VARIoT IoT vulnerabilities database
| VAR-202207-0134 | CVE-2022-34740 | plural Huawei Classic buffer overflow vulnerability in the product |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
The NFC module has a buffer overflow vulnerability. Successful exploitation of this vulnerability may cause exceptions in NFC card registration, deletion, and activation. Huawei of EMUI , HarmonyOS , Magic UI Exists in a classic buffer overflow vulnerability.Information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0. The vulnerability is due to the improper neutralization of the special elements used in the command. abnormal function
| VAR-202207-0132 | CVE-2021-46741 | HUAWEI HarmonyOS Security hole |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The basic framework and setting module have defects, which were introduced during the design. Successful exploitation of this vulnerability may affect system integrity. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202207-0144 | CVE-2022-34743 | plural Huawei Product out-of-bounds read vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The AT commands of the USB port have an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may affect system availability. Huawei of EMUI , HarmonyOS , Magic UI Exists in an out-of-bounds read vulnerability.Service operation interruption (DoS) It may be in a state. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202207-0087 | CVE-2021-44170 | FortiOS and FortiProxy Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 6.7 Severity: MEDIUM |
A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments. FortiOS and FortiProxy Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202207-0161 | CVE-2021-41031 | Windows for FortiClient Past traversal vulnerability in |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
A relative path traversal vulnerability [CWE-23] in FortiClient for Windows versions 7.0.2 and prior, 6.4.6 and prior and 6.2.9 and below may allow a local unprivileged attacker to escalate their privileges to SYSTEM via the named pipe responsible for FortiESNAC service. Windows for FortiClient Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiClient is a mobile terminal security solution developed by Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to FortiGate firewall appliances. A path traversal vulnerability exists in Fortinet FortiClient due to an input validation error when processing directory traversal sequences in filenames
| VAR-202207-0143 | CVE-2022-34736 | Huawei of EMUI and HarmonyOS In NULL Pointer dereference vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202207-0147 | CVE-2022-30302 | FortiDeceptor Path traversal vulnerability in management interface |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
Multiple relative path traversal vulnerabilities [CWE-23] in FortiDeceptor management interface 1.0.0 through 3.2.x, 3.3.0 through 3.3.2, 4.0.0 through 4.0.1 may allow a remote and authenticated attacker to retrieve and delete arbitrary files from the underlying filesystem via specially crafted web requests. FortiDeceptor A path traversal vulnerability exists in the management interface.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Fortinet FortiDeceptor is a network threat detection platform developed by Fortinet. The platform mainly exposes cyber threats, etc. through deception techniques
| VAR-202207-0163 | CVE-2022-26120 | FortiADC in the management interface SQL Injection vulnerability |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Multiple improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerabilities [CWE-89] in FortiADC management interface 7.0.0 through 7.0.1, 5.0.0 through 6.2.2 may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. FortiADC The management interface includes SQL There is an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiADC is an application delivery controller from Fortinet
| VAR-202207-0174 | CVE-2022-29057 | Fortinet FortiEDR Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 5.4 Severity: MEDIUM |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiEDR version 5.1.0, 5.0.0 through 5.0.3 Patch 6 and 4.0.0 allows a remote authenticated attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload into the Management Console via various endpoints. Fortinet FortiEDR Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202207-0173 | CVE-2022-23438 | FortiOS Cross-site scripting vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in FortiOS version 7.0.5 and prior and 6.4.9 and prior may allow an unauthenticated remote attacker to perform a reflected cross site scripting (XSS) attack in the captive portal authentication replacement page. FortiOS Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
| VAR-202207-0181 | CVE-2022-34735 | Huawei of EMUI and HarmonyOS In NULL Pointer dereference vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
The frame scheduling module has a null pointer dereference vulnerability. Successful exploitation of this vulnerability will affect the kernel availability. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS 2.0
| VAR-202207-0182 | CVE-2022-34739 | plural Huawei Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The fingerprint module has a vulnerability of overflow in arithmetic addition. Successful exploitation of this vulnerability may result in the acquisition of data from unknown addresses in address mappings. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be obtained. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system
| VAR-202207-0180 | CVE-2022-34738 | plural Huawei Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The SystemUI module has a vulnerability in permission control. If this vulnerability is successfully exploited, users are unaware of the service running in the background. Huawei of EMUI , HarmonyOS , Magic UI Exists in unspecified vulnerabilities.Information may be tampered with. HUAWEI HarmonyOS is an operating system of China's Huawei (HUAWEI). Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in HUAWEI HarmonyOS 2.0
| VAR-202205-1370 | CVE-2022-2294 | Google Chrome Out-of-bounds write vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ==========================================================================
Ubuntu Security Notice USN-5568-1
August 15, 2022
webkit2gtk vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in WebKitGTK.
