VARIoT IoT vulnerabilities database
| VAR-202208-1417 | CVE-2022-22730 | Intel's edge insights for industrial Authentication vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel's edge insights for industrial There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Edge Insights for Industrial is a pre-validated, ready-to-deploy software reference design from Intel Corporation for video and time-series data ingestion
| VAR-202208-1390 | CVE-2022-25841 | Intel's Android for datacenter group event Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state. Intel Datacenter Group Event is a data center group event consulting software developed by Intel Corporation. Attackers exploit this vulnerability to escalate privileges
| VAR-202208-1450 | CVE-2022-28696 | Intel's distribution for python Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel's distribution for python Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Distribution for Python is a Python distribution optimized for Intel hardware by Intel Corporation of the United States. Intel Distribution for Python versions prior to 2022.0.3 have security vulnerabilities. Attackers exploit this vulnerability to escalate privileges
| VAR-202208-1345 | CVE-2022-32893 | apple's Safari Out-of-Bounds Write Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. apple's Safari Products from other vendors have out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. The vulnerability is caused by out-of-bounds writing. macOS Monterey 12.5.1.
For the stable distribution (bullseye), this problem has been fixed in
version 2.36.7-1~deb11u1.
We recommend that you upgrade your wpewebkit packages. ==========================================================================
Ubuntu Security Notice USN-5611-1
September 14, 2022
webkit2gtk vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.22.04.1
libjavascriptcoregtk-4.1-0 2.36.7-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.36.7-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.7-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.36.7-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges.
CVE-2022-32894: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
WebKit Bugzilla: 243557
CVE-2022-32893: an anonymous researcher
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6.1 and iPadOS 15.6.1".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
iOS 12 is not impacted by CVE-2022-32894. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: webkit2gtk3 security update
Advisory ID: RHSA-2022:6540-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:6540
Issue date: 2022-09-15
CVE Names: CVE-2022-32893
====================================================================
1. Summary:
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
WebKitGTK is the port of the portable web rendering engine WebKit to the
GTK platform.
The following packages have been upgraded to a later upstream version:
webkit2gtk3 (2.36.7).
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
webkit2gtk3-2.36.7-1.el8_6.src.rpm
aarch64:
webkit2gtk3-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-devel-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-jsc-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.aarch64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.aarch64.rpm
ppc64le:
webkit2gtk3-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-devel-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-jsc-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.ppc64le.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.ppc64le.rpm
s390x:
webkit2gtk3-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-devel-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-jsc-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.s390x.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.s390x.rpm
x86_64:
webkit2gtk3-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-debuginfo-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-debugsource-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-devel-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-devel-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-jsc-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-jsc-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-jsc-debuginfo-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-jsc-devel-2.36.7-1.el8_6.x86_64.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.i686.rpm
webkit2gtk3-jsc-devel-debuginfo-2.36.7-1.el8_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-32893
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYyMk0dzjgjWX9erEAQgJiw/+LYAkLQ3B+egDz2T8gBO2HzEtHgA8L7TO
aFWvgGSnt32NlsOLFg1R3FxvGRVurR5Vgx2QN4tvVi/iYIgGw1WTSCC2GaiamjoP
AawahjPf08LboH3d96QHN7rumXeXLUcymQyG4p4BPnEOqYPaKKdmj5CPaGWM/o+l
ECo8POkVp0mHb4HOCL8iudG5aKDmEB5OqHfQS0XmFU3392yazpD6Y1DwpIfCNAhb
ptdcqHrycH+QFUdd3YmtQj567R5+q/DAKFN60KHdwT+JeiRwdV9k89cAoWIJA6Hh
3ZxRuVbc108rySf/9tdZSjl7nw4IbLwcbScUwUHfHzjFfS3h7u+kkDLL10c4sfWf
psc1mGVUXzLN6qBaWiY96bXOUOzX72LkC0LqhgDOfjBvaGzJjFwfydDgql/TPkSZ
478+0r5JD6sFsboLugtqhXMLNpJtxYGBSMUA31Bjmf8jWGwKrzZCbxUMuQIHk7VG
4M9gdZbu5wQw6fhksOlHGowoXEvc6UTB36eSLvZ76OK65yoXmpOXTFjIFfmDACkV
M4GVQGpNglQWn/4jBXjebEeFC86baScn97NpCL41FK9AXlP7xBPaCN++DjAYDlbg
NJf8tizErS4zMa1moMYL2DEac/nhLJDwtKaCvftcdRPrVnQZEZto7Chvf1FgNAJc
+nurAiBV/zc=W4oO
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202208-1294 | CVE-2022-32894 | Out-of-bounds write vulnerability in multiple Apple products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. iPadOS , iOS , macOS Multiple Apple products have an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple macOS Monterey is the eighteenth major release of Apple's Macintosh desktop operating system, macOS. Apple macOS Monterey versions prior to 12.5.1 have a security vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-08-17-1 iOS 15.6.1 and iPadOS 15.6.1
iOS 15.6.1 and iPadOS 15.6.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213412.
