VARIoT IoT vulnerabilities database
| VAR-202204-1722 | CVE-2022-20713 | Cisco Adaptive Security Appliance Cross-site scripting vulnerability in software |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. This vulnerability is due to improper validation of input that is passed to the VPN web client services component before being returned to the browser that is in use. An attacker could exploit this vulnerability by persuading a user to visit a website that is designed to pass malicious requests to a device that is running Cisco ASA Software or Cisco FTD Software and has web services endpoints supporting VPN features enabled. A successful exploit could allow the attacker to reflect malicious input from the affected device to the browser that is in use and conduct browser-based attacks, including cross-site scripting attacks. The attacker could not directly impact the affected device. Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an malicious user to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdb-cmicr-dos-KJjFtNb
| VAR-202208-1002 | CVE-2022-25999 | Intel's enpirion digital power configurator gui Vulnerability regarding uncontrolled search path elements in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be in a state
| VAR-202208-0856 | CVE-2021-33847 | Buffer Error Vulnerability in Multiple Intel Products |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access. wi-fi 6 ax411 firmware, wi-fi 6 ax211 firmware, wi-fi 6 ax210 Multiple Intel products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0853 | CVE-2021-26950 | Out-of-bounds read vulnerability in multiple Intel products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. wi-fi 6 ax411 firmware, wi-fi 6 ax211 firmware, wi-fi 6 ax210 Multiple Intel products, including firmware, contain out-of-bounds read vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202208-0906 | CVE-2022-2242 | kuka of systemsoftware v/kss Vulnerability regarding lack of authentication for critical features in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as an unauthorized attacker can directly read and write robot configurations when access control is not available or not enabled (default). kuka of systemsoftware v/kss There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0945 | CVE-2021-33644 | feep.net of libtar Out-of-Bounds Read Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3 and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update
Advisory ID: RHSA-2023:2898-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898
Issue date: 2023-05-16
CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645
CVE-2021-33646
====================================================================
1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The libtar packages contain a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.
Security Fix(es):
* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
* libtar: memory leak found in th_read() function (CVE-2021-33645)
* libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink
2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname
2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function
2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libtar-1.2.20-17.el8.src.rpm
aarch64:
libtar-1.2.20-17.el8.aarch64.rpm
libtar-debuginfo-1.2.20-17.el8.aarch64.rpm
libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le:
libtar-1.2.20-17.el8.ppc64le.rpm
libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm
libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x:
libtar-1.2.20-17.el8.s390x.rpm
libtar-debuginfo-1.2.20-17.el8.s390x.rpm
libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64:
libtar-1.2.20-17.el8.i686.rpm
libtar-1.2.20-17.el8.x86_64.rpm
libtar-debuginfo-1.2.20-17.el8.i686.rpm
libtar-debuginfo-1.2.20-17.el8.x86_64.rpm
libtar-debugsource-1.2.20-17.el8.i686.rpm
libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-33643
https://access.redhat.com/security/cve/CVE-2021-33644
https://access.redhat.com/security/cve/CVE-2021-33645
https://access.redhat.com/security/cve/CVE-2021-33646
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro
Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P
Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp
7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4
EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk
0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz
Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/
V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww
ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw
z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n
bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p