Software Description:
- webkit2gtk: Web content engine library for GTK+
Details:
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.22.04.1
libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.22.04.1
libwebkit2gtk-4.1-0 2.36.6-0ubuntu0.22.04.1
Ubuntu 20.04 LTS:
libjavascriptcoregtk-4.0-18 2.36.6-0ubuntu0.20.04.1
libwebkit2gtk-4.0-37 2.36.6-0ubuntu0.20.04.1
This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
For the stable distribution (bullseye), these problems have been fixed in
version 103.0.5060.114-1~deb11u1.
We recommend that you upgrade your chromium packages. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-07-20-2 macOS Monterey 12.5
macOS Monterey 12.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213345.
APFS
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleMobileFileIntegrity
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2022-32826: Mickey Jin (@patch1t) of Trend Micro
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32810: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32840: Mohamed Ghannam (@_simo36)
Apple Neural Engine
Available for: macOS Monterey
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-32845: Mohamed Ghannam (@_simo36)
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: This issue was addressed with improved checks.
CVE-2022-32797: Mickey Jin (@patch1t), Ye Zhang (@co0py_Cat) of Baidu
Security, Mickey Jin (@patch1t) of Trend Micro
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32851: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32852: Ye Zhang (@co0py_Cat) of Baidu Security
CVE-2022-32853: Ye Zhang (@co0py_Cat) of Baidu Security
AppleScript
Available for: macOS Monterey
Impact: Processing a maliciously crafted AppleScript binary may
result in unexpected termination or disclosure of process memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32831: Ye Zhang (@co0py_Cat) of Baidu Security
Audio
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32820: an anonymous researcher
Audio
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32825: John Aakerblom (@jaakerblom)
Automation
Available for: macOS Monterey
Impact: An app may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved checks.
CVE-2022-32789: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Calendar
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-32805: Csaba Fitzl (@theevilbit) of Offensive Security
CoreMedia
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32828: Antonio Zekic (@antoniozekic) and John Aakerblom
(@jaakerblom)
CoreText
Available for: macOS Monterey
Impact: A remote user may cause an unexpected app termination or
arbitrary code execution
Description: The issue was addressed with improved bounds checks.
CVE-2022-32839: STAR Labs (@starlabs_sg)
File System Events
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: A logic issue was addressed with improved state
management.
CVE-2022-32819: Joshua Mason of Mandiant
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: Multiple out-of-bounds write issues were addressed with
improved bounds checking.
CVE-2022-32793: an anonymous researcher
GPU Drivers
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2022-32821: John Aakerblom (@jaakerblom)
iCloud Photo Library
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An information disclosure issue was addressed by
removing the vulnerable code.
CVE-2022-32849: Joshua Jones
ICU
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
ImageIO
Available for: macOS Monterey
Impact: Processing a maliciously crafted image may result in
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-32841: hjy79425575
ImageIO
Available for: macOS Monterey
Impact: Processing an image may lead to a denial-of-service
Description: A null pointer dereference was addressed with improved
validation.
CVE-2022-32785: Yiğit Can YILMAZ (@yilmazcanyigit)
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2022-32811: ABC Research s.r.o
Intel Graphics Driver
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o.
Kernel
Available for: macOS Monterey
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32813: Xinru Chi of Pangu Lab
CVE-2022-32815: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32817: Xinru Chi of Pangu Lab
Kernel
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: This issue was addressed with improved checks.
CVE-2022-32829: an anonymous researcher
Liblouis
Available for: macOS Monterey
Impact: An app may cause unexpected app termination or arbitrary code
execution
Description: This issue was addressed with improved checks.
