VARIoT IoT vulnerabilities database
| VAR-202205-1693 | CVE-2021-34111 | Thecus of n4800eco in the firmware OS Command injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. Thecus of n4800eco The firmware has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ARCHISITE Thecus 4800Eco is a server of Japan ARCHISITE company
| VAR-202205-1658 | CVE-2021-43728 | Pix-Link MiNi Router 28K.MiniRouter.20190211 cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. PIX-Link of LV-WR09 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link Company in China. Attackers can exploit this vulnerability to execute JavaScript code on the client
| VAR-202205-1640 | CVE-2021-43729 | PIX-Link of LV-WR09 Cross-site scripting vulnerability in firmware |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. PIX-Link of LV-WR09 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Pix-Link MiNi Router 28K.MiniRouter.20190211 is a router from Pix-Link Company in China. Attackers can exploit this vulnerability to execute JavaScript code on the client
| VAR-202205-1606 | CVE-2022-29525 | Rakuten Mobile Rakuten Casa Trust Management Issue Vulnerability |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. Provided by Rakuten Mobile, Inc. Rakuten Casa There are multiple vulnerabilities in the following: - Use of hardcoded credentials (CWE-798) - CVE-2022-29525 - Inadequate access restrictions (CWE-284) - CVE-2022-28704 - Inadequate access restrictions (CWE-284) - CVE-2022-26834CVE-2022-29525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Rack Co., Ltd. Hirai Narumi Mr CVE-2022-28704 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Oshiro Yuki Mr. Tagawa Maki Mr CVE-2022-26834 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Tagawa Maki MrThe expected impact varies depending on the vulnerability, but the following impacts may occur: - A third party who has access to information about the affected product's case may root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-29525 ・Initial settings WAN From the side SSH If your computer is set to accept connections and you are connected to the Internet without changing the authentication information from the default settings, root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-28704 ・Initial settings WAN From the side HTTP The device is ready to accept connections, and internal information about the device can be obtained. - CVE-2022-26834. Rakuten Mobile Rakuten Casa is a small base station of Rakuten Mobile in Japan. Used to improve radio wave conditions for users.
Rakuten Mobile Rakuten Casa AP_F_V2_0_0 and AP_F_V1_4_1 versions have a trust management issue vulnerability, which is caused by hard-coded credentials in the application code. An unauthenticated remote attacker could exploit this vulnerability to gain full access to a vulnerable system using hard-coded credentials
| VAR-202205-1607 | CVE-2022-26834 | Rakuten Mobile Rakuten Casa Access Control Error Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. Provided by Rakuten Mobile, Inc. Rakuten Casa There are multiple vulnerabilities in the following: - Use of hardcoded credentials (CWE-798) - CVE-2022-29525 - Inadequate access restrictions (CWE-284) - CVE-2022-28704 - Inadequate access restrictions (CWE-284) - CVE-2022-26834CVE-2022-29525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Rack Co., Ltd. Hirai Narumi Mr CVE-2022-28704 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Oshiro Yuki Mr. Tagawa Maki Mr CVE-2022-26834 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Tagawa Maki MrThe expected impact varies depending on the vulnerability, but the following impacts may occur: - A third party who has access to information about the affected product's case may root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-28704 ・Initial settings WAN From the side HTTP The device is ready to accept connections, and internal information about the device can be obtained. - CVE-2022-26834. Rakuten Mobile Rakuten Casa is a small base station of Rakuten Mobile in Japan. Used to improve radio wave conditions for users
| VAR-202205-1608 | CVE-2022-28704 | Rakuten Casa Multiple vulnerabilities in |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. Provided by Rakuten Mobile, Inc. Rakuten Casa There are multiple vulnerabilities in the following: - Use of hardcoded credentials (CWE-798) - CVE-2022-29525 - Inadequate access restrictions (CWE-284) - CVE-2022-28704 - Inadequate access restrictions (CWE-284) - CVE-2022-26834CVE-2022-29525 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Rack Co., Ltd. Hirai Narumi Mr CVE-2022-28704 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Oshiro Yuki Mr. Tagawa Maki Mr CVE-2022-26834 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Tagawa Maki MrThe expected impact varies depending on the vulnerability, but the following impacts may occur: - A third party who has access to information about the affected product's case may root The user can log in with the appropriate permissions and perform any operation. - CVE-2022-28704 ・Initial settings WAN From the side HTTP The device is ready to accept connections, and internal information about the device can be obtained. - CVE-2022-26834. Rakuten Mobile Rakuten Casa is a small base station of Rakuten Mobile in Japan. Used to improve radio wave conditions for users. An attacker could exploit this vulnerability to remotely gain unauthorized access to otherwise restricted functionality
