VARIoT IoT vulnerabilities database
| VAR-202205-0687 | CVE-2022-30040 | Shenzhen Tenda Technology Co.,Ltd. of ax1803 Out-of-bounds write vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs_ In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to achieve the effect of router denial of service. Shenzhen Tenda Technology Co.,Ltd. of ax1803 An out-of-bounds write vulnerability exists in firmware.Service operation interruption (DoS) It may be in a state.
Tenda AX1803 v1.0.0.1 1_2890 has a denial of service vulnerability. The vulnerability stems from a boundary error in the ntpserve parameter's handling of untrusted input
| VAR-202205-0823 | CVE-2021-0126 | Intel's manageability commander Input verification vulnerability in |
CVSS V2: 5.2 CVSS V3: 8.0 Severity: HIGH |
Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Intel's manageability commander There is an input validation vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0900 | CVE-2022-23743 | of Check Point Software Technologies zonealarm Vulnerability in privilege management in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process. In addition, weak permissions in the ProgramData\CheckPoint\ZoneAlarm\Data\Updates directory allow a local attacker the ability to execute an arbitrary file write, leading to execution of code as local system, in ZoneAlarm versions before v15.8.211.192119. of Check Point Software Technologies zonealarm contains vulnerabilities related to privilege management and improper assignment of permissions to critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0928 | CVE-2022-29872 | Unknown Vulnerability in Siemens SICAM P850 and SICAM P855 Devices |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30.
A security vulnerability exists in Siemens SICAM P850 and SICAM P855 Devices. arbitrary code. Siemens SICAM P850 and SICAM P855
| VAR-202205-0920 | CVE-2022-29874 | Siemens SICAM P850 and SICAM P855 Devices Sensitive Information Cleartext Transmission Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SICAM T (All versions < V3.0). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device. The SICAM P850 multifunctional measuring device is used to acquire, visualize, evaluate and transmit electrical measurement variables such as alternating current, alternating voltage, frequency, power, harmonics, etc. The SICAM P855 multifunction device is used to collect, display and transmit measured electrical variables such as AC current, AC voltage, power type, harmonics, etc. Measured values and events are collected and processed according to the power quality standard IEC 61000-4-30. Siemens SICAM P850 and SICAM P855
| VAR-202205-0756 | CVE-2021-0194 | Intel's in-band manageability Vulnerability in |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. Intel's in-band manageability Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0578 | CVE-2021-33317 | plural TRENDnet In the product NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability. This vulnerability exists in its lldp related component. Due to fail to check if ChassisID TLV is contained in the packet, by sending a crafted lldp packet to the device, an attacker can crash the process due to null pointer dereference. ti-pg1284i firmware, ti-g102i firmware, ti-g160i firmware etc. TRENDnet TI-PG Series is a series of switches from American Trend Network (TRENDnet) company
| VAR-202205-0834 | CVE-2022-27640 | Siemens' simatic cp 442-1 rna firmware and simatic cp 443-1 rna Firmware resource exhaustion vulnerability |
CVSS V2: 6.1 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot. Siemens' simatic cp 442-1 rna firmware and simatic cp 443-1 rna Firmware has a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Siemens SIMATIC CP 44x-1 RNA is a controller from Siemens (Siemens) company for communication processors connected to Ethernet
| VAR-202205-0677 | CVE-2022-24287 | Insecure initialization of resources to default values in multiple Siemens products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode. Siemens' SIMATIC PCS 7 , SIMATIC WinCC , SIMATIC WinCC Runtime Professional contains an insecure initialization of resources to default values.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SIMATIC PCS 7 is a process control system. SIMATIC WinCC is an automated data acquisition and supervisory control (SCADA) system. SIMATIC WinCC Runtime Professional is a visual runtime platform for operator control and monitoring of machines and plants. Siemens SIMATIC WinCC
| VAR-202205-0625 | CVE-2022-29117 | .NET and Microsoft Visual Studio Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: MEDIUM |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update
Advisory ID: RHSA-2022:2195-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195
Issue date: 2022-05-11
CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145
====================================================================
1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 6.0.105 and .NET Core
Runtime 6.0.5.
Security Fix(es):
* dotnet: excess memory allocation via HttpClient causes DoS
(CVE-2022-23267)
* dotnet: malicious content causes high CPU and memory usage
(CVE-2022-29117)
* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service
2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-23267
https://access.redhat.com/security/cve/CVE-2022-29117
https://access.redhat.com/security/cve/CVE-2022-29145
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17
4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi
sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn
Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA
f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5
n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB
3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE
0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a
Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ
j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ
rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3
zq2nVL/qVmM=le1K
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, s390x, x86_64
3
| VAR-202205-0624 | CVE-2022-23267 | plural Microsoft Service operation interruption in the product (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: MEDIUM |
.NET and Visual Studio Denial of Service Vulnerability. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update
Advisory ID: RHSA-2022:2195-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195
Issue date: 2022-05-11
CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145
====================================================================
1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 6.0.105 and .NET Core
Runtime 6.0.5.
