH242 V5 V100R001C00 Version; RH1288 V3 V100R003C00 Version; RH2288 V3 V100R003C00 Version; RH2288H V3 V100R003C00 Version; XH310 V3 V100R003C00 Version; XH321 V3 V100R003C00 Version; XH321 V5 V100R005C00 version; XH620 V3 V100R003C00 version

Under certain conditions, on F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.6.1 HF2-11.6.3.1, virtual servers configured with Client SSL or Server SSL profiles which make use of network hardware security module (HSM) functionality are exposed and impacted by this issue. plural F5 BIG-IP The product contains a vulnerability related to environment settings.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Security flaws exist in several F5 products. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are affected: F5 BIG-IP LTM version 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP AAM 13.0.0 Versions to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP AFM 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 Versions, 11.6.1 HF2 to 11.6.3; BIG-IP Analytics 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP Analytics IP APM 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP ASM 13.0.0 to 13.1.0, 12.1.0 Versions to 12.1.3, 11.6.1 HF2 to 11.6.3; BIG-IP Edge Gateway 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6 .3 releases; BIG-IP FPS releases 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 releases, 11.6.1 HF2 releases to 11.6.3 releases; BIG-IP Link Controller releases 13.0.0 to 13.1 .0, 12.1.0 to 12.1.3, 11.6.1 HF2 to 11.6.3; PEM; BIG-IP WebAccelerator 13.0.0 to 13.1.0, 12.1.0 to 12.1.3 , 11.6.1 HF2 version to 11.6. 3 versions

The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have a privilege escalation vulnerability. A remote attacker may send some specially crafted login messages to the affected products. Due to improper authentication design, successful exploit enables low privileged users to get or modify passwords of highly privileged users. plural Huawei The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei1288HV5 and other Huawei server models are different types of servers. IntelligentBaseboardManagementController (iBMC) is one of the embedded server intelligent management systems. There are privilege escalation vulnerabilities in iBMC in various Huawei products. Huawei 1288H V5, etc. The following products and versions are affected: Huawei 1288H V5 V100R005C00 Version; 2288H V5 V100R005C00 Version; 2488 V5 V100R005C00 Version; CH121 V3 V100R001C00 Version; CH121L V3 V100R001C00 Version; CH121L V5 V100R001C00 Version; CH121 V5 V100R001C00 Version; CH140 V3 V100R001C00 Version; CH140L V3 V100R001C00 Version; CH220 V3 V100R001C00 Version; CH222 V3 V100R001C00 Version; CH242 V3 V100R001C00 Version; CH242 V5 V100R001C00 Version; RH1288 V3 V100R003C00 Version; RH2288 V3 V100R003C00 Version; RH2288H V3 V100R003C00 Version; XH310 V3 V100R003C00 Version; XH321 V3 V100R003C00 Version; XH321 V5 V100R005C00 version; XH620 V3 V100R003C00 version

A local file vulnerability exists in the F5 BIG-IP Configuration utility on versions 13.0.0, 12.1.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1 that exposes files containing F5-provided data only and do not include any configuration data, proxied traffic, or other potentially sensitive customer data. plural F5 BIG-IP Configuration utility Contains an information disclosure vulnerability.Information may be obtained. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. Configuration utility is one of the configuration utilities. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.1.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.3, Release 11.2.1 to Release 11.5.5; BIG-IP AAM 13.0.0, 12.1.0 to 12.1.2, 11.6.0 to 11.6.3, 11.2.1 to 11.5.5; BIG-IP AFM 13.0.0, 12.1.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.3, Version 11.2.1 to Version 11.5.5; BIG-IP Analytics Version 13.0.0, Version 12.1.0 to Version 12.1.2, Version 11.6.0 to Version 11.6 .3 version, 11.2.1 to 11.5.5 version; BIG-IP APM 13.0.0 version, 12.1.0 to 12.1.2 version, 11.6.0 to 11.6.3 version, 11.2.1 to 11.5 version. 5; BIG-IP ASM 13.0.0, 12.1.0 to 12.1.2, 11.6.0 to 11.6.3, 11.2.1 to 11.5.5; BIG-IP DNS 13.0.0 , Version 12.1.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.3, Version 11.2.1 to Version 11.5.5; BIG-IP Edge Gateway Version 13.0.0, Version 12.1.0 to Version 12.1.2 , 11.6.0 to 11.6.3, 11.2.1 to 11.5.5; BIG-IP FPS 13.0.0, 12.1.0 to 12.1.2, 11.6.0 to 11.6.3, Version 11.2.1 to 11.5