| VAR-202205-1595 | CVE-2022-20671 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1596 | CVE-2022-20672 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1600 | CVE-2022-20670 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1646 | CVE-2022-29181 | Nokogiri Vulnerability regarding mix-ups in |
CVSS V2: 6.4 CVSS V3: 8.2 Severity: HIGH |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. Nokogiri contains a type confusion vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. Nokogiri versions 1.13.6-1.1 and later have a security vulnerability that could be exploited by an attacker to trigger Nokogiri's memory corruption, triggering a denial of service and potentially running code. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Nokogiri: Multiple Vulnerabilities
Date: August 14, 2022
Bugs: #846623, #837902, #762685
ID: 202208-29
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Nokogiri, the worst of
which could result in denial of service.
Background
=========
Nokogiri is an HTML, XML, SAX, and Reader parser.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-ruby/nokogiri < 1.13.6 >= 1.13.6
Description
==========
Multiple vulnerabilities have been discovered in Nokogiri. Please review
the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Nokogiri users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">\xdev-ruby/nokogiri-1.13.6"
References
=========
[ 1 ] CVE-2020-26247
https://nvd.nist.gov/vuln/detail/CVE-2020-26247
[ 2 ] CVE-2022-24836
https://nvd.nist.gov/vuln/detail/CVE-2022-24836
[ 3 ] CVE-2022-29181
https://nvd.nist.gov/vuln/detail/CVE-2022-29181
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-29
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2022-12-13-4 macOS Ventura 13.1
macOS Ventura 13.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213532.
Accounts
Available for: macOS Ventura
Impact: A user may be able to view sensitive user information
Description: This issue was addressed with improved data protection.
CVE-2022-42843: Mickey Jin (@patch1t)
AMD
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-42847: ABC Research s.r.o.
AppleMobileFileIntegrity
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by enabling hardened runtime.
CVE-2022-42865: Wojciech Reguła (@_r3ggi) of SecuRing
Bluetooth
Available for: macOS Ventura
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42854: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.
Ltd. (@starlabs_sg)
Boot Camp
Available for: macOS Ventura
Impact: An app may be able to modify protected parts of the file
system
Description: An access issue was addressed with improved access
restrictions.
CVE-2022-42853: Mickey Jin (@patch1t) of Trend Micro
CoreServices
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: Multiple issues were addressed by removing the
vulnerable code.
CVE-2022-42859: Mickey Jin (@patch1t), Csaba Fitzl (@theevilbit) of
Offensive Security
DriverKit
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-32942: Linus Henze of Pinauten GmbH (pinauten.de)
ImageIO
Available for: macOS Ventura
Impact: Processing a maliciously crafted file may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-46693: Mickey Jin (@patch1t)
IOHIDFamily
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with improved state
handling.
CVE-2022-42864: Tommy Muir (@Muirey03)
IOMobileFrameBuffer
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2022-46690: John Aakerblom (@jaakerblom)
IOMobileFrameBuffer
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds access issue was addressed with
improved bounds checking.
CVE-2022-46697: John Aakerblom (@jaakerblom) and Antonio Zekic
(@antoniozekic)
iTunes Store
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: An issue existed in the parsing of URLs. This issue was
addressed with improved input validation.
CVE-2022-42837: Weijia Dai (@dwj1210) of Momo Security
Kernel
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: A race condition was addressed with additional
validation.
CVE-2022-46689: Ian Beer of Google Project Zero
Kernel
Available for: macOS Ventura
Impact: Connecting to a malicious NFS server may lead to arbitrary
code execution with kernel privileges
Description: The issue was addressed with improved bounds checks.
