VARIoT IoT vulnerabilities database
| VAR-202409-0080 | CVE-2024-44400 | D-Link Systems, Inc. of di-8400 Command injection vulnerability in firmware |
CVSS V2: 9.0 CVSS V3: 9.8 Severity: CRITICAL |
A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. D-Link Systems, Inc. of di-8400 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The D-Link DI-8400 is a D-Link router designed for medium-to-large enterprise networks. It supports up to 360 concurrent users and features a full Gigabit Ethernet port configuration. This vulnerability, exploited through the upgrade_filter_asp command injection attack, could allow an attacker to execute arbitrary commands
| VAR-202409-0398 | CVE-2024-45678 | plural Yubico Observable inconsistency vulnerabilities in products |
CVSS V2: - CVSS V3: 4.2 Severity: MEDIUM |
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected. yubikey 5c nfc firmware, YubiKey 5 NFC firmware, yubikey 5c firmware etc. Yubico The product contains an observable inconsistency vulnerability.Information may be obtained
| VAR-202409-0113 | CVE-2024-6119 | Multiple vulnerabilities in Siemens SINEC OS third-party components |
CVSS V2: 7.2 CVSS V3: 7.5 Severity: HIGH |
Issue summary: Applications performing certificate name checks (e.g., TLS
clients checking server certificates) may attempt to read an invalid memory
address resulting in abnormal termination of the application process.
Impact summary: Abnormal termination of an application can a cause a denial of
service.
Applications performing certificate name checks (e.g., TLS clients checking
server certificates) may attempt to read an invalid memory address when
comparing the expected name with an `otherName` subject alternative name of an
X.509 certificate. This may result in an exception that terminates the
application program.
Note that basic certificate chain validation (signatures, dates, ...) is not
affected, the denial of service can occur only when the application also
specifies an expected DNS name, Email address or IP address.
TLS servers rarely solicit client certificates, and even when they do, they
generally don't perform a name check against a reference identifier (expected
identity), but rather extract the presented identity after checking the
certificate chain. So TLS servers are generally not affected and the severity
of the issue is Moderate.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces.
SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs).
Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server. ==========================================================================
Ubuntu Security Notice USN-6986-1
September 03, 2024
openssl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
OpenSSL could be made to crash or expose sensitive information
if it received a specially crafted certificate.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libssl3t64 3.0.13-0ubuntu3.4
openssl 3.0.13-0ubuntu3.4
Ubuntu 22.04 LTS
libssl3 3.0.2-0ubuntu1.18
openssl 3.0.2-0ubuntu1.18
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5764-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
September 03, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : openssl
CVE ID : CVE-2024-6119
David Benjamin reported a flaw in the X.509 name checks in OpenSSL, a
Secure Sockets Layer toolkit, which may cause an application performing
certificate name checks to crash, resulting in denial of service.
Additional details can be found in the upstream advisory:
https://openssl-library.org/news/secadv/20240903.txt
For the stable distribution (bookworm), this problem has been fixed in
version 3.0.14-1~deb12u2.
We recommend that you upgrade your openssl packages.
For the detailed security status of openssl please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/openssl
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmbXW1pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RXThAAjRoSSUyNd4LR8nETi9XB31OkPVx0KrvU2hfIRnPUHHb3hOoi8vEKxdqh
gd1pHtEKUBB3TBkXnyMuQ1p79+wuIjvV6Jr7uEPK0w2GdvC0KaF4+cohRDB7Xpjk
+AjVFprvljePzgR9BcX1LWX/Bj6k7j8Jit4hkSDxeWn2W4NvCk9+1FMaHPa1PCmX
Axo83qzlJg/SMcI5s19No3TzY9z9RdXH622J6hZk/DUZi6YMSryxCoAuU7ur/Ol8
zGH8RG9THiC4hcnAnNjOrqAJqlLzoLgFxykwrvYGwWk//fsQsCeR2HXNQJiPBKq0
QyoXP0WFgIbjnQlRfJI2gxwr5KWn77sNnc2vGZ8HXScj+pKOxrdHyp6a3kaZ99AN
DCU5UAo36wSUhZyX9I8nNxjZmb2w5fbeFnHkI2xx2onoLeUjv4hzipS4VS0OP5Th
qXhXGjLng4L0bIc5Ad/LuC4T/PnXuwfDgMnAQHHM0zjQcDih/TaTfXn1v+j67FIV
BxiqD5EI07ms/jysbmpydB4z2Fwl0D09goEtbO2m2ZE+BU4o8dQIk6UB7KiKTBcy
VS3uTR7ZG9AbomfHceh9/3ycI0FMTXUXlifU9v3Btuwpb3DnjCwJKaoAEQNrfuV1
OjqV29oZd2ye2bwAC2uveAnS0wxe+26Gsr+PhmdUFSGSAPeULt4=
=KHr5
-----END PGP SIGNATURE-----
.
