VARIoT IoT vulnerabilities database

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter "URL" from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website. Vera VeraEdge and Veralite The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder "cmh-ext" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack. Vera VeraEdge and Veralite The device contains a path traversal vulnerability.Information may be obtained. A security vulnerability exists in Vera VeraEdge version 1.7.19 and Veralite version 1.7.481 due to the program not validating the 'filename' parameter properly

An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges. Vera Veralite The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary files from the vulnerable system using path traversal sequences. This solution can provide remote access to virtual desktops and applications for devices on the network

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution. Huawei P9 Plus Smartphone software contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiP9Plus is a smartphone product from China's Huawei company. A voice error reference vulnerability exists in the voice wakeup module driver in versions prior to HuaweiP9PlusVIE-AL10BC00B353

A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429, 7.00-20140621, 7.00-20140729, 7.00-20141022, 8.00-20140730, and 8.00-20141023. There is no authorization check when connecting to the device, allowing an attacker remote access. A security vulnerability exists in Rockwell Automation PanelView Plus 6 700-1500 that caused the program to fail to perform authentication detection. The following versions are affected: Rockwell Automation PanelView Plus 6 700-1500 Version 6.00.04, Version 6.00.05, Version 6.00.42, Version 6.00-20140306, Version 6.10.20121012, Version 6.10-20140122, Version 7.00-20121012, Version 7.00- Vers, 7.00-20130325 version, 7.00-20130619 version, 7.00-20140128 version, 7.00-20140310 version, 7.00-20140429 version, 7.00-20140729 version, 7.00-20140729, 7.00-20140621 version, 7.00-20141022, 8.00-00. 20141023 version

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method. Apache Tomcat Contains a security restriction bypass vulnerability. The Apache Software Foundation From Apache Tomcat An update has been released for the following vulnerabilities: * * Security restriction bypass vulnerability related to error page processing (CVE-2017-5664 )Crafted HTTP By processing the request, the error page may be deleted or overwritten. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: tomcat security update Advisory ID: RHSA-2017:1809-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:1809 Issue date: 2017-07-27 CVE Names: CVE-2017-5648 CVE-2017-5664 ===================================================================== 1. Summary: An update for tomcat is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux Client Optional (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server Optional (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux Workstation Optional (v. 7) - noarch 3. When running an untrusted application under a SecurityManager it was possible, under some circumstances, for that application to retain references to the request or response objects and thereby access and/or modify information associated with another web application. (CVE-2017-5648) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1441223 - CVE-2017-5648 tomcat: Calls to application listeners did not use the appropriate facade object 1459158 - CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Client Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Server Optional (v. 7): noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: tomcat-7.0.69-12.el7_3.src.rpm noarch: tomcat-7.0.69-12.el7_3.noarch.rpm tomcat-admin-webapps-7.0.69-12.el7_3.noarch.rpm tomcat-el-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-jsp-2.2-api-7.0.69-12.el7_3.noarch.rpm tomcat-lib-7.0.69-12.el7_3.noarch.rpm tomcat-servlet-3.0-api-7.0.69-12.el7_3.noarch.rpm tomcat-webapps-7.0.69-12.el7_3.noarch.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): noarch: tomcat-docs-webapp-7.0.69-12.el7_3.noarch.rpm tomcat-javadoc-7.0.69-12.el7_3.noarch.rpm tomcat-jsvc-7.0.69-12.el7_3.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-5648 https://access.redhat.com/security/cve/CVE-2017-5664 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFZeYTJXlSAg2UNWIIRAiRLAJ9mLApI6LC2N8mfgxyqv7Ndu04maACfaPeM /dGPQXHuX1omxWSQ/miLBj8= =Ia1W -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library. The updates are documented in the Release Notes document linked to in the References. Security Fix(es): * A memory leak flaw was found in the way OpenSSL handled TLS status request extension data during session renegotiation. A remote attacker could cause a TLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory, if it enabled OCSP stapling support. (CVE-2016-6304) * A vulnerability was discovered in tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure. (CVE-2017-5664) * A denial of service flaw was found in the way the TLS/SSL protocol defined processing of ALERT packets during a connection handshake. A remote attacker could use this flaw to make a TLS/SSL server consume an excessive amount of CPU and fail to accept connections from other clients. (CVE-2016-8610) Red Hat would like to thank the OpenSSL project for reporting CVE-2016-6304 and Shi Lei (Gear Team of Qihoo 360 Inc.) for reporting CVE-2016-8610. Upstream acknowledges Shi Lei (Gear Team of Qihoo 360 Inc.) as the original reporter of CVE-2016-6304. Solution: Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files). The References section of this erratum contains a download link (you must log in to download the update). Security Fix(es): * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application

