VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202204-0632 CVE-2022-29458 ncurses  Out-of-bounds read vulnerability in CVSS V2: 5.8
CVSS V3: 7.1
Severity: HIGH
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library. ncurses Exists in an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state. (CVE-2019-17594). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ncurses: Multiple Vulnerabilities Date: August 09, 2024 Bugs: #839351, #904247 ID: 202408-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in ncurses, the worst of which could lead to a denial of service. Background ========= Free software emulation of curses in System V. Affected packages ================ Package Vulnerable Unaffected ----------------------- --------------- ---------------- sys-libs/ncurses < 6.4_p20230408 >= 6.4_p20230408 sys-libs/ncurses-compat < 6.4_p20240330 >= 6.4_p20240330 Description ========== Multiple vulnerabilities have been discovered in ncurses. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All ncurses users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-6.4_p20230408" # emerge --ask --oneshot --verbose ">=sys-libs/ncurses-compat-6.4_p20240330" References ========= [ 1 ] CVE-2022-29458 https://nvd.nist.gov/vuln/detail/CVE-2022-29458 [ 2 ] CVE-2023-29491 https://nvd.nist.gov/vuln/detail/CVE-2023-29491 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202408-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-6099-1 May 23, 2023 ncurses vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ncurses. Software Description: - ncurses: shared libraries for terminal handling Details: It was discovered that ncurses was incorrectly performing bounds checks when processing invalid hashcodes. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17594) It was discovered that ncurses was incorrectly handling end-of-string characters when processing terminfo and termcap files. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS. (CVE-2019-17595) It was discovered that ncurses was incorrectly handling end-of-string characters when converting between termcap and terminfo formats. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-39537) It was discovered that ncurses was incorrectly performing bounds checks when dealing with corrupt terminfo data while reading a terminfo file. An attacker could possibly use this issue to cause a denial of service or to expose sensitive information. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-29458) It was discovered that ncurses was parsing environment variables when running with setuid applications and not properly handling the processing of malformed data when doing so. A local attacker could possibly use this issue to cause a denial of service (application crash) or execute arbitrary code. (CVE-2023-29491) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: lib32ncurses6 6.4-2ubuntu0.1 lib32ncursesw6 6.4-2ubuntu0.1 lib32tinfo6 6.4-2ubuntu0.1 lib64ncurses6 6.4-2ubuntu0.1 lib64ncursesw6 6.4-2ubuntu0.1 lib64tinfo6 6.4-2ubuntu0.1 libncurses5 6.4-2ubuntu0.1 libncurses6 6.4-2ubuntu0.1 libncursesw5 6.4-2ubuntu0.1 libncursesw6 6.4-2ubuntu0.1 libtinfo5 6.4-2ubuntu0.1 libtinfo6 6.4-2ubuntu0.1 ncurses-bin 6.4-2ubuntu0.1 Ubuntu 22.10: lib32ncurses6 6.3+20220423-2ubuntu0.1 lib32ncursesw6 6.3+20220423-2ubuntu0.1 lib32tinfo6 6.3+20220423-2ubuntu0.1 lib64ncurses6 6.3+20220423-2ubuntu0.1 lib64ncursesw6 6.3+20220423-2ubuntu0.1 lib64tinfo6 6.3+20220423-2ubuntu0.1 libncurses5 6.3+20220423-2ubuntu0.1 libncurses6 6.3+20220423-2ubuntu0.1 