VARIoT IoT vulnerabilities database

An issue was discovered in certain Apple products. GarageBand before 10.1.6 is affected. The issue involves the "Projects" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted GarageBand project file. Apple From GarageBand and Logic Pro X An update for has been released.Crafted GarageBand An arbitrary code may be executed by opening the project file. Apple GarageBand is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code on the affected system. Failed exploit attempts may result in a denial-of-service condition. Apple GarageBand is a set of music production software from Apple (Apple). A memory corruption vulnerability exists in versions of Apple GarageBand prior to 10.1.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2017-02-21-1 GarageBand 10.1.6 GarageBand 10.1.6 is now available and addresses the following: Projects Available for: OS X Yosemite v10.10 or later Impact: Opening a maliciously crafted GarageBand Project file may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-2017-2374: Tyler Bohan of Cisco Talos Installation note: GarageBand may be obtained from the Mac App Store. Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJYrImXAAoJEIOj74w0bLRGyr0QAILapV0W5UfNAcFn8FeZIXKw H10/c+doJ41Y3QQH+4qo+Y0eMVlKLc8zkQk0Ocz+e3RYtScFCELVysX037qczPuW Znr9lvycMgpuYfIosWmde+1FF7nvSiN7RvAVRMBN4OIOmFT82h+vFxZf2Zeka4JL Ali8kh6uK3W3A8kNJiO0sM/r0G8nRf6OvgtH5YL9gjBc9e6J1m4upx4KEMPRlaiY Ykn7Y03gYk11LwTlB1Q5f+b88VTMtItPLadal3ICQONXGGBu6GyvjOLQVAxVvggn K4pgPRSDh/YvRlCcXl319sJigg+0Fa6gFk/NHcMI4YzOhxWHNUWDzrG721aJCRer 6YWcD6LgHsJODi8yp4yuJ3DbESh3WFiWS4ATVJThOuW8hATGhukbPHvwcoPaM3rN 5MLhImi9QpT2rE92DpQ5X0m/KzLdhOrgk3CnyR1aKmP2L2qD4ZbKlwdMwIKByxlW ypcv+C9BP31KcPLbLhsQGOuNb4NGeTbKv/yQvHB3KeN/w750WtMamT2CE8sFkPnu +X5wQk6pZi6e4Xc5nQbLkIHEPtZNo4O8qUoPPmaTsK6lwcvB1C5/09Zcfc3pOBy7 +Cp+6dimx/nbCcK4dW8QzIZIEd88hXhk9I441lBUGE4AMXU6l5npV/DaZTZOj6Ga b9ZTShls177KyTLSw0CW =gmwM -----END PGP SIGNATURE-----

The virtual VPN gateway is a virtual gateway device of Ruike Electronic Technology Co., Ltd. There is a command execution vulnerability in the Rico Virtual VPN Gateway that allows an attacker to exploit arbitrary commands or reveal sensitive information.

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. Webkit Contains a cross-site scripting vulnerability.Safari May be subjected to a cross-site scripting attack. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome

An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "WiFi" component, which allows local users to obtain sensitive network-configuration information by leveraging global storage. Apple macOS is prone to a local information-disclosure vulnerability. Apple macOS Sierra is a dedicated operating system developed by Apple for Mac computers. WiFi is one of the wireless connectivity components

F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by reading these files. Multiple F5 BIG-IP Products are prone to an information-disclosure vulnerability. This may lead to other attacks. F5 BIG-IP LTM, etc. LTM is a local traffic manager; APM is a solution that provides secure unified access to business-critical applications and networks. REST Framework Logging is one of the logging framework components. The vulnerability stems from the fact that the program stores sensitive attributes (including passwords) in the /var/log/restjavad.0.log file in plain text. The following products and versions are affected: F5 BIG-IP LTM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AAM Release 12.0.0, Release 11.5.0 through Release 11.6.1; BIG-IP AFM Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP Analytics version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP APM version 12.0.0, version 11.5.0 to 11.6. 1 version; BIG-IP ASM version 12.0.0, 11.5.0 through 11.6.1; BIG-IP DNS version 12.0.0; BIG-IP GTM version 11.5.0 through 11.6.1; BIG-IP Link Controller Version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP PEM version 12.0.0, version 11.5.0 to version 11.6.1; BIG-IP WebSafe version 12.0.0, version 11.5.0 to 11.6. 1 version