CVE-2022-26981: Hexhive (hexhive.epfl.ch), NCNIPC of China
(nipc.org.cn)
libxml2
Available for: macOS Monterey
Impact: An app may be able to leak sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2022-32823
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
Multi-Touch
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2022-32814: Pan ZhenPeng (@Peterpan0927)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: An issue in the handling of environment variables was
addressed with improved validation.
CVE-2022-32786: Mickey Jin (@patch1t)
PackageKit
Available for: macOS Monterey
Impact: An app may be able to modify protected parts of the file
system
Description: This issue was addressed with improved checks.
CVE-2022-32800: Mickey Jin (@patch1t)
PluginKit
Available for: macOS Monterey
Impact: An app may be able to read arbitrary files
Description: A logic issue was addressed with improved state
management.
CVE-2022-32838: Mickey Jin (@patch1t) of Trend Micro
PS Normalizer
Available for: macOS Monterey
Impact: Processing a maliciously crafted Postscript file may result
in unexpected app termination or disclosure of process memory
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2022-32843: Kai Lu of Zscaler's ThreatLabz
SMB
Available for: macOS Monterey
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A memory corruption issue was addressed with improved
state management.
CVE-2022-32796: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds read issue was addressed with improved
input validation.
CVE-2022-32842: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to gain elevated privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-32798: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: A user in a privileged network position may be able to leak
sensitive information
Description: An out-of-bounds read issue was addressed with improved
bounds checking.
CVE-2022-32799: Sreejith Krishnan R (@skr0x1c0)
SMB
Available for: macOS Monterey
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved memory handling.
CVE-2022-32818: Sreejith Krishnan R (@skr0x1c0)
Software Update
Available for: macOS Monterey
Impact: A user in a privileged network position can track a user’s
activity
Description: This issue was addressed by using HTTPS when sending
information over the network.
CVE-2022-32857: Jeffrey Paul (sneak.berlin)
Spindump
Available for: macOS Monterey
Impact: An app may be able to overwrite arbitrary files
Description: This issue was addressed with improved file handling.
CVE-2022-32807: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab
Spotlight
Available for: macOS Monterey
Impact: An app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2022-32801: Joshua Mason (@josh@jhu.edu)
subversion
Available for: macOS Monterey
Impact: Multiple issues in subversion
Description: Multiple issues were addressed by updating subversion.
CVE-2021-28544: Evgeny Kotkov, visualsvn.com
CVE-2022-24070: Evgeny Kotkov, visualsvn.com
CVE-2022-29046: Evgeny Kotkov, visualsvn.com
CVE-2022-29048: Evgeny Kotkov, visualsvn.com
TCC
Available for: macOS Monterey
Impact: An app may be able to access sensitive user information
Description: An access issue was addressed with improvements to the
sandbox.
CVE-2022-32834: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
WebKit
Available for: macOS Monterey
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: The issue was addressed with improved UI handling.
WebKit Bugzilla: 239316
CVE-2022-32816: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
WebKit Bugzilla: 240720
CVE-2022-32792: Manfred Paul (@_manfp) working with Trend Micro Zero
Day Initiative
WebRTC
Available for: macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution.
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 242339
CVE-2022-2294: Jan Vojtesek of Avast Threat Intelligence team
Wi-Fi
Available for: macOS Monterey
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32837: Wang Yu of Cyberserval
Wi-Fi
Available for: macOS Monterey
Impact: A remote user may be able to cause unexpected system
termination or corrupt kernel memory
Description: This issue was addressed with improved checks.
CVE-2022-32847: Wang Yu of Cyberserval
Windows Server
Available for: macOS Monterey
Impact: An app may be able to capture a user’s screen
Description: A logic issue was addressed with improved checks.
CVE-2022-32848: Jeremy Legendre of MacEnhance
Additional recognition
802.1X
We would like to acknowledge Shin Sun of National Taiwan University
for their assistance.
AppleMobileFileIntegrity
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
Calendar
We would like to acknowledge Joshua Jones for their assistance.
configd
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security, Mickey Jin (@patch1t) of Trend Micro, and Wojciech Reguła
(@_r3ggi) of SecuRing for their assistance.
