VARIoT IoT vulnerabilities database

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell is a company that manufactures, designs, and sells home and office computers, as well as servers, data storage devices, networking equipment, and more

'Long-term Data Archive Package' service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Secomea of gatemanager Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1923181 - CVE-2021-22132 elasticsearch: executing async search improperly stores HTTP headers leading to information disclosure 1925237 - CVE-2020-9492 hadoop: WebHDFS client might send SPNEGO authorization header 1934116 - CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS 1935927 - CVE-2021-20289 resteasy: Error message exposes endpoint class information 1943189 - CVE-2021-22137 elasticsearch: Document disclosure flaw when Document or Field Level Security is used 1945710 - CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents 1945712 - CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF 1945714 - CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame 1954559 - CVE-2021-3520 lz4: memory corruption due to an integer overflow bug caused by memmove argument 1977362 - CVE-2021-3629 undertow: potential security issue in flow control over HTTP/2 may lead to DOS 1995259 - CVE-2021-37714 jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck 2009041 - CVE-2021-38153 Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients 2011190 - CVE-2021-40690 xml-security: XPath Transform abuse allows for information disclosure 2020583 - CVE-2021-2471 mysql-connector-java: unauthorized access to critical 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 5. Description: Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Bugs fixed (https://bugzilla.redhat.com/): 2031958 - CVE-2021-43797 netty: control chars in header names may lead to HTTP request smuggling 2039403 - CVE-2021-42392 h2: Remote Code Execution in Console 2040268 - CVE-2022-0225 keycloak: Stored XSS in groups dropdown 2060929 - CVE-2022-0866 wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled 2064226 - CVE-2022-0084 xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2115392 - CVE-2022-2668 keycloak: Uploading of SAML javascript protocol mapper scripts through the admin console 6. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Bugs fixed (https://bugzilla.redhat.com/): 2004133 - CVE-2021-37136 netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data 2004135 - CVE-2021-37137 netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way 2064698 - CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects 2087186 - CVE-2022-24823 netty: world readable temporary file containing sensitive data 2129809 - CVE-2022-36944 scala: deserialization gadget chain 2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS 2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays 2135770 - CVE-2022-40150 jettison: memory exhaustion via user-supplied XML or JSON data 2135771 - CVE-2022-40149 jettison: parser crash by stackoverflow 2154086 - CVE-2021-0341 okhttp: information disclosure via improperly used cryptographic function 2169845 - CVE-2023-0833 Red Hat A-MQ Streams: component version with information disclosure flaw 2185707 - CVE-2021-46877 jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode 2188542 - CVE-2023-1370 json-smart: Uncontrolled Resource Consumption vulnerability in json-smart (Resource Exhaustion) 5. JIRA issues fixed (https://issues.jboss.org/): ENTMQST-4107 - [KAFKA] MM2 connector task stopped and didn?t result in failed state ENTMQST-4541 - [PROD] Create RHSA erratum for Streams 2.4.0 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: jackson security update Advisory ID: RHSA-2023:2312-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2312 Issue date: 2023-05-09 CVE Names: CVE-2020-36518 ==================================================================== 1. Summary: An update for jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - noarch 3. Description: Jackson is a suite of data-processing tools for Java, including the flagship streaming JSON parser / generator library, matching data-binding library, and additional modules to process data encoded in various other data formats. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: jackson-annotations-2.14.1-1.el9.src.rpm jackson-core-2.14.1-2.el9.src.rpm jackson-databind-2.14.1-2.el9.src.rpm jackson-jaxrs-providers-2.14.1-2.el9.src.rpm jackson-modules-base-2.14.1-2.el9.src.rpm noarch: pki-jackson-annotations-2.14.1-1.el9.noarch.rpm pki-jackson-core-2.14.1-2.el9.noarch.rpm pki-jackson-databind-2.14.1-2.el9.noarch.rpm pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch.rpm pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch.rpm pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-36518 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo1ONzjgjWX9erEAQhQXA//RhJAsKLGfyB+T7HQRwsWYj9OoKCzMCkc ScXoI5eI1LYKZijOPfLHj63Zp/DO+pAJLCaHdb+S+OKRddCSsHRQPw4x0tBWNPPW FBcrbxITZEbyW3WWe7BSE9/HK0ckojEJIaxmBYTsRc8zErXMmPLKGAwODWC0ohjs 8RGmfV5Cj8OzhprS0MWKrbydlv/kUzr/vayM870hRGIwg1+vE3owWYLGN8ZAwqcs 3J/N3OMheZiUk3MxPCkk92sJmpuEmGQrPPL2+I5/lXMRo4SEq3sairxkAwER10i1 kXxF8aFwgHYv5oaD06B+PuIFEQ26Clc97oMMbYBEFDYVGa5pIPNZ0dG16QPO9HLT Co0oFQ/y77HrzmM5FCUI6Zlgt8fccvc2Cg4VGG473zTAkQ0JvsZtbIjH4PVfoMp8 5Rrvk2YZJCTKdjB+7RkgnTZBQ8Xar1XwMBTQ1Zq6Z1b+ERTc8s+ihIOjD86cd+J7 TLPf/fDiy6arGI13lCa81Ssyg2iWOzySHUEag0Fs1eYKWMSoKMuSuywH7e0hjFKG +AqSml6lTxNvwGZ13ieMGslOGRFk01GR6R2BbwnDicXXhqv1O2kuaDenf9HQBteR KsTKBi7dBqdoHwGBpVb8gRxntlKQQKsKv1wpA+A2yDFu4umBxcUoZ9fT2WnI12UH cvdlmKHSc9E=W5RJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. Alienware 13 R3 firmware, Alienware 15 R3 firmware, Alienware 15 R4 Multiple Dell products, such as firmware, contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00

A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. TOTOLINK of A3100R Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The Totolink A3100R is a series of wireless routers from the Chinese company Totolink

OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. Google of Android Exists in an out-of-bounds read vulnerability.Information may be obtained. Samsung hdcp2 is a system for Samsung mobile devices that protects output DVD content through HDMI to prevent copying. Samsung hdcp2 has an out-of-bounds read vulnerability, which results from a lack of proper validation of user-supplied data

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceName parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsPwd parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. Google of Android Exists in a vulnerability related to the use of freed memory.Service operation interruption (DoS) It may be in a state. Samsung sdp driver is a digital presenter driver for Samsung mobile devices. There is a denial of service vulnerability in the Samsung sdp driver. The vulnerability results from the confusion of the program's instructions responsible for releasing memory. An attacker could exploit this vulnerability to cause a kernel crash

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ntpServer parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda Company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. Tenda AX1806 is a WiFi6 wireless router from China Tenda company

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the serverName parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China. A stack overflow vulnerability exists in Tenda AX1806, which allows remote attackers to use the vulnerability to submit special requests that can crash the application or execute arbitrary code in the context of the application

Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsDomain parameter. Tenda AX1806 is a WiFi6 wireless router from Tenda, China