Insufficient clickjacking protection in the Web User Interface of Intel AMT firmware versions before 9.1.40.1000, 9.5.60.1952, 10.0.50.1004, 11.0.0.1205, and 11.6.25.1129 potentially allowing a remote attacker to hijack users web clicks via attacker's crafted web page. Intel Active Management Technology is prone to a clickjacking vulnerability. Successfully exploiting this issue may allow attackers to gain unauthorized access to the affected application or obtain sensitive information. Other attacks are also possible. Intel Active Management Technology firmware versions before 9.1.40.100, 9.5.60.1952, 10.0.0.50.1004 and 11.0.0.1205 are vulnerable. Web User Interface is one of the Web management interfaces. The following versions are affected: Intel AMT firmware prior to 9.1.40.1000, prior to 9.5.60.1952, prior to 10.0.50.1004, prior to 11.0.0.1205, prior to 11.6.25.1129

An OS command injection vulnerability exists in EnGenius EnShare Cloud Service version 1.4.11 and earlier. The usbinteract.cgi script fails to properly sanitize user input passed to the path parameter, allowing unauthenticated remote attackers to inject arbitrary shell commands. The injected commands are executed with root privileges, leading to full system compromise.  Exploitation evidence was observed by the Shadowserver Foundation on 2024-12-05 UTC. ESR300 firmware, ESR350 firmware, ESR600 firmware etc. (DoS) It may be in a state. EnGenius Enshare is a USB media storage sharing application. Allows an attacker to exploit a vulnerability to execute arbitrary code. With the EnGenius IoT Gigabit Routers and free EnShare app, use your iPhone, iPad or Android-based tablet or smartphone to transfer video, music and other files to and from a router-attached USB hard drive. The EnShare feature allows you to access media content stored on a USB hard drive connected to the router's USB port in the home and when you are away from home when you have access to the Internet

In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality. Lenovo Active Protection System Contains vulnerabilities related to authorization, permissions, and access control.Service operation interruption (DoS) There is a possibility of being put into a state. LenovoThinkpad is a portable computer under the Lenovo China company. ActiveProtectionSystem is an autonomous feature that protects the hard drive from damage caused by strong physical shock and vibration. A privilege elevation vulnerability exists in versions of ActiveProtectionSystem prior to 1.82.0.14 in Lenovo Thinkpad

In the Lenovo Power Management driver before 1.67.12.24, a local user may alter the trackpoint's firmware and stop the trackpoint from functioning correctly. This issue only affects ThinkPad X1 Carbon 5th generation. LenovoThinkPadX1Carbon is a portable computer from China's Lenovo. A privilege elevation vulnerability exists in the version of PowerManagement driver prior to 1.67.12.24 in Lenovo ThinkPadX1 Carbon5th