Description:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
The following advisory data is extracted from:
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8935.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: edk2 security update
Advisory ID: RHSA-2024:8935-03
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2024:8935
Issue date: 2024-11-06
Revision: 03
CVE Names: CVE-2024-6119
====================================================================
Summary:
An update for edk2 is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
EDK (Embedded Development Kit) is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM.
Security Fix(es):
* openssl: Possible denial of service in X.509 name checks (CVE-2024-6119)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2024-6119
References:
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2306158
| VAR-202409-2319 | No CVE | Beijing Xingwang Ruijie Network Technology Co., Ltd. EG2000K has a file upload vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
Ruijie Networks, founded in 2003, is an industry-leading ICT infrastructure and solution provider.
Beijing Xingwang Ruijie Network Technology Co., Ltd. EG2000K has a file upload vulnerability that can be exploited by attackers to obtain server permissions.
| VAR-202409-2597 | No CVE | H3C ER6300 has an information leakage vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ER6300 is a high-performance full-gigabit router for Internet cafes launched by H3C.
H3C Technologies Co., Ltd. ER6300 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202409-0013 | CVE-2024-33060 | Use of freed memory vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 8.4 Severity: HIGH |
Memory corruption when two threads try to map and unmap a single node simultaneously. 315 5g iot firmware, AQT1000 firmware, AR8031 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Inside of fastrpc_mmap_find, there exists the following code to search for ADSP_MMAP_HEAP_ADDR or ADSP_MMAP_REMOTE_HEAP_ADDR allocations:hlist_for_each_entry_safe(map, n, &me->maps, hn) {
if (va >= map->va &&
va + len <= map->va + map->len &&
map->fd == fd) {
if (refs) {
if (map->refs + 1 == INT_MAX) {
spin_unlock_irqrestore(&me->hlock, irq_flags);
return -ETOOMANYREFS;
}
map->refs++;
}
match = map;
break;
}
}
This code is wrong at a couple different levels, particularly in the case of a fastrpc_mmap_create-->fastrpc_mmap_find call coming from userland such as in the FASTRPC_IOCTL_MEM_MAP ioctl. I think this code path may not be intended to be reachable from userland at all - although even for requests issued from kernel-land, the contract for this code appears to have some correctness issues. This code uses map->va for finding an associated mapping which for these heap addresses comes from a call to dma_alloc_attrs inside of fastrpc_alloc_cma_memory.
dma_alloc_attrs has two different modes of operation - one returns a kernel virtual address to the allocated memory, and the other returns a struct page pointer that serves as an opaque cookie for the allocated memory. We have the latter case for this invocation of dma_alloc_attrs because of the DMA_ATTR_NO_KERNEL_MAPPING flag applied in fastrpc_mmap_create_remote_heap. We can see this looking at the debugfs-visible global file in the adsprpc directory:=================================== GMAPS ====================================
fd |phys |size |va
--------------------------------------------------------------------------------
-1 |0xE883A000 |0x1000 |0xFFFFFFFE01A20E80
-1 |0xE8839000 |0x1000 |0xFFFFFFFE01A20E40
-1 |0xE8838000 |0x1000 |0xFFFFFFFE01A20E00
-1 |0xE8837000 |0x1000 |0xFFFFFFFE01A20DC0
-1 |0xE8836000 |0x1000 |0xFFFFFFFE01A20D80
-1 |0xE8835000 |0x1000 |0xFFFFFFFE01A20D40
0 |0xE8834000 |0x1000 |0xFFFFFFFE01A20D00
0 |0xE8833000 |0x1000 |0xFFFFFFFE01A20CC0
0 |0xE8832000 |0x1000 |0xFFFFFFFE01A20C80
-1 |0xE8900000 |0x200000 |0xFFFFFFFE01A24000
This means we end up comparing a userland supplied value against a kernel page pointer - behavior of the kernel ioctl FASTRPC_IOCTL_MEM_MAP differs in userland visible ways based on the outcome of the comparison, meaning that userland can leak kernel page pointer addresses by "guessing" a possible address and observing the resulting error code. Here is the output from the attached PoC on a Samsung S23:
dm1q:/data/local/tmp $ ./poc
Detected address 0xfffffffe01c00000
Final address: 0xfffffffe01a24000
Additionally, because map->va is a struct page pointer as opposed to a genuine address to the underlying buffer, the usage of map->va + map->len is incorrect, and can lead to there being multiple map matches for the same calling parameters.