On F5 BIG-IP 12.1.0-12.1.3.1, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, carefully crafted URLs can be used to reflect arbitrary content into GeoIP lookup responses, potentially exposing clients to XSS. plural F5 BIG-IP The product contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. F5 BIG-IP LTM is a local traffic manager; BIG-IP AAM is an application acceleration manager. A security vulnerability exists in several F5 products due to the fact that the interface does not properly sanitize the HTML code in the input before displaying the user-submitted input in the GeoIP query response. An attacker can exploit this vulnerability to execute arbitrary script code by creating a specially crafted URL. The following products and versions are affected: F5 BIG-IP LTM Versions 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1; BIG-IP AAM 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1; BIG-IP AFM 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1; BIG-IP Analytics 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5 .1 to 11.5.5, 11.2.1; BIG-IP APM 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2. 1 version; BIG-IP ASM version 12.1.0 through 12.1.3, version 11.6.1 through version 11.6.3, version 11.5.1 through version 11.5.5, version 11.2.1; BIG-IP DNS version 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1; BIG-IP Edge Gateway 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to 11.5.5, 11.2.1; BIG-IP FPS 12.1.0 to 12.1.3, 11.6.1 to 11.6.3, 11.5.1 to Version 11.5.5, 11.2

On F5 BIG-IP 13.0.0, 12.0.0-12.1.2, 11.6.1-11.6.3.1, 11.5.1-11.5.5, or 11.2.1, when processing DIAMETER transactions with carefully crafted attribute-value pairs, TMM may crash. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IPLTM and other products are products of American F5 Company. F5BIG-IPLTM is a local traffic manager; BIG-IPAAM is an application acceleration manager. There are security vulnerabilities in several F5 products. A remote attacker could exploit the vulnerability with a DIAMETER packet to cause a denial of service (TMM crash). An attacker can exploit this issue to restart the affected application resulting in denial-of-service conditions. F5 BIG-IP LTM, etc. The following products and versions are affected: F5 BIG-IP LTM Release 13.0.0, Release 12.0.0 to Release 12.1.2, Release 11.6.0 to Release 11.6.3, Release 11.5.0 to Release 11.5.5, Release 11.2.1 Versions; BIG-IP AAM Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.3, Version 11.5.0 to Version 11.5.5, Version 11.2.1; BIG-IP AFM Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.3, Version 11.5.0 to Version 11.5.5, Version 11.2.1; BIG-IP Analytics Version 13.0.0, Version 12.0 .0 to 12.1.2, 11.6.0 to 11.6.3, 11.5.0 to 11.5.5, 11.2.1; BIG-IP APM 13.0.0, 12.0.0 to 12.1. 2 versions, 11.6.0 to 11.6.3, 11.5.0 to 11.5.5, 11.2.1; BIG-IP ASM 13.0.0, 12.0.0 to 12.1.2, 11.6.0 Versions to 11.6.3, 11.5.0 to 11.5.5, 11.2.1; BIG-IP DNS 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.3 , Version 11.5.0 to Version 11.5.5, Version 11.2.1; BIG-IP Edge Gateway Version 13.0.0, Version 12.0.0 to Version 12.1.2, Version 11.6.0 to Version 11.6.3, Version 11.5.0 to version 11.5.5, version 11.2.1; BIG-IP GTM version 13.0.0, version 12.0.0 to 12.1