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges.
CVE-2022-32894: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
WebKit Bugzilla: 243557
CVE-2022-32893: an anonymous researcher
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6.1 and iPadOS 15.6.1".
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmL9UiMACgkQ4RjMIDke
Nxkiuw/+IhqxvCCS9q8hQMHDpFvVVmFdfO+7ukTVSpd12Cp5r0VGVP/zJOCecXR1
cnFHIPx8zVZXzQzsa+lCSWhT+20qOiuCjpqWNVY9pCovCPds3r1hhL2/1H0KejGK
2Ms910r+yxvEmhzz0MPk95d5+k+LaBPC1sfuNVTn9eUXImPDuLzLIyd8nW5khjNW
spOIlS82VNBAcw8VQMxjgsiD6lhSsqvdkBPNhbI4/mMeIEXOOb+fRtHUOtorGLF2
R1DzU1zmPLytcPGE+hxVXnR5F1z/+ea1DEWumvzSNfwja9HI2xPfmm9E8Pomq9lk
SEW8cxlqAdKY2/cQ2B2I7ihJ3REfJjSnhXqTsuad1jVn9k1t8ZmKBWh6bgOQKQQg
9BfIhcCeL398fmRUZQG1h6zo33MukUMMjfTgRjrjxhETLYCZQybjFAC4s98j2S0o
yUpKaBUHc+tL/uupW01LwzP53SR2e4rBQhi+ACqiCEoJKAHYfJaj6YeblILiM6Sa
QdfbsiCzSIqM6nJLl5ZIYn6rXEEKGyGpKMAYXvc7FsR691DTQxMiQ8KcraoCwAer
LzviWOF2tVNmDYkv5EFnXhSB4+uYzViSQhPKM8s2DRhP/WhxdVF3woRhIyHLq60S
qKoFKvQwTVTugIFIR4cGfsfAbV7zCBhqH7+fKBGfLeTOBCH7ULE=SLRt
-----END PGP SIGNATURE-----
| VAR-202208-1285 | CVE-2022-36273 | Shenzhen Tenda Technology Co.,Ltd. of AC9 in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. Shenzhen Tenda Technology Co.,Ltd. of AC9 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-1289 | CVE-2022-38368 | Aviatrix of Gateway Authentication vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands. Aviatrix of Gateway There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Aviatrix Gateway versions prior to 6.6.5712 and 6.7.x versions prior to 6.7.1376 have security vulnerabilities
| VAR-202208-1613 | CVE-2022-26696 | apple's macOS Vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
This issue was addressed with improved environment sanitization. This issue is fixed in macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. apple's macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of XPC messages in the LaunchServices component. A crafted message can trigger execution of a privileged operation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the current user
| VAR-202208-1092 | CVE-2022-35555 | Tenda W6 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. Shenzhen Tenda Technology Co.,Ltd. of w6 The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-1040 | CVE-2022-35560 | Shenzhen Tenda Technology Co.,Ltd. of w6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Shenzhen Tenda Technology Co.,Ltd. of w6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-1042 | CVE-2022-35559 | Shenzhen Tenda Technology Co.,Ltd. of w6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. An attacker can use this vulnerability to execute arbitrary code execution. Shenzhen Tenda Technology Co.,Ltd. of w6 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-1308 | CVE-2022-35561 | Shenzhen Tenda Technology Co.,Ltd. of w6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Shenzhen Tenda Technology Co.,Ltd. of w6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-1091 | CVE-2022-35557 | Shenzhen Tenda Technology Co.,Ltd. of w6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Shenzhen Tenda Technology Co.,Ltd. of w6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-0978 | CVE-2022-35558 | Shenzhen Tenda Technology Co.,Ltd. of w6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. Shenzhen Tenda Technology Co.,Ltd. of w6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. Tenda W6 is a wireless WiFi AP access point router from China Tenda Company
| VAR-202208-0945 | CVE-2021-33644 | feep.net of libtar Out-of-Bounds Read Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update
Advisory ID: RHSA-2023:2898-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898
Issue date: 2023-05-16
CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645
CVE-2021-33646
====================================================================
1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The libtar packages contain a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.