A local Unauthorized Data Modification vulnerability in HPE OfficeConnect Network Switches version PT.02.01 including PT.01.03 through PT.01.14. HPOfficeConnect 1820 is a switch product of Hewlett-Packard (HP). A local security bypass vulnerability exists in HPOfficeConnectNetworkSwitches. An attacker could exploit this vulnerability to bypass certain security restrictions and perform unauthorized operations. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05388948 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c05388948 Version: 1 HPESBHF03704 rev.1 - HPE OfficeConnect Network Switches, Local Unauthorized Data Modification NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. - HPE OfficeConnect 1820 8G Switch J9979A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 - HPE OfficeConnect 1820 24G PoE+ (185W) Switch J9983A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 - HPE OfficeConnect 1820 24G Switch J9980A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 - HPE OfficeConnect 1820 48G PoE+ (370W) Switch J9984A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 - HPE OfficeConnect 1820 48G Switch J9981A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 - HPE OfficeConnect 1820 8G PoE+ (65W) Switch J9982A - all software versions prior to PT.02.01 including: PT.01.03 through PT.02.01 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5786 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.1 (AV:L/AC:L/Au:N/C:N/I:N/A:P) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 The Hewlett-Packard Enterprise Company thanks Pekka Jrvinen (raspi) for reporting this vulnerability to security-alert@hpe.com RESOLUTION HPE has made the following software update available to resolve the vulnerability in the impacted versions of HPE OfficeConnect Network Switch. Please install version PT.02.01 from the following location: <http://www.hpe.com/networking/support> HISTORY Version:1 (rev.1) - 10 February 2017 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYnjhQAAoJELXhAxt7SZai9rEH/0Dkt5wBcTqXFqVJ1Rj5wjiP fr2BnjYMt7YO47zxQMMGMePhz081YKVaGdK3zmXc/Hlvi3fOlnikyPJF/Kse9QV+ wuv22Caym6PAHD5le64h6Uv8dm8XxSkZS2t0wuFYM4gAqfWWtjeYzOCww7tSyxpQ Yq0190z/TooQduFNy/dV6oy0ACuOUKHJv8EWDP6HH2EQHBrqSgfoQEYuG05A6nLs XE/odmUrM4D3gHTlP0Te1l3+ESaMwPl3zBaG/nlUsuc5yDTDzvolJt9bcLvq3NCw gp7y56TKIdgIhwWD1gxoqBnOwDcEsDH7+mo9utSNMJHn0fiA7Onnnf3P/KIKE3U= =CJ6j -----END PGP SIGNATURE-----

TP-Link is a Chinese network equipment manufacturer such as routers and IOT equipment. There is a command injection vulnerability in the http management interface of TP-LinkC2 and C20i. An attacker could exploit this vulnerability to inject arbitrary shell commands and gain root privileges.

IBM Jazz technology based products might divulge information that might be useful in helping attackers through error messages. IBM X-Force ID: 116868. Vendors have confirmed this vulnerability IBM X-Force ID: 116868 It is released as.Information may be obtained. NetCommWirelessWirelessRouter is a wireless router from NetComm Australia. A security vulnerability exists in NetCommWirelessWirelessRouter that allows a remote attacker to exploit a vulnerability to submit a special request to execute arbitrary commands in the context of an application

TP-LINKArcherC20i/C2 is a router of China Pulian Company. A number of TP-Link routers have denial of service, secure bypass, and command injection vulnerabilities. An attacker exploited the vulnerability to bypass unauthorized enforcement of unauthorized actions, resulting in a denial of service or arbitrary commands with user privileges in the affected application environment. Multiple TP-Link Routers are prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A security-bypass vulnerability 3. The following products are vulnerable: TP-Link Archer C2 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n. TP-Link Archer C20i 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Cross Site Request Forgery vulnerabilities have been identified. The flaws exist within the Redis and Apache Felix Gogo servers that are installed as part of this product. By issuing specific HTTP Post requests, an attacker can gain system level access to a remote shell session. Smart Security Manager Versions 1.5 and prior are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible

An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing specific HTTP requests, if a user visits a malicious page, an attacker can gain access to arbitrary files on the server. Smart Security Manager Versions 1.4 and prior to 1.31 are affected by these vulnerabilities. These vulnerabilities can allow for remote code execution. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions and obtain sensitive information. Other attacks are also possible

With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. OxygenOS Contains an access control vulnerability.Information may be obtained and information may be altered. OnePlus3 and 3T are the smartphones of OnePlus. OxygenOS is its own operating system. There is a security bypass vulnerability in OxygenOS in OnePlus3 and 3T. OnePlus OxygenOS is prone to a local code-execution vulnerability. A local attacker can leverage this issue to execute arbitrary code in the context of affected application. Failed attempts may lead to denial-of-service conditions. Versions prior to OnePlus OxygenOS 4.0.3 are vulnerable