There is a stored cross-site scripting (XSS) vulnerability in Huawei eSpace Desktop V300R001C00 and V300R001C50 version. Due to the insufficient validation of the input, an authenticated, remote attacker could exploit this vulnerability to send abnormal messages to the system and perform a XSS attack. A successful exploit could cause the eSpace Desktop to hang up, and the function will restore to normal after restarting the eSpace Desktop. Huawei eSpace Desktop is a communication PC client based on the eSpace unified communication solution of Huawei in China. It provides instant messaging, status presentation, personal address book, VoIP call, video call, file transfer, voice conference, Business applications such as data conferencing. The vulnerability is caused by insufficient verification input in the program

Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. Brother HL-L2340D and HL-L2380DW Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

Improper access control vulnerability in Synology Drive before 1.0.2-10275 allows remote authenticated users to access non-shared files or folders via unspecified vectors. Synology Drive Contains an access control vulnerability.Information may be obtained. Synology Drive is a collaborative office suite from Synology, which includes the functions of document management, collaborative office and file synchronization backup

Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. Synology Drive Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Synology Drive is a collaborative office suite from Synology, which includes the functions of document management, collaborative office and file synchronization backup. File Sharing Notify Toast is one of the file sharing components

An issue was discovered in certain Apple products. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to spoof the address bar via a crafted web site. This may allow a remote attacker to carry out phishing-style attacks. Versions prior to Safari 11.1.1 are vulnerable. Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-2 Safari 11.1.1 Safari 11.1.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4205: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Safari 11.1.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa04pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHOVEQ/+ P+thAL+hl4RuHIXCrfh/eZ+GgwPXDDVSPRefnHckiEMZSXpSDiTTu1JwWkgHf44l xwOqvFd56zSVo/gk/45FnOcpoXxcFuHk2ddJvZM4R4EaCwKW3PEcTIL+8klxyDWo 17HqxtfB32Gy6BSARcfTkXZ1/c4CfhQefYiU2JtLDui6iZLUzDEGWdQRf/Q0H8tx DNBVy1i5HGZdrZ6sgR7eKZKyuscqj9n0IbBUybPOQ37OFRfl8CYPT+XB6djgWGxo sLkZi+XYl/O/PXzQt9XfxkgKUjvvlR2hkt2mKTjFEUQDQIha4BkE2+1EdJZPNROz LRbMnxiAvY/7vb5a98h8nmXe3Z/Os/BZYyipMQjbMQt5BNkRHQK03prn7kd/g1F1 eKeplTnob9CDMcEbdnn5KvkdYcoyJFqcignVvGFJQupAU8+HJgneH4ky5laGkHY5 8JU98flmzwySOmqaTLNqfDKDQlH0Vz053KAyxZ1S8DKfmdG7ulB0lWeD02pL/vdB aAV5jI08/QpXasU2cbM0tHO1rPiYocXCSZJKNvFVlkP6z/l7hiGnJ50x1uG4eYX9 dY8K0wTe76q/co81DWUkvd+D7634tL0vmv9K3bpFoyPQJCzn2EPl97IYFcLdtGC7 NQRA+mye5jeky3zqYi5GZTuVWIqR8+I0vkYp4YHjli8= =LQMS -----END PGP SIGNATURE-----