kHiakPvkvj4=I+bk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202208-0873 | CVE-2022-35491 | TOTOLINK of A3002RU Vulnerability related to use of hardcoded credentials in firmware |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. TOTOLINK of A3002RU A vulnerability exists in the firmware regarding the use of hardcoded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202208-0855 | CVE-2021-26257 | Buffer Error Vulnerability in Multiple Intel Products |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. wi-fi 6 ax411 firmware, wi-fi 6 ax211 firmware, wi-fi 6 ax210 Multiple Intel products such as firmware contain a buffer error vulnerability.Service operation interruption (DoS) It may be in a state
| VAR-202208-0854 | CVE-2021-23179 | Out-of-bounds read vulnerability in multiple Intel products |
CVSS V2: - CVSS V3: 7.1 Severity: HIGH |
Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access. wi-fi 6 ax411 firmware, wi-fi 6 ax211 firmware, wi-fi 6 ax210 Multiple Intel products, including firmware, contain out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state
| VAR-202208-0878 | CVE-2022-33927 | Dell's Dell Wyse Management Suite Session immobilization vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. A unauthenticated attacker could exploit this by taking advantage of a user with multiple active sessions in order to hijack a user's session. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery
| VAR-202208-0785 | CVE-2022-34659 | Siemens' simcenter star-ccm+ viewer Vulnerability regarding information leakage in |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). Affected applications expose user, host and display name of users, when the public license server is used. This could allow an attacker to retrieve this information. Siemens' simcenter star-ccm+ viewer There is a vulnerability related to information leakage.Information may be obtained
| VAR-202208-0676 | CVE-2021-46304 | Vulnerabilities in multiple Siemens products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. The SICAM A8000 RTU (Remote Terminal Unit) series is a modular device family for remote control and automation applications in all areas of energy supply
| VAR-202208-0868 | CVE-2021-33126 | Vulnerabilities in multiple Intel products |
CVSS V2: - CVSS V3: 4.4 Severity: MEDIUM |
Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. ethernet controller xxv710 firmware, ethernet controller xl710 firmware, ethernet controller v710 Multiple Intel products such as firmware have unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202208-0891 | CVE-2022-25899 | Intel's open active management technology cloud toolkit Vulnerability in |
CVSS V2: - CVSS V3: 9.8 Severity: CRITICAL |
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. Intel's open active management technology cloud toolkit Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Open AMT Cloud Toolkit is an open source cloud toolkit of Intel Corporation. There is a security vulnerability in the Intel Open AMT Cloud Toolkit. An attacker could exploit this vulnerability to elevate privileges
| VAR-202208-0899 | CVE-2022-33924 | Dell's Dell Wyse Management Suite Vulnerability in |
CVSS V2: - CVSS V3: 5.3 Severity: MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules. Dell's Dell Wyse Management Suite Exists in unspecified vulnerabilities.Information may be tampered with. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery
| VAR-202208-0926 | CVE-2022-27500 | Intel's Android for support Vulnerability regarding improper default permissions in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. Intel's Android for support There is a vulnerability in improper default permissions.Information may be obtained
| VAR-202208-0889 | CVE-2021-33643 | feep.net of libtar Out-of-Bounds Read Vulnerability in Other Vendors' Products |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. feep.net of libtar Products from other vendors have out-of-bounds read vulnerabilities.Information is obtained and service operation is interrupted (DoS) It may be in a state. openEuler is an operating system of the Open Atom Open Source Foundation. There are security vulnerabilities in openEuler 20.03-LTS-SP1, 20.03-LTS-SP3, and 22.03-LTS versions of the Open Atom Open Source Foundation. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: libtar security update
Advisory ID: RHSA-2023:2898-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2023:2898
Issue date: 2023-05-16
CVE Names: CVE-2021-33643 CVE-2021-33644 CVE-2021-33645
CVE-2021-33646
====================================================================
1. Summary:
An update for libtar is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
The libtar packages contain a C library for manipulating tar archives. The
library supports both the strict POSIX tar format and many of the commonly
used GNU extensions.