**This bug is subject to a 90-day disclosure deadline. If a fix for this**
**issue is made available to users before the end of the 90-day deadline,**
**this bug report will become public 30 days after the fix was made**
**available. Otherwise, this bug report will become public at the deadline.**
The scheduled deadline is 2024-09-22.
**For more details, see the Project Zero vulnerability disclosure policy:**
**https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-**
**policy.html**
Related CVE Number: CVE-2024-33060
| VAR-202409-0028 | CVE-2024-33052 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption when user provides data for FM HCI command control operations. APQ8017 firmware, AQT1000 firmware, fastconnect 6200 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202409-0017 | CVE-2024-33051 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Transient DOS while processing TIM IE from beacon frame as there is no check for IE length. 315 5g iot firmware, 9206 lte firmware, APQ8017 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202409-2186 | CVE-2024-33043 | Out-of-bounds read vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Transient DOS while handling PS event when Program Service name length offset value is set to 255. APQ8017 firmware, AQT1000 firmware, fastconnect 6200 Multiple Qualcomm products, such as firmware, contain an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202409-0034 | CVE-2024-33042 | Out-of-bounds write vulnerability in multiple Qualcomm products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Memory corruption when Alternative Frequency offset value is set to 255. APQ8017 firmware, AQT1000 firmware, fastconnect 6200 Several Qualcomm products, such as firmware, contain an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202409-2177 | No CVE | tenda A32 wireless router management interface authentication bypass vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
There is a security vulnerability in the web management interface of tenda A32 wireless router. By modifying cookies to specific values, the user name and password authentication can be bypassed to directly obtain administrator operation permissions and manage the router.
| VAR-202408-2636 | CVE-2024-45492 | libexpat project of libexpat Integer overflow vulnerability in |
CVSS V2: 7.2 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX). libexpat project of libexpat Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces.
SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs).
Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5770-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : expat
CVE ID : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 2.5.0-1+deb12u1.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8
Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK
9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly
/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0
kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2
mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+w
sIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0o
pltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0
sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqms
R4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tH
ZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM
08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ=
=bEe8
-----END PGP SIGNATURE-----
| VAR-202408-2685 | CVE-2024-45491 | libexpat project of libexpat Integer overflow vulnerability in |
CVSS V2: 7.2 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX). libexpat project of libexpat Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces.
SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs).
Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server. ==========================================================================
Ubuntu Security Notice USN-7001-2
September 17, 2024
libxmltok vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in libxmltok.
Software Description:
- libxmltok: XML Parser Toolkit, developer libraries
Details:
USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5770-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
September 17, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : expat
CVE ID : CVE-2024-45490 CVE-2024-45491 CVE-2024-45492
Shang-Hung Wan discovered multiple vulnerabilities in the Expat
XML parsing C library, which could result in denial of service or
potentially the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 2.5.0-1+deb12u1.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8
Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK
9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly
/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0
kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2
mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+w
sIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0o
pltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0
sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqms
R4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tH
ZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM
08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ=
=bEe8
-----END PGP SIGNATURE-----
.
The following advisory data is extracted from:
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8859.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: xmlrpc-c security update
Advisory ID: RHSA-2024:8859-03
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2024:8859
Issue date: 2024-11-05
Revision: 03
CVE Names: CVE-2024-45491
====================================================================
Summary:
An update for xmlrpc-c is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution:
https://access.redhat.com/articles/11258
CVEs:
CVE-2024-45491
References:
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2308616
| VAR-202408-2626 | CVE-2024-45490 | libexpat project of libexpat In XML External entity vulnerabilities |
CVSS V2: 7.2 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer. libexpat project of libexpat for, XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The RUGGEDCOM RST2428P is a Layer 2 Ethernet switch based on the SINEC operating system with up to 28 non-blocking interfaces.
SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human-machine interfaces (HMIs).
Multiple vulnerabilities in third-party components of Siemens' SINEC OS could allow attackers to gain control of the server. ==========================================================================
Ubuntu Security Notice USN-7001-2
September 17, 2024
libxmltok vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
Summary:
Several security issues were fixed in libxmltok.
Software Description:
- libxmltok: XML Parser Toolkit, developer libraries
Details:
USN-7001-1 fixed vulnerabilities in xmltol library. This update
provides the corresponding updates for Ubuntu 24.04 LTS.
Original advisory details:
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle certain function calls when a negative input
length was provided. An attacker could use this issue to cause a denial of
service or possibly execute arbitrary code. (CVE-2024-45490)
Shang-Hung Wan discovered that Expat, contained within the xmltok library,
did not properly handle the potential for an integer overflow on 32-bit
platforms. An attacker could use this issue to cause a denial of service
or possibly execute arbitrary code. (CVE-2024-45491)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
libxmltok1t64 1.2-4.1ubuntu2.24.0.4.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7001-2
https://ubuntu.com/security/notices/USN-7001-1
CVE-2024-45490, CVE-2024-45491
.
For the stable distribution (bookworm), these problems have been fixed in
version 2.5.0-1+deb12u1.
We recommend that you upgrade your expat packages.
For the detailed security status of expat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/expat
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6EIACgkQEMKTtsN8
Tjb+0hAAsAHl9didzh1S8vHaLH8P8I1XT0302RGP1N6r4BKvjEozuTKml28F3NEK
9IplBZXH8GM6tnF1/gRJf5Dp4YsL7H+nYUjbkZEdLM2TztRoy4wnITxUwqQ7q1ly
/bWMuyaoUn9jZu6SA+yEL68DtbXpFbs8IAOE3kqPsbcWvJ7O7LU3Ajjw5aWYwxV0
kdVyI67rBkfWAdyFRjlkxF62+ieR9sjpKNDKK1nmO+I8eEF5E/WOXsfPlzcKwax2
mMhisTscEIvaBSKCaQICCojYbvju8KW8B+NsJMsyRbPoimTyzE2n4VBk0ZNHjv+w
sIddwdgzXpWHHRbVtl6zjiZvzxUtphp6tHstxoW8YZQKkQiwqqlpONqXKWG1yR0o
pltUr7JjTylDo41M21yK/WizdxFkdrUJi4drKTONekvbhUEaTLaoR/ywYi0Za7T0
sUguAJk25id2px3LdTvMhQywTNmL103LkFfq1WIXL9x+yzYdKos8P3qu9DIaIqms
R4dy2xMhiJwVyQXi74Tte9h5n6FXET1Z8MoyxFOVI6SQ5FBXJMmL48r6Uwhb09tH
ZL2VNUequSC2L4uGozFFaHvr3M606srokRbo18XvNTNUvApJjAFt/WTnOjKUDuJM
08PjLw6brD/XBR6p/NKX8vMQmmXClyKwB97SG1MYu/MfdJK/7wQ=
=bEe8
-----END PGP SIGNATURE-----
.
The following advisory data is extracted from:
https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_9610.json
Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.
- Packet Storm Staff
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: OpenShift Container Platform 4.17.5 security update
Advisory ID: RHSA-2024:9610-03
Product: Red Hat OpenShift Enterprise
Advisory URL: https://access.redhat.com/errata/RHSA-2024:9610
Issue date: 2024-11-25
Revision: 03
CVE Names: CVE-2024-45490
====================================================================
Summary:
Red Hat OpenShift Container Platform release 4.17.5 is now available with updates to packages and images that fix several bugs and add enhancements.