DiskArbitration
We would like to acknowledge Mike Cush for their assistance.
macOS Monterey 12.5 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmLYiL4ACgkQeC9qKD1p
rhhjpQ//TQX1ihtXRIjFpPOViMy6IxuLE1CsKFxq5MweXelbPB/UdeUl/zL5G54b
/Lx2XYKoWj6u27FCO0BHxBqtYbAd6sfx70VLCk5W6gyk/yCi0n3zh7BvRvWB/Ugh
6NuHB39a1kbbjLLoQPbW0L6egdrCfqP/+ZujqjKl7xI58nda9jMHJC1ns87KQoDn
Er5SAGf7M2ErGNzOFqvXjpJYvGsrKJyfqNxp99H/sPlzu7URX9Gq3f3n1o55IUUa
mcxlBPDfUmDQPjdSqw/BprQkDOvp0fzmTy+phB0fkgmvVJ8EmEJAoilL4SyH4uW9
V1GD9rtjUKh7G/gSFAo7y0HBDQoM+E9hA+4PPlH2o1nUOAl6BRWUka6jf4yaqrpr
pfo1K2hPQj1g4MMZFCDWkJ+7V1+1GTQ9WlagL5gB3QaKefiSG4cTnL06Y8zn38TD
TY3JrdqUI7Pzugu+FuHs7P168yNIGXTscb1ptrVlaVBaVuyICmEcKX4HS+I5o30q
WqCOaRoaa6WRqBwNEy7zVAExjSPt7t8ZWt85avWSt+rLxNGiVkPrpHu4fE+V2IAV
fz1VA4S/w69h9uJHXdcG+QfvNxX+zj/vljF6DK3dyQ957Mqfyr2y9ojSbdf6vo4n
DJFXNxbEk35loy/kDDidC1C1sFKY+JeQF7ZBi0/QOyuSdSdJrSg=
=ibIr
-----END PGP SIGNATURE-----
.
Background
=========
QtWebEngine is a library for rendering dynamic web content in Qt5 and
Qt6 C++ and QML applications.
CVE-2022-32832: Tommy Muir (@Muirey03)
AppleAVD
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote user may be able to cause kernel code execution
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2022-32821: John Aakerblom (@jaakerblom)
Home
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lock
screen
Description: A logic issue was addressed with improved state
management. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/ iTunes and Software Update on the
device will automatically check Apple's update server on its weekly
schedule. When an update is detected, it is downloaded and the option
to be installed is presented to the user when the iOS device is
docked. We recommend applying the update immediately if possible.
Selecting Don't Install will present the option the next time you
connect your iOS device. The automatic update process may take up to
a week depending on the day that iTunes or the device checks for
updates. You may manually obtain the update via the Check for Updates
button within iTunes, or the Software Update on your device. To
check that the iPhone, iPod touch, or iPad has been updated: *
Navigate to Settings * Select General * Select About. The version
after applying this update will be "iOS 15.6 and iPadOS 15.6". - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Chromium, Google Chrome, Microsoft Edge: Multiple Vulnerabilities
Date: August 21, 2022
Bugs: #858104, #859442, #863512, #865501, #864723
ID: 202208-35
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in Chromium and its
derivatives, the worst of which could result in remote code execution.
Background
=========
Chromium is an open-source browser project that aims to build a safer,
faster, and more stable way for all users to experience the web.
Google Chrome is one fast, simple, and secure browser for all your
devices.