libncursesw5 6.3+20220423-2ubuntu0.1 libncursesw6 6.3+20220423-2ubuntu0.1 libtinfo5 6.3+20220423-2ubuntu0.1 libtinfo6 6.3+20220423-2ubuntu0.1 ncurses-bin 6.3+20220423-2ubuntu0.1 Ubuntu 22.04 LTS: lib32ncurses6 6.3-2ubuntu0.1 lib32ncursesw6 6.3-2ubuntu0.1 lib32tinfo6 6.3-2ubuntu0.1 lib64ncurses6 6.3-2ubuntu0.1 lib64ncursesw6 6.3-2ubuntu0.1 lib64tinfo6 6.3-2ubuntu0.1 libncurses5 6.3-2ubuntu0.1 libncurses6 6.3-2ubuntu0.1 libncursesw5 6.3-2ubuntu0.1 libncursesw6 6.3-2ubuntu0.1 libtinfo5 6.3-2ubuntu0.1 libtinfo6 6.3-2ubuntu0.1 ncurses-bin 6.3-2ubuntu0.1 Ubuntu 20.04 LTS: lib32ncurses6 6.2-0ubuntu2.1 lib32ncursesw6 6.2-0ubuntu2.1 lib32tinfo6 6.2-0ubuntu2.1 lib64ncurses6 6.2-0ubuntu2.1 lib64ncursesw6 6.2-0ubuntu2.1 lib64tinfo6 6.2-0ubuntu2.1 libncurses5 6.2-0ubuntu2.1 libncurses6 6.2-0ubuntu2.1 libncursesw5 6.2-0ubuntu2.1 libncursesw6 6.2-0ubuntu2.1 libtinfo5 6.2-0ubuntu2.1 libtinfo6 6.2-0ubuntu2.1 ncurses-bin 6.2-0ubuntu2.1 Ubuntu 18.04 LTS: lib32ncurses5 6.1-1ubuntu1.18.04.1 lib32ncursesw5 6.1-1ubuntu1.18.04.1 lib32tinfo5 6.1-1ubuntu1.18.04.1 lib64ncurses5 6.1-1ubuntu1.18.04.1 lib64tinfo5 6.1-1ubuntu1.18.04.1 libncurses5 6.1-1ubuntu1.18.04.1 libncursesw5 6.1-1ubuntu1.18.04.1 libtinfo5 6.1-1ubuntu1.18.04.1 libx32ncurses5 6.1-1ubuntu1.18.04.1 libx32ncursesw5 6.1-1ubuntu1.18.04.1 libx32tinfo5 6.1-1ubuntu1.18.04.1 ncurses-bin 6.1-1ubuntu1.18.04.1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): lib32ncurses5 6.0+20160213-1ubuntu1+esm3 lib32ncursesw5 6.0+20160213-1ubuntu1+esm3 lib32tinfo5 6.0+20160213-1ubuntu1+esm3 lib64ncurses5 6.0+20160213-1ubuntu1+esm3 lib64tinfo5 6.0+20160213-1ubuntu1+esm3 libncurses5 6.0+20160213-1ubuntu1+esm3 libncursesw5 6.0+20160213-1ubuntu1+esm3 libtinfo5 6.0+20160213-1ubuntu1+esm3 libx32ncurses5 6.0+20160213-1ubuntu1+esm3 libx32ncursesw5 6.0+20160213-1ubuntu1+esm3 libx32tinfo5 6.0+20160213-1ubuntu1+esm3 ncurses-bin 6.0+20160213-1ubuntu1+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): lib32ncurses5 5.9+20140118-1ubuntu1+esm3 lib32ncursesw5 5.9+20140118-1ubuntu1+esm3 lib32tinfo5 5.9+20140118-1ubuntu1+esm3 lib64ncurses5 5.9+20140118-1ubuntu1+esm3 lib64tinfo5 5.9+20140118-1ubuntu1+esm3 libncurses5 5.9+20140118-1ubuntu1+esm3 libncursesw5 5.9+20140118-1ubuntu1+esm3 libtinfo5 5.9+20140118-1ubuntu1+esm3 libx32ncurses5 5.9+20140118-1ubuntu1+esm3 libx32ncursesw5 5.9+20140118-1ubuntu1+esm3 libx32tinfo5 5.9+20140118-1ubuntu1+esm3 ncurses-bin 5.9+20140118-1ubuntu1+esm3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6099-1 CVE-2019-17594, CVE-2019-17595, CVE-2021-39537, CVE-2022-29458, CVE-2023-29491 Package Information: https://launchpad.net/ubuntu/+source/ncurses/6.4-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3+20220423-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.3-2ubuntu0.1 https://launchpad.net/ubuntu/+source/ncurses/6.2-0ubuntu2.1 https://launchpad.net/ubuntu/+source/ncurses/6.1-1ubuntu1.18.04.1
VAR-202204-2134 No CVE Command Execution Vulnerability in TOTOLINK N600R Router CVSS V2: 7.2
CVSS V3: -
Severity: HIGH
TOTOLINK N600R is a wireless router. The TOTOLINK N600R router has a command execution vulnerability, which can be exploited by attackers to execute arbitrary commands.
VAR-202204-2136 No CVE A stack overflow vulnerability exists in the TL-WDR7660 of Pulian Technology Co., Ltd. (CNVD-2022-21792) CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
TL-WDR7660 is a router. The TL-WDR7660 of Pulian Technology Co., Ltd. has a stack overflow vulnerability, which can be exploited by attackers to gain server privileges.