Security Fix(es):
* dotnet: excess memory allocation via HttpClient causes DoS
(CVE-2022-23267)
* dotnet: malicious content causes high CPU and memory usage
(CVE-2022-29117)
* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service
2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-23267
https://access.redhat.com/security/cve/CVE-2022-29117
https://access.redhat.com/security/cve/CVE-2022-29145
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17
4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi
sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn
Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA
f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5
n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB
3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE
0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a
Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ
j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ
rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3
zq2nVL/qVmM=le1K
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, s390x, x86_64
3
| VAR-202205-0626 | CVE-2022-29145 | .NET and Microsoft Visual Studio Denial of service in Japan (DoS) Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: MEDIUM |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET 6.0 on RHEL 7 security and bugfix update
Advisory ID: RHSA-2022:2195-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2022:2195
Issue date: 2022-05-11
CVE Names: CVE-2022-23267 CVE-2022-29117 CVE-2022-29145
====================================================================
1. Summary:
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET Core is a managed-software framework. It implements a subset of the
.NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now
available. The updated versions are .NET Core SDK 6.0.105 and .NET Core
Runtime 6.0.5.
Security Fix(es):
* dotnet: excess memory allocation via HttpClient causes DoS
(CVE-2022-23267)
* dotnet: malicious content causes high CPU and memory usage
(CVE-2022-29117)
* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service
2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
x86_64:
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2022-23267
https://access.redhat.com/security/cve/CVE-2022-29117
https://access.redhat.com/security/cve/CVE-2022-29145
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYnw2ZtzjgjWX9erEAQhfsA//XM/8Ih5T9J+ql5cd6IgYWbT1UOM8KE17
4abvuRvxBqSfJyACbCEbRNm+GZzqWF6SHYamS3lAfs5Gt/SmIcEtyWZTaEkiZtbi
sIsJ2Hd802Sm8K1gcU0MFOMhT5zwI3ogteixbvzkN6y5NxHitkVTUZqOIjvpcNzn
Mc0bfAgeIzODP6F5hfneYantgPhQC3j5eWDcRBOrvxD2cRDnQ6CzL37wUsdSd+TA
f8b7Ck2lg9poj+v/4L/HVLZJi47HM3C3ouqJClTx3kL89ktEZkhavcLua4wX8aY5
n1MPCnMe9OrPwfzAzyCrZqKezAutuu3QfXaWy37RW4M4Tza1dfP/4eJ2fBH19JcB
3iUmFmQmR36WFLBMCrUzLNH8FsBXzp1MLiiKuRgV/MXa+M2ZwMeqTFQuAsAA8lTE
0Qeoyf7JmWP/iDcODWKU/+eApCsRKBnmB952x3UroOq0H57m1RPJKZRlwwqy1S2a
Tc2xXDB/w6SaORozEXlGnyrzHBIM7FdHkNS4zdWSNH4GRkO3bbwsi2CPgzIkXvyZ
j1Q4NEtntVC3FmkKHUoSw3XRmBNrBNAD3JRKWYXEmN1JAfXSAsrbOqlj9sCE/nTJ
rDNXwYArh73UwTMfU2+JL/2XE1mgV+LWBtAMsoBGHAg31HdXQQOe1UoJEaKjX7p3
zq2nVL/qVmM=le1K
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
. 8) - aarch64, s390x, x86_64
3
| VAR-202205-0763 | CVE-2022-28901 | of D-Link Japan Co., Ltd. dir-882 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. of D-Link Japan Co., Ltd. dir-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202205-0738 | CVE-2022-29325 | D-Link DIR-816 A2 Buffer Overflow Vulnerability (CNVD-2022-42153) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. D-Link DIR-816 A2 is a wireless router from D-Link, a Taiwanese company.
D-Link DIR-816 A2 has a buffer overflow vulnerability, which is caused by a boundary error in the addurlfilter parameter in /goform/websURLFilter when processing untrusted input, which can be exploited by an attacker to obtain a root shell
| VAR-202205-0804 | CVE-2022-29322 | D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64488) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan.
The D-Link DIR-816 A2_v1.10CNB04 firmware version has a buffer overflow vulnerability caused by a boundary error in the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip when handling untrusted input. An attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system, or cause the system to crash
| VAR-202205-0829 | CVE-2022-28915 | of D-Link Japan Co., Ltd. dir-816 Command injection vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. of D-Link Japan Co., Ltd. dir-816 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-816 A2 is a wireless router from D-Link, a Taiwanese company. An attacker could exploit this vulnerability to escalate privileges to root through a carefully crafted payload
| VAR-202205-0882 | CVE-2022-28896 | D-Link DIR882 Command Injection Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. of D-Link Japan Co., Ltd. dir-882 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR882 is a dual-band wireless router from China D-Link company
| VAR-202205-0805 | CVE-2022-29326 | D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64491) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan.
The D-Link DIR-816 A2_v1.10CNB04 version has a buffer overflow vulnerability that stems from a boundary error in the addhostfilter parameter in device /goform/websHostFilter when handling untrusted input. An attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system, or cause the system to crash
| VAR-202205-0765 | CVE-2022-29321 | D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64490) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan.
The D-Link DIR-816 A2_v1.10CNB04 firmware version has a buffer overflow vulnerability caused by a boundary error in the lanip parameter in /goform/setNetworkLan when handling untrusted input. An attacker could exploit this vulnerability to execute arbitrary code on the system, or cause the system to crash
| VAR-202205-0701 | CVE-2022-29323 | D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64487) |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. D-Link DIR-816 is a wireless router from D-Link Company in Taiwan.
The D-Link DIR-816 A2_v1.10CNB04 firmware version has a buffer overflow vulnerability caused by a boundary error in the MAC parameter in /goform/editassignment when handling untrusted input. An attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system, or cause the system to crash