The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications. Huawei Vmall Applications have vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. HuaweiVmall is the smartphone of China Huawei. There is a man-in-the-middle attack vulnerability in HuaweiVmallAPP. Huawei Vmall is China's Huawei ( Huawei ) company's built-in Huawei Mall application in a Huawei mobile phone

A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit this vulnerability to obtain Secure Sockets Layer (SSL) session IDs from other sessions. It is possible that other data from uninitialized memory may be returned as well. Multiple F5 BIG-IP Products are prone to an information-disclosure vulnerability. Successfully exploiting this issue may allow attackers to obtain sensitive information. This may lead to other attacks. F5 BIG-IP Analytics and others are products of F5 Corporation of the United States. F5 BIG-IP Analytics is a suite of web application performance analysis software. APM is a set of solutions that provide secure and unified access to business-critical applications and networks. LTM is a local traffic manager. The virtual server is one of the common configuration components. The following products and versions are affected: F5 BIG-IP LTM Version 12.0.0 through 12.1.2, Version 11.4.0 through Version 11.6.1; BIG-IP AAM Version 12.0.0 through Version 12.1.2, Version 11.4.0 to 11.6.1; BIG-IP AFM 12.0.0 to 12.1.2, 11.4.0 to 11.6.1; BIG-IP Analytics 12.0.0 to 12.1.2, 11.4.0 to 11.6 .1 version; BIG-IP APM version 12.0.0 through 12.1.2, version 11.4.0 through version 11.6.1; BIG-IP ASM; BIG-IP Link Controller version 12.0.0 through version 12.1.2, version 11.4. 0 to 11.6.1; BIG-IP PEM 12.0.0 to 12.1.2, 11.4.0 to 11.6.1; BIG-IP PSM 11.4.0 to 11.4.1

An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through 5.4.2 and FortiManager 5.4.0 through 5.4.2 allows attacker to execute unauthorized code or commands via the next parameter. FortiAnalyzer and FortiManager are prone to an open-redirect vulnerability. An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. An open redirection vulnerability exists in Fortinet FortiAnalyzer versions 5.4.0 through 5.4.2 and FortiManager versions 5.4.0 through 5.4.2

The emerg_data driver in CAM-L21C10B130 and earlier versions, CAM-L21C185B141 and earlier versions has a buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. Huawei Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei Glory 5A is a smartphone product from China's Huawei company. The emerg_data driver is an emerg_data (emergency data) driver that runs in it

The goldeneye driver in NMO-L31C432B120 and earlier versions,NEM-L21C432B100 and earlier versions,NEM-L51C432B120 and earlier versions,KNT-AL10C746B160 and earlier versions,VNS-L21C185B142 and earlier versions,CAM-L21C10B130 and earlier versions,CAM-L21C185B141 and earlier versions has buffer overflow vulnerability. An attacker with the root privilege of the Android system can tricks a user into installing a malicious application on the smart phone, and send given parameter to smart phone to crash the system or escalate privilege. plural Huawei Smartphones contain a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiGT3, Honor5C, Glory V8, P9Lite, and Y6II are smart phones from China's Huawei company. Huawei GT3 and others are smartphone products of the Chinese company Huawei (Huawei). goldeneye driver is a goldeneye driver running in it. The following products and versions are affected: Huawei GT3 NMO-L31C432B120 and earlier; Honor 5C NEM-L21C432B100 and earlier, NEM-L21C432B120 and earlier; Honor V8 KNT-AL10C746B160 and earlier; P9 Lite VNS-L21C185B142 and previous versions; Y6ⅡCAM-L21C10B130 and previous versions, CAM-L21C185B141 and previous versions

Insufficient verification of uploaded files allows attackers with webui administrators privileges to perform arbitrary code execution by uploading a new webui theme. Fortinet Connect is prone to a remote code-execution vulnerability. Failed attempts may lead to denial-of-service conditions. Fortinet Connect 14.2, 14.10, 15.10 and 16.7 are vulnerable. Fortinet Connect is a network security access device developed by Fortinet based on device and user policy deployment. A security vulnerability exists in Fortinet Connect due to the program's insufficient validation of uploaded files. The following versions are affected: Fortinet Connect versions 14.2, 14.10, 15.10, 16.7

HPPrintersWi-Fi is a WiFi direct-connect printer from Hewlett Packard (HP). An unauthorized access vulnerability exists in the HP WiFi Direct Connect printer, which also affects printers with the same model as public IP. An attacker can exploit the vulnerability to obtain printer network information, modify firewall configuration, and so on.

A web based timesheet is a program that monitors the work of employees. The Web Based TimeSheet script has an authentication bypass vulnerability. This vulnerability requires the string 'or' '=' to be entered in the password field. Attackers can use the vulnerability to bypass authentication.