Security Fix(es):
* libtar: out-of-bounds read in gnu_longlink (CVE-2021-33643)
* libtar: out-of-bounds read in gnu_longname (CVE-2021-33644)
* libtar: memory leak found in th_read() function (CVE-2021-33645)
* libtar: memory leak found in th_read() function (CVE-2021-33646)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.8 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2121289 - CVE-2021-33643 libtar: out-of-bounds read in gnu_longlink
2121292 - CVE-2021-33644 libtar: out-of-bounds read in gnu_longname
2121295 - CVE-2021-33645 libtar: memory leak found in th_read() function
2121297 - CVE-2021-33646 libtar: memory leak found in th_read() function
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
libtar-1.2.20-17.el8.src.rpm
aarch64:
libtar-1.2.20-17.el8.aarch64.rpm
libtar-debuginfo-1.2.20-17.el8.aarch64.rpm
libtar-debugsource-1.2.20-17.el8.aarch64.rpm
ppc64le:
libtar-1.2.20-17.el8.ppc64le.rpm
libtar-debuginfo-1.2.20-17.el8.ppc64le.rpm
libtar-debugsource-1.2.20-17.el8.ppc64le.rpm
s390x:
libtar-1.2.20-17.el8.s390x.rpm
libtar-debuginfo-1.2.20-17.el8.s390x.rpm
libtar-debugsource-1.2.20-17.el8.s390x.rpm
x86_64:
libtar-1.2.20-17.el8.i686.rpm
libtar-1.2.20-17.el8.x86_64.rpm
libtar-debuginfo-1.2.20-17.el8.i686.rpm
libtar-debuginfo-1.2.20-17.el8.x86_64.rpm
libtar-debugsource-1.2.20-17.el8.i686.rpm
libtar-debugsource-1.2.20-17.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2021-33643
https://access.redhat.com/security/cve/CVE-2021-33644
https://access.redhat.com/security/cve/CVE-2021-33645
https://access.redhat.com/security/cve/CVE-2021-33646
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.8_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2023 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBZGNwdNzjgjWX9erEAQjfPw//SoG/pVemP1peDGxUFDfBMBbldrFWpNro
Te4tTe3YAkVgQgtnGZ8n3Arlrryk+3wfgQj3u9gdUj1w14YyEZC8hpWLCXI5iw/P
Ul4dHHOnO0UW568dkaqUeJjl02o2ugRp2RZVt14yuZqLKmF9WCJW7lCZQLoqCIVp
7P3vZOQBlyU6BuGXO4Th86fpLDEZCboBQDA2QeNFvt+qNwvNxgb3A05217tfXnZ4
EpltZPIrl8pzEmmWA09XeFgIm5GXNiWjjR/fF3OHSgQ9cmXnafxWSBNiDlzHNQCk
0/z5gcvl+BJLceQoZBo6hdldHCiOF20jCxr8Nb/3sSJ+zAqQqqNsnDQ1TGs2GMDz
Mx5JECSk0p79MMKR0mrP2NbCqxqEsqOkjinIa0PDlKNPFbEikA4l7fXu58KyHsr/
V9otYHvD1ilS7cTw1FGi198oodCofA+euZCQBNnWuFbnrCo1cyRBN6mjCMZwDgww
ZhNWOUvAmkhtC5ebBb8zuMJ73ojSwiv886kJbEjDlG7SDGbMPHxEAgTHWZp5l+jw
z36m+SegsAXE/UKHRYTFriRA5p1pyq/AVUMwhMXvQhwwNxPl2wsaUOJGFBw3Fu3n
bAFXpxAngQvELHEFOtmL9fzbnFo93OTkvuz9tJpbvNOCmDBJJEN6Znhic0iWzT0p
kHiakPvkvj4=I+bk
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202208-1049 | CVE-2022-33928 | Dell's Dell Wyse Management Suite Vulnerability in plaintext storage of important information in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. (DoS) It may be in a state. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery
| VAR-202208-0867 | CVE-2022-29507 | Intel's team blue Vulnerability regarding insufficient protection of authentication information in |
CVSS V2: - CVSS V3: 5.5 Severity: MEDIUM |
Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. Intel's team blue There are vulnerabilities in inadequate protection of credentials.Information may be obtained
| VAR-202208-0888 | CVE-2021-40040 | plural Huawei Product vulnerabilities |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. Successful exploitation of this vulnerability may affect confidentiality. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI EMUI is a mobile operating system developed based on Android