CVE-2022-46701: Felix Poulin-Belanger
Kernel
Available for: macOS Ventura
Impact: A remote user may be able to cause kernel code execution
Description: The issue was addressed with improved memory handling.
CVE-2022-42842: pattern-f (@pattern_F_) of Ant Security Light-Year
Lab
Kernel
Available for: macOS Ventura
Impact: An app may be able to break out of its sandbox
Description: This issue was addressed with improved checks.
CVE-2022-42861: pattern-f (@pattern_F_) of Ant Security Light-Year
Lab
Kernel
Available for: macOS Ventura
Impact: An app with root privileges may be able to execute arbitrary
code with kernel privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42845: Adam Doupé of ASU SEFCOM
Photos
Available for: macOS Ventura
Impact: Shake-to-undo may allow a deleted photo to be re-surfaced
without authentication
Description: The issue was addressed with improved bounds checks.
CVE-2022-32943: an anonymous researcher
ppp
Available for: macOS Ventura
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: The issue was addressed with improved memory handling.
CVE-2022-42840: an anonymous researcher
Preferences
Available for: macOS Ventura
Impact: An app may be able to use arbitrary entitlements
Description: A logic issue was addressed with improved state
management.
CVE-2022-42855: Ivan Fratric of Google Project Zero
Printing
Available for: macOS Ventura
Impact: An app may be able to bypass Privacy preferences
Description: This issue was addressed by removing the vulnerable
code.
CVE-2022-42862: Mickey Jin (@patch1t)
Ruby
Available for: macOS Ventura
Impact: A remote user may be able to cause unexpected app termination
or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2022-24836
CVE-2022-29181
Safari
Available for: macOS Ventura
Impact: Visiting a website that frames malicious content may lead to
UI spoofing
Description: A spoofing issue existed in the handling of URLs. This
issue was addressed with improved input validation.
CVE-2022-46695: KirtiKumar Anandrao Ramchandani
Weather
Available for: macOS Ventura
Impact: An app may be able to read sensitive location information
Description: The issue was addressed with improved handling of
caches.
CVE-2022-42866: an anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie Stone of Google Project Zero
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory consumption issue was addressed with improved
memory handling.
WebKit Bugzilla: 245466
CVE-2022-46691: an anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may bypass Same
Origin Policy
Description: A logic issue was addressed with improved state
management.
WebKit Bugzilla: 246783
CVE-2022-46692: KirtiKumar Anandrao Ramchandani
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2022-42852: hazbinhotel working with Trend Micro Zero Day
Initiative
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
input validation.
WebKit Bugzilla: 246942
CVE-2022-46696: Samuel Groß of Google V8 Security
WebKit Bugzilla: 247562
CVE-2022-46700: Samuel Groß of Google V8 Security
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A logic issue was addressed with improved checks.
CVE-2022-46698: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs
& DNSLab, Korea Univ.
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
WebKit Bugzilla: 247420
CVE-2022-46699: Samuel Groß of Google V8 Security
WebKit Bugzilla: 244622
CVE-2022-42863: an anonymous researcher
WebKit
Available for: macOS Ventura
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited against versions of iOS released
before iOS 15.1.
WebKit Bugzilla: 248266
CVE-2022-42856: Clément Lecigne of Google's Threat Analysis Group
xar
Available for: macOS Ventura
Impact: Processing a maliciously crafted package may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
checks.
CVE-2022-42841: Thijs Alkemade (@xnyhps) of Computest Sector 7
Additional recognition
Kernel
We would like to acknowledge Zweig of Kunlun Lab for their
assistance.
Lock Screen
We would like to acknowledge Kevin Mann for their assistance.
Safari Extensions
We would like to acknowledge Oliver Dunk and Christian R. of
1Password for their assistance.
WebKit
We would like to acknowledge an anonymous researcher and scarlet for
their assistance.
macOS Ventura 13.1 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/
All information is also posted on the Apple Security Updates
web site: https://support.apple.com/en-us/HT201222.