This release includes a security update for Red Hat OpenShift Container Platform 4.17.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.17.5. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2024:9613
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.17/release_notes/ocp-4-17-release-notes.html
Security Fix(es):
* libexpat: Negative Length Parsing Vulnerability in libexpat
(CVE-2024-45490)
* libexpat: Integer Overflow or Wraparound (CVE-2024-45491)
* libexpat: integer overflow (CVE-2024-45492)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All OpenShift Container Platform 4.17 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.17/updating/updating_a_cluster/updating-cluster-cli.html
Solution:
CVEs:
CVE-2024-45490
References:
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2308615
https://bugzilla.redhat.com/show_bug.cgi?id=2308616
https://bugzilla.redhat.com/show_bug.cgi?id=2308617
https://issues.redhat.com/browse/OCPBUGS-16141
https://issues.redhat.com/browse/OCPBUGS-42835
https://issues.redhat.com/browse/OCPBUGS-42879
https://issues.redhat.com/browse/OCPBUGS-42931
https://issues.redhat.com/browse/OCPBUGS-42949
https://issues.redhat.com/browse/OCPBUGS-42964
https://issues.redhat.com/browse/OCPBUGS-43427
https://issues.redhat.com/browse/OCPBUGS-43657
https://issues.redhat.com/browse/OCPBUGS-43667
https://issues.redhat.com/browse/OCPBUGS-43690
https://issues.redhat.com/browse/OCPBUGS-43778
https://issues.redhat.com/browse/OCPBUGS-43972
https://issues.redhat.com/browse/OCPBUGS-44227
https://issues.redhat.com/browse/OCPBUGS-44357
https://issues.redhat.com/browse/OCPBUGS-44452
| VAR-202408-2491 | CVE-2024-44778 | Vtiger of Vtiger CRM Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Additional Information]:
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt=
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page .
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0
| VAR-202408-2492 | CVE-2024-44777 | Vtiger of Vtiger CRM Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Additional Information]:
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt=
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page .
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0
| VAR-202408-2490 | CVE-2024-44779 | Vtiger of Vtiger CRM Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 9.6 Severity: CRITICAL |
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state.
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&parent=%22-alert()-%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Additional Information]:
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Accounts&view=List&viewname=95ddd'+onpointerdown=alert()+alt=
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:The "viewname" parameter of vTiger CRM 7.4.0 Index page .
------------------------------------------
[Additional Information]
PoC:
https://demo7.vtexperts.com/vtigercrm7demo/index.php?module=Invoice&view=List&app=INVENTORY&tag=);alert();%22+alt=%22
------------------------------------------
[Vulnerability Type]:Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]:vTiger CRM - 7.4.0
| VAR-202408-2560 | CVE-2024-44776 | Vtiger of Vtiger CRM Open redirect vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. Vtiger of Vtiger CRM Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with.
------------------------------------------
[VulnerabilityType Other]:Open Redirect
------------------------------------------
[Vendor of Product]:vTiger
------------------------------------------
[Affected Product Code Base]
vTiger CRM - 7.4.0.
------------------------------------------
[Affected Component]:Index of vTiger CRM
------------------------------------------
[Attack Type]:Remote
------------------------------------------
[Impact Information Disclosure]:true
------------------------------------------
[CVE Impact Other]:Redirect a victim to a malicious site
------------------------------------------
[Attack Vectors]:Crafted URL
-----------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]:true
------------------------------------------
[Discoverer]:Marco Nappi
------------------------------------------
[Reference]:http://vtiger.com
------------------------------------------
| VAR-202408-2547 | CVE-2024-34195 | TOTOLINK of A3002R Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK AC1200 Wireless Router A3002R Firmware V1.1.1-B20200824 is vulnerable to Buffer Overflow. In the boa server program's CGI handling function formWlEncrypt, there is a lack of length restriction on the wlan_ssid field. This oversight leads to potential buffer overflow under specific circumstances. For instance, by invoking the formWlanRedirect function with specific parameters to alter wlan_idx's value and subsequently invoking the formWlEncrypt function, an attacker can trigger buffer overflow, enabling arbitrary command execution or denial of service attacks. TOTOLINK of A3002R An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics.
TOTOLINK AC1200 has a buffer overflow vulnerability, which is caused by the parameter wlan_idx of the formWlanRedirect function failing to properly verify the length of the input data. Attackers can exploit this vulnerability to execute arbitrary code on the system or cause a denial of service
| VAR-202408-3013 | CVE-2024-34198 | TOTOLINK of A3002RU Classic buffer overflow vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK AC1200 Wireless Router A3002RU V2.1.1-B20230720.1011 is vulnerable to Buffer Overflow. The formWlEncrypt CGI handler in the boa program fails to limit the length of the wlan_ssid field from user input. This allows attackers to craft malicious HTTP requests by supplying an excessively long value for the wlan_ssid field, leading to a stack overflow. This can be further exploited to execute arbitrary commands or launch denial-of-service attacks. TOTOLINK of A3002RU Firmware has a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. TOTOLINK AC1200 is a dual-band Wi-Fi router from China's TOTOLINK Electronics