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Broadcom BCM43xx Wi-Fichips is a combined chip for 5G Wi-Fi. Google Android is prone to multiple security vulnerabilities. Failed exploit attempts may result in a denial of service condition. Broadcom is a supply chain manufacturer of Apple, Google, HTC, LG, Samsung and other manufacturers. Broadcom BCM43xx WiFi chips are widely used in iOS and Android mobile terminal devices. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro's Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro's Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro's Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab Additional recognition Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance. Installation note: Safari 12.1.1 may be obtained from the Mac App Store. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13077: Mathy Vanhoef of the imec-DistriNet group at KU Leuven CVE-2017-13078: Mathy Vanhoef of the imec-DistriNet group at KU Leuven AirPort Base Station Firmware Available for: AirPort Extreme and AirPort Time Capsule base stations with 802.11ac Impact: An attacker in Wi-Fi range may force nonce reuse in WPA multicast/GTK clients (Key Reinstallation Attacks - KRACK) Description: A logic issue existed in the handling of state transitions. This was addressed with improved state management. CVE-2017-13080: Mathy Vanhoef of the imec-DistriNet group at KU Leuven Installation note: Firmware version 7.7.9 is installed on AirPort Extreme or AirPort Time Capsule base stations with 802.11ac using AirPort Utility for Mac or iOS. AirPort Utility for Mac is a free download from https://support.apple.com/downloads/ and AirPort Utility for iOS is a free download from the App Store. -----BEGIN PGP SIGNATURE----- iQJdBAEBCgBHFiEEcuX4rtoRe4X62yWlg6PvjDRstEYFAlowGCIpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQg6PvjDRstEaeLxAA kulHMKbWoRlguzlQWGhdS4hXLD02MvBz0Sc8NGCyp66N+THvc+uBnbfo283E+z01 eL7gqpMGgJ5cs7EVCCGtHMreg330d+9IiiSgbB2GZxddyc8pKymhYPstKtJazTWa 4NvnBCW2pzcmDieAyuhKRVxvqKRbTHsc0qfPPyKIB8KIh4L6KlcOWrdxbLK02qxi 5I7jEh5U41v3Z1ZXdmypqwM7M/Pur6IMmR4fHeA4fxH0BVq6uyiG88mOkfk3QHSJ hHafQSQraPrmDbFvDB4hUZs/0rXPWcQ0FoQupMhcE2tgzc4/AL1BPYrkymEp9Y5J bpKfOFCrRKSoqNs7vyq7BmWohwkXao427USAMNTwNsC8eANtVtYSVgINaw+vzt6d xvNN6uul88v36Ta5EKHgAcV8uhcv83VH7NLzHJzdsHAychN+FsOVlXSgUNFM6S4a n6/7HgZIGFPhSnkyywryax+9YrEkSaa9z1lFnhpMjwNLt1VGU6bUvpfLlNQS39L0 6YkY/qqlGdrI3OYBUae01oopK35rJi9S+kpTy/09eIb99s72aJHwrXr93UYJJlxg pYFtiucmkQJCOa048OsK3MFBr65F5scDMdTQlePThnjc5XFVP5/H1zWEHtOvVMO2 6iDe0wzR8ykyW2/o4Jv0w4cgLCiEyjsjWh95F1uyDLo= =ri7s -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-07-19-3 watchOS 3.2.2 watchOS 3.2.2 is now available and addresses the following: Contacts Available for: All Apple Watch models Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed through improved memory handling. CVE-2017-7062: Shashank (@cyberboyIndia) IOUSBFamily Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7009: shrek_wzw of Qihoo 360 Nirvan Team Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7022: an anonymous researcher CVE-2017-7024: an anonymous researcher CVE-2017-7026: an anonymous researcher Kernel Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7023: an anonymous researcher CVE-2017-7025: an anonymous researcher CVE-2017-7027: an anonymous researcher CVE-2017-7069: Proteas of Qihoo 360 Nirvan Team Kernel Available for: All Apple Watch models Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2017-7028: an anonymous researcher CVE-2017-7029: an anonymous researcher libarchive Available for: All Apple Watch models Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: A buffer overflow was addressed through improved bounds checking. CVE-2017-7068: found by OSS-Fuzz libxml2 Available for: All Apple Watch models Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: An out-of-bounds read was addressed through improved bounds checking. CVE-2017-7013: found by OSS-Fuzz libxpc Available for: All Apple Watch models Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-7047: Ian Beer of Google Project Zero Messages Available for: All Apple Watch models Impact: A remote attacker may cause an unexpected application termination Description: A memory consumption issue was addressed through improved memory handling. CVE-2017-7063: Shashank (@cyberboyIndia) Wi-Fi Available for: All Apple Watch models Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip Description: A memory corruption issue was addressed with improved memory handling. CVE-2017-9417: Nitay Artenstein of Exodus Intelligence Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJZb5VSAAoJEIOj74w0bLRGds4P/jn6yqMh+cw1dYmhfloU/XGi J4Q6JbGTWLBvacsucsneTvDW6EtuZUWTENaRsndj3HFK+awwEcdfx/MkEO7LaDfQ 0cVBkij5+V0hEn3e6eNItTdKZ85h5C4zjEE76BPw6hqcCuf9t3ZqDtyubKKXb3V+ 6D6l64G/m5krs/bB65Evj/XSd3d1vNLQ03zYCKjfgqpI5P/pFv2PEdzOnH8oWYz8 mVcqQW6sRgiFsIq4W88qP1WaQmDLVlYdoPqfd+a98JoGDUebi6PcgxxJl9fXFIo6 jv0zBoXr2begOJFSo3duxOPxlnLienv+qNScdENTDgZORcJ8loALtnCN5ICWIGcE K1eqNW63nNK0Gq1EhMXMT3MktgbP8BJEc8pEs82U73XD9DVgYKcCGGNzfj7qFQAm GE18IEd20h+0N/Irk+TN+9pYf+Vf+7RNA4naRfLBOsiTRZjmDJ3ds9LWawle5Rlx hR9mznsR3zqhh6vBDvIt9vSEJXV5X61hkTe7Q4jHkHj04XLUidMWkI47BqLGYTK6 jtEHF/4Mk5A+KG+jjpxZs6LtweTQqudQSqnDXtJlE1LRJ4b1jHNNUUm05tx2lGxi zrDgNGFQtzZ0Gds9wXQjpE5eFNa7X2VUArqHiJUHnoxLMvLtBVMa7vuTvyrPGdnb QvBYRDybEp8yUkxd8seM =Ci3F -----END PGP SIGNATURE-----

In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. Lenovo Service Bridge Contains a certificate validation vulnerability.Information may be tampered with. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device

In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. Lenovo Service Bridge Contains an information disclosure vulnerability.Information may be obtained

In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges. Lenovo Service Bridge Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A security vulnerability exists in versions prior to Lenovo Service Bridge 4

A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. Lenovo Service Bridge is a Windows program from the Chinese company Lenovo that automatically detects the serial number and model number of a device. A remote attacker could exploit this vulnerability to perform unauthorized operations

IBM Security Access Manager for Web 9.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 114462. Vendors have confirmed this vulnerability IBM X-Force ID: 114462 It is released as.An attacker could decipher sensitive information. An attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing

IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. Attackers can exploit this issue to bypass security restrictions and gain unauthorized access to the vulnerable system; this may aid in launching further attacks. There are security holes in ISAM for Web

HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. Attackers can exploit the vulnerability to plant malicious scripts into the configuration file to interrupt the services of legitimate users. Huawei HedEx Lite is a document management software developed by Huawei in China

HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services. HedEx Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei HedEx Lite is a document management software developed by Huawei in China. Attackers can use malicious scripts to exploit this vulnerability to modify the configuration and interfere with the operation of legitimate users