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmOZFYAACgkQ4RjMIDke
Nxk1zRAAuqDsK19ODzl+oIO6xYMDcbiQV/ibvU9uwLtwTR8Y2wLga9V/vaaPTS6z
qRkTivKEfdLMVW8Xlzl1jb+BMS0+dIjYrPAFatU8A5H2A3MLY5Trl9tTs+D8BgQJ
reLRAyR6qJVwu+VMMjgrUxkQliPNYeumrmLwmKJdByYPzv4GLY5bOIf6siUAIJdB
vs2zzcq6+BnoJkS1iYa+Ub5S3bSryR2i8vrSit6PcYBtLKHxUJaK2YBdA8LoqB4J
wenkEaEhyilm0bpyyF0VxDuvOcotqrGa2ikScrik/N/NueMqDi9duo9kKKVia0xa
Gx2cYLNDG10KBmz9w9B8YC6lNa6t7M5zmCYn8TmXTfndd7fCYbYajZNT0WxIYteK
sXYPkVpqEd4KVZxtQ3MfHlx5y4FwnqBkLACnfsNCs4KatbJPEg9Qy9Mn2ymi/9He
UoVt3XnQVhAgGIRV2qezjV9r0rtgnWpSKvFd9LSDcB9F6b/bzRipbxVnqdWCL1If
ymeeEY8BJ7WJnFqgXzRo42+4bp4R67iNH+Z/JjUy/Z7C3f2O66fFZu2pNL1vLILA
Wi/dprF13SjqCIavwWPbVL8UvfaAwBz53y38gwei6eSdsEO383r0XIIKjErGbWm6
hqHq/QKTWHQZqUFj4kUb4Ajw8Qe0j0qSrCLt4Wl11u/0r5hTRyI=
=C5EK
-----END PGP SIGNATURE-----
| VAR-202205-1597 | CVE-2022-20669 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1599 | CVE-2022-20674 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data. A remote attacker could exploit this vulnerability to perform a cross-site scripting (XSS) attack.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1598 | CVE-2022-20673 | Cisco Common Services Platform Collector Cross-site scripting vulnerability in software |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. The product analyzes network performance and identifies risks and vulnerabilities by polling Cisco devices for basic inventory and configuration data. A remote attacker could exploit this vulnerability to perform a cross-site scripting (XSS) attack.
Cisco has released software updates to address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cspc-multi-xss-tyDFjhwb
| VAR-202205-1577 | CVE-2021-42849 | Lenovo Personal Cloud Storage Authorization problem vulnerability |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
A weak default password for the serial port was reported in some Lenovo Personal Cloud Storage devices that could allow unauthorized device access to an attacker with physical access
| VAR-202205-1549 | CVE-2022-28955 | D-Link DIR816 Access Control Error Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. D-Link DIR816 is a wireless router from D-Link Company in Taiwan
| VAR-202205-1578 | CVE-2021-42851 | Lenovo Personal Cloud Storage Security hole |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
A vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to create a standard user account
| VAR-202205-1536 | CVE-2022-20809 | Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerability regarding information leakage from log files in |
CVSS V2: 3.5 CVSS V3: 6.5 Severity: MEDIUM |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco Expressway Series is a software for accessing devices outside the firewall. The software provides simple, highly secure access for users outside the firewall, helping remote workers work more efficiently on the device of their choice. An attacker could exploit this vulnerability to view the credentials of other users sharing the device.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-bsFVwueV
| VAR-202205-1556 | CVE-2022-20765 | Cisco UCS Director Cross-site scripting vulnerability in |
CVSS V2: 3.5 CVSS V3: 4.8 Severity: MEDIUM |
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. Cisco UCS Director Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Cisco UCS Director is a heterogeneous platform of private cloud infrastructure as a service (IaaS) of Cisco (Cisco).
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-UCS-XSS-uQSME3L7
| VAR-202205-1505 | CVE-2022-29638 | TOTOLINK A3100R Buffer Overflow Vulnerability |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. TOTOLINK A3100R is a series of wireless routers from the Chinese company TOTOLINK
| VAR-202205-1523 | CVE-2022-29646 | TotoLink A3100R Access Control Error Vulnerability (CNVD-2022-54651) |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. TotoLink A3100R is a series of wireless routers from TotoLink, a Taiwanese company