Security Fix(es):
* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
* libtar: memory leak found in th_read() function (CVE-2021-33645)
* libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink
2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname
2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function
2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libtar-1.2.20-17.el8.src.rpm
aarch64:
libtar-1.2.20-17.el8.aarch64.rpm
libtar-debuginfo-1.2.20-17.el8.aarch64.rpm
libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le:
libtar-1.2.20-17.el8.ppc64le.rpm
libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm
libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x:
libtar-1.2.20-17.el8.s390x.rpm
libtar-debuginfo-1.2.20-17.el8.s390x.rpm
libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64:
libtar-1.2.20-17.el8.i686.rpm
libtar-1.2.20-17.el8.x86_64.rpm
libtar-debuginfo-1.2.20-17.el8.i686.rpm
libtar-debuginfo-1.2.20-17.el8.x86_64.rpm
libtar-debugsource-1.2.20-17.el8.i686.rpm
libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-33643
https://access.redhat.com/security/cve/CVE-2021-33644
https://access.redhat.com/security/cve/CVE-2021-33645
https://access.redhat.com/security/cve/CVE-2021-33646
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro
Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P
Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp
7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4
EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk
0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz
Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/
V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww
ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw
z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n
bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p
kHiakPvkvj4=I+bk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202208-0926 | CVE-2022-27500 | Intel's Android for support Vulnerability regarding improper default permissions in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. Intel's Android for support There is a vulnerability in improper default permissions.Information may be obtained
| VAR-202208-1002 | CVE-2022-25999 | Intel's enpirion digital power configurator gui Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state
| VAR-202208-0612 | CVE-2022-36325 | Vulnerabilities in multiple Siemens products |
CVSS V2: 10.0 CVSS V3: 6.8 Severity: MEDIUM |
Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. SCALANCE M-800 firmware, SCALANCE S615 firmware, SCALANCE SC-600 Multiple Siemens products such as firmware have unspecified vulnerabilities.Information may be obtained and information may be tampered with. SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions of firewalls to prevent unauthorized access, as well as VPNs to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600 family (All versions < V2.3.1), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)
| VAR-202208-0873 | CVE-2022-35491 | TOTOLINK of A3002RU Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. TOTOLINK of A3002RU A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0610 | CVE-2022-36324 | Vulnerability in limiting or non-slotting resource allocation in multiple Siemens products |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Affected devices do not properly handle the renegotiation of SSL/TLS parameters. This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack. SCALANCE M-800 firmware, SCALANCE S615 firmware, scalance w700 ieee 802.11ax Multiple Siemens products, including firmware, contain vulnerabilities related to limited or unthrottled resource allocation.Service operation interruption (DoS) It may be in a state. The SCALANCE M-800, MUM-800 and S615 and RUGGEDCOM RM1224 industrial routers are used for secure remote access to plants via mobile networks (e.g. GPRS or UMTS) and have integrated security functions for firewalls to prevent unauthorized access, as well as VPN to Secure data transmission. SCALANCE SC-600 devices (SC622-2C, SC632-2C, SC636-2C, SC642-2C, SC646-2C) are used to protect trusted industrial networks from untrusted network attacks. They allow filtering incoming and outgoing network connections in different ways. The SCALANCE W-1700 product is a wireless communication device based on the IEEE 802.11ac standard. SCALANCE W-700 products are wireless communication devices based on the IEEE 802.11ax standard. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLC) or human machine interfaces (HMI). A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE W-1700 IEEE 802.11ac family (All versions), SCALANCE W-700 IEEE 802.11ax family (All versions), SCALANCE W-700 IEEE 802.11n family (All versions), SCALANCE XB-200 switch family (All versions), SCALANCE XC-200 switch family (All versions), SCALANCE XF-200BA switch family (All versions), SCALANCE XM-400 Family (All versions), SCALANCE XP-200 switch family (All versions), SCALANCE XR-300WG switch family (All versions), SCALANCE XR-500 Family (All versions)