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. The issue involves the "Safari" component. It allows remote attackers to cause a denial of service (persistent Safari outage) via a crafted web site. Apple iOS and Safari are prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser included with Mac OS X and iOS operating systems. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-06-01-2 Safari 11.1.1 Safari 11.1.1 is now available and addresses the following: Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: A malicious website may be able to cause a denial of service Description: A denial of service issue was addressed with improved validation. CVE-2018-4247: FranASSois Renaud, Jesse Viviano of Verizon Enterprise Solutions Safari Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4205: xisigr of Tencent's Xuanwu Lab (tencent.com) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may lead to cookies being overwritten Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed with improved restrictions. CVE-2018-4232: an anonymous researcher, Aymeric Chaib WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4246: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved locking. CVE-2018-4192: Markus Gaasedelen, Nick Burnett, and Patrick Biernat of Ret2 Systems, Inc working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4214: found by OSS-Fuzz WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4188: YoKo Kho (@YoKoAcc) of Mitra Integrasi Informatika, PT WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4201: an anonymous researcher CVE-2018-4218: Natalie Silvanovich of Google Project Zero CVE-2018-4233: Samuel GroA (@5aelo) working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. CVE-2018-4190: Jun Kokatsu (@shhnjk) WebKit Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, and macOS High Sierra 10.13.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4222: Natalie Silvanovich of Google Project Zero Installation note: Safari 11.1.1 may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEWpnGpHhyhjM9LuGIyxcaHpDFUHMFAlsRa04pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQyxcaHpDFUHOVEQ/+ P+thAL+hl4RuHIXCrfh/eZ+GgwPXDDVSPRefnHckiEMZSXpSDiTTu1JwWkgHf44l xwOqvFd56zSVo/gk/45FnOcpoXxcFuHk2ddJvZM4R4EaCwKW3PEcTIL+8klxyDWo 17HqxtfB32Gy6BSARcfTkXZ1/c4CfhQefYiU2JtLDui6iZLUzDEGWdQRf/Q0H8tx DNBVy1i5HGZdrZ6sgR7eKZKyuscqj9n0IbBUybPOQ37OFRfl8CYPT+XB6djgWGxo sLkZi+XYl/O/PXzQt9XfxkgKUjvvlR2hkt2mKTjFEUQDQIha4BkE2+1EdJZPNROz LRbMnxiAvY/7vb5a98h8nmXe3Z/Os/BZYyipMQjbMQt5BNkRHQK03prn7kd/g1F1 eKeplTnob9CDMcEbdnn5KvkdYcoyJFqcignVvGFJQupAU8+HJgneH4ky5laGkHY5 8JU98flmzwySOmqaTLNqfDKDQlH0Vz053KAyxZ1S8DKfmdG7ulB0lWeD02pL/vdB aAV5jI08/QpXasU2cbM0tHO1rPiYocXCSZJKNvFVlkP6z/l7hiGnJ50x1uG4eYX9 dY8K0wTe76q/co81DWUkvd+D7634tL0vmv9K3bpFoyPQJCzn2EPl97IYFcLdtGC7 NQRA+mye5jeky3zqYi5GZTuVWIqR8+I0vkYp4YHjli8= =LQMS -----END PGP SIGNATURE-----

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable

Multiple variants of XML External Entity (XXE) attacks may be used to exfiltrate data from the host Windows platform in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of GE MDS PulseNET. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XmlAdapterServlet servlet. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information under the context of the service. GEMDSPulseNET and MDSPulseNETEnterprise are products of General Electric (GE). GEMDSPulseNET is a network management software designed for radio communication systems. MDSPulseNETEnterprise is its enterprise version. Security vulnerabilities existed in GEMDSPulseNET and MDSPulseNET Enterprise 3.2.1 and earlier. Multiple GE MDS PulseNET products are prone to multiple security vulnerabilities. Attackers can exploit these issue to bypass the authentication mechanism, use a specially crafted request with directory-traversal sequences ('../') to access or read arbitrary files that contain sensitive information, or to cause a denial-of-service condition

Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application to crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of fields in DPA files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of the current process. Delta Electronics Delta Industrial Automation DOPSoft is a set of human interface applications from Delta Electronics. A remote code-execution vulnerability 2. A stack-based buffer-overflow vulnerability 3. Failed attacks will cause denial of service conditions. DOPSoft 4.00.04 and prior are vulnerable