Microsoft Edge is a browser that combines a minimal design with
sophisticated technology to make the web faster, safer, and easier.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/chromium < 104.0.5112.101 >= 104.0.5112.101
2 www-client/chromium-bin < 104.0.5112.101 >= 104.0.5112.101
3 www-client/google-chrome < 104.0.5112.101 >= 104.0.5112.101
4 www-client/microsoft-edge < 104.0.1293.63 >= 104.0.1293.63
Description
==========
Multiple vulnerabilities have been discovered in Chromium and its
derivatives. Please review the CVE identifiers referenced below for
details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Chromium users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-104.0.5112.101"
All Chromium binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/chromium-bin-104.0.5112.101"
All Google Chrome users should upgrade to tha latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/google-chrome-104.0.5112.101"
All Microsoft Edge users should upgrade to tha latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/microsoft-edge-104.0.1293.63"
References
=========
[ 1 ] CVE-2022-2163
https://nvd.nist.gov/vuln/detail/CVE-2022-2163
[ 2 ] CVE-2022-2294
https://nvd.nist.gov/vuln/detail/CVE-2022-2294
[ 3 ] CVE-2022-2295
https://nvd.nist.gov/vuln/detail/CVE-2022-2295
[ 4 ] CVE-2022-2296
https://nvd.nist.gov/vuln/detail/CVE-2022-2296
[ 5 ] CVE-2022-2477
https://nvd.nist.gov/vuln/detail/CVE-2022-2477
[ 6 ] CVE-2022-2478
https://nvd.nist.gov/vuln/detail/CVE-2022-2478
[ 7 ] CVE-2022-2479
https://nvd.nist.gov/vuln/detail/CVE-2022-2479
[ 8 ] CVE-2022-2480
https://nvd.nist.gov/vuln/detail/CVE-2022-2480
[ 9 ] CVE-2022-2481
https://nvd.nist.gov/vuln/detail/CVE-2022-2481
[ 10 ] CVE-2022-2603
https://nvd.nist.gov/vuln/detail/CVE-2022-2603
[ 11 ] CVE-2022-2604
https://nvd.nist.gov/vuln/detail/CVE-2022-2604
[ 12 ] CVE-2022-2605
https://nvd.nist.gov/vuln/detail/CVE-2022-2605
[ 13 ] CVE-2022-2606
https://nvd.nist.gov/vuln/detail/CVE-2022-2606
[ 14 ] CVE-2022-2607
https://nvd.nist.gov/vuln/detail/CVE-2022-2607
[ 15 ] CVE-2022-2608
https://nvd.nist.gov/vuln/detail/CVE-2022-2608
[ 16 ] CVE-2022-2609
https://nvd.nist.gov/vuln/detail/CVE-2022-2609
[ 17 ] CVE-2022-2610
https://nvd.nist.gov/vuln/detail/CVE-2022-2610
[ 18 ] CVE-2022-2611
https://nvd.nist.gov/vuln/detail/CVE-2022-2611
[ 19 ] CVE-2022-2612
https://nvd.nist.gov/vuln/detail/CVE-2022-2612
[ 20 ] CVE-2022-2613
https://nvd.nist.gov/vuln/detail/CVE-2022-2613
[ 21 ] CVE-2022-2614
https://nvd.nist.gov/vuln/detail/CVE-2022-2614
[ 22 ] CVE-2022-2615
https://nvd.nist.gov/vuln/detail/CVE-2022-2615
[ 23 ] CVE-2022-2616
https://nvd.nist.gov/vuln/detail/CVE-2022-2616
[ 24 ] CVE-2022-2617
https://nvd.nist.gov/vuln/detail/CVE-2022-2617
[ 25 ] CVE-2022-2618
https://nvd.nist.gov/vuln/detail/CVE-2022-2618
[ 26 ] CVE-2022-2619
https://nvd.nist.gov/vuln/detail/CVE-2022-2619
[ 27 ] CVE-2022-2620
https://nvd.nist.gov/vuln/detail/CVE-2022-2620
[ 28 ] CVE-2022-2621
https://nvd.nist.gov/vuln/detail/CVE-2022-2621
[ 29 ] CVE-2022-2622
https://nvd.nist.gov/vuln/detail/CVE-2022-2622
[ 30 ] CVE-2022-2623
https://nvd.nist.gov/vuln/detail/CVE-2022-2623
[ 31 ] CVE-2022-2624
https://nvd.nist.gov/vuln/detail/CVE-2022-2624
[ 32 ] CVE-2022-2852
https://nvd.nist.gov/vuln/detail/CVE-2022-2852
[ 33 ] CVE-2022-2853
https://nvd.nist.gov/vuln/detail/CVE-2022-2853
[ 34 ] CVE-2022-2854
https://nvd.nist.gov/vuln/detail/CVE-2022-2854
[ 35 ] CVE-2022-2855
https://nvd.nist.gov/vuln/detail/CVE-2022-2855
[ 36 ] CVE-2022-2856
https://nvd.nist.gov/vuln/detail/CVE-2022-2856
[ 37 ] CVE-2022-2857
https://nvd.nist.gov/vuln/detail/CVE-2022-2857
[ 38 ] CVE-2022-2858
https://nvd.nist.gov/vuln/detail/CVE-2022-2858
[ 39 ] CVE-2022-2859
https://nvd.nist.gov/vuln/detail/CVE-2022-2859
[ 40 ] CVE-2022-2860
https://nvd.nist.gov/vuln/detail/CVE-2022-2860
[ 41 ] CVE-2022-2861
https://nvd.nist.gov/vuln/detail/CVE-2022-2861
[ 42 ] CVE-2022-33636
https://nvd.nist.gov/vuln/detail/CVE-2022-33636
[ 43 ] CVE-2022-33649
https://nvd.nist.gov/vuln/detail/CVE-2022-33649
[ 44 ] CVE-2022-35796
https://nvd.nist.gov/vuln/detail/CVE-2022-35796
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-35
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers
| VAR-202207-2122 | No CVE | Sangfor Technology Co., Ltd. has a weak password vulnerability in the virtualization authorization management system |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sangfor Technology Co., Ltd. is a product and service provider focusing on enterprise-level network security, cloud computing, IT infrastructure and the Internet of Things.
There is a weak password vulnerability in the virtual authorization management system of Sangfor Technology Co., Ltd., which can be exploited by attackers to obtain sensitive information.
| VAR-202207-0135 | CVE-2022-34893 | Trend Micro antivirus Multiple vulnerabilities in the cloud |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine. Virus Buster from Trend Micro Inc. An update for the cloud has been released. This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but you may be impacted by: Please refer to the respective advisory provided by the developer for details. Cloud version 17.7 It was * Arbitrary file deletion due to link interpretation problem when accessing file in data erasure tool - CVE-2022-30687 It was * Privilege escalation due to link interpretation problems when accessing files - CVE-2022-34893 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348 It was * Time-of-check Time-of-use (( TOCTOU ) Privilege escalation due to race condition vulnerability - CVE-2022-48191 virus buster Cloud version 17.0 It was * Information Disclosure via Out-of-Bounds Read Vulnerability - CVE-2022-35234 , CVE-2022-37347 , CVE-2022-37348. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the Trend Micro Anti-Malware Solution Platform. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM
| VAR-202207-0037 | CVE-2022-34151 | Multiple vulnerabilities in multiple Omron products |
CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH |
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-34151 It was * Applicable controller products and automation software Sysmac Studio unauthorized access to the controller product by a third party who can analyze the communication between the controller and the programmable terminal. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. Omron Machine automation controller NX7 series, etc. are all products of Japan's Omron (Omron). Omron Machine automation controller NX7 series is a series of machine automation controllers. Omron Machine automation controller NX1 series is a series of machine automation controllers. An attacker could exploit this vulnerability to gain full access to a vulnerable system
| VAR-202207-0036 | CVE-2022-33208 | Multiple vulnerabilities in multiple Omron products |
CVSS V2: 6.8 CVSS V3: 8.1 Severity: HIGH |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. * Using hardcoded credentials ( CWE-798 ) - CVE-2022-34151 It was * Capture-Replay Authentication evasion by ( CWE-294 ) - CVE-2022-33208 It was * Presence of debug code available ( CWE-489 ) - CVE-2022-33971 This vulnerability information is provided by the developer for the purpose of dissemination to product users. JPCERT/CC Report to JPCERT/CC Coordinated with the developer.The potential impact will vary for each vulnerability, but may include: * Unauthorized access to the controller product by a third party who has obtained authentication information by analyzing the product in advance. - CVE-2022-33208 It was * Disruption of service operation ( DoS ) attacks and malicious programs are executed - CVE-2022-33971. are all products of Japan's Omron (Omron). A remote attacker could exploit this vulnerability to bypass the authentication process
| VAR-202207-0062 | CVE-2022-32046 | TOTOLINK of t6 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. TOTOLINK of t6 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state. TOTOLINK T6 is a wireless dual-band router from China TOTOLINK. The vulnerability stems from the fact that the desc parameter in the FUN_0041880c function does not check the length of the input data. A remote attacker could exploit this vulnerability to cause a denial of service
| VAR-202207-0094 | CVE-2022-32032 | Shenzhen Tenda Technology Co.,Ltd. of ax1806 Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. Shenzhen Tenda Technology Co.,Ltd. of ax1806 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The vulnerability arises from the fact that the deviceList parameter of the formAddMacfilterRule function does not check the length of the input data. No detailed vulnerability details are currently provided