VAR-202204-2135 No CVE A stack overflow vulnerability exists in the TL-WDR7660 of Pulian Technology Co., Ltd. CVSS V2: 6.5
CVSS V3: -
Severity: MEDIUM
TL-WDR7660 is a router. The TL-WDR7660 of Pulian Technology Co., Ltd. has a stack overflow vulnerability, and attackers can use this vulnerability to gain server privileges.
VAR-202204-1613 CVE-2022-20739 Cisco SD-WAN vManage Software  Vulnerability in privilege management in CVSS V2: 8.5
CVSS V3: 7.3
Severity: HIGH
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this vulnerability. This vulnerability exists because a file leveraged by a root user is executed when a low-privileged user runs specific commands on an affected system. An attacker could exploit this vulnerability by injecting arbitrary commands to a specific file as a lower-privileged user and then waiting until an admin user executes specific commands. The commands would then be executed on the device by the root user. A successful exploit could allow the attacker to escalate their privileges on the affected system from a low-privileged user to the root user. Cisco SD-WAN vManage Software Exists in a permission management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202204-0844 CVE-2022-28049 NGINX NJS  In  NULL  Pointer dereference vulnerability CVSS V2: 4.3
CVSS V3: 5.5
Severity: MEDIUM
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. NGINX NJS for, NULL There is a vulnerability in pointer dereference.Service operation interruption (DoS) It may be in a state. Nginx is a lightweight web server/reverse proxy server and email (IMAP/POP3) proxy server of Nginx company in the United States. An attacker could exploit this vulnerability to crash the program
VAR-202204-2139 No CVE Command Execution Vulnerability in TOTOLINK A850R CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
The A850R is a gigabit dual-band wireless router. TOTOLINK A850R has a command execution vulnerability, which can be exploited by attackers to gain control of the server.
VAR-202204-0246 CVE-2022-20661 Cisco Catalyst Digital Building  series switch   and  Cisco Catalyst  Initialization Vulnerability in Microswitch CVSS V2: 4.9
CVSS V3: 4.6
Severity: MEDIUM
Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory
VAR-202204-0845 CVE-2022-20747 Cisco SD-WAN vManage Software  Vulnerability in CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. Cisco SD-WAN vManage Software Exists in unspecified vulnerabilities.Information may be obtained
VAR-202204-0846 CVE-2022-20735 Cisco SD-WAN vManage Software  Cross-site request forgery vulnerability in CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. Cisco SD-WAN vManage Software is a management software for SD-WAN (Software Defined Wide Area Network) solutions from Cisco
VAR-202204-0835 CVE-2022-27188 of Yokogawa Electric Corporation  b/m9000 vp  and  centum vp  In  OS  Command injection vulnerability CVSS V2: 4.4
CVSS V3: 7.8
Severity: HIGH
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder. (DoS) It may be in a state
VAR-202204-0640 CVE-2022-20622 Catalyst Access Points Software  Vulnerability in resource allocation without restrictions or throttling in CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
A vulnerability in IP ingress packet processing of the Cisco Embedded Wireless Controller with Catalyst Access Points Software could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, causing a denial of service (DoS) condition. The device may experience a performance degradation in traffic processing or high CPU usage prior to the unexpected reload. This vulnerability is due to improper rate limiting of IP packets to the management interface. An attacker could exploit this vulnerability by sending a steady stream of IP traffic at a high rate to the management interface of the affected device. A successful exploit could allow the attacker to cause the device to reload. Catalyst Access Points Software Exists in a vulnerability in resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be in a state. Cisco Embedded Wireless Controller is a wireless access device of Cisco (Cisco) in the United States
VAR-202204-0836 CVE-2022-26034 of Yokogawa Electric Corporation  b/m9000 vp  and  centum vp  Authentication vulnerability in CVSS V2: 5.8
CVSS V3: 9.1
Severity: CRITICAL
Improper authentication vulnerability in the communication protocol provided by AD (Automation Design) server of CENTUM VP R6.01.10 to R6.09.00, CENTUM VP Small R6.01.10 to R6.09.00, CENTUM VP Basic R6.01.10 to R6.09.00, and B/M9000 VP R8.01.01 to R8.03.01 allows an attacker to use the functions provided by AD server. This may lead to leakage or tampering of data managed by AD server
VAR-202204-0254 CVE-2022-27008 nginx njs  Classic buffer overflow vulnerability in CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array. nginx njs Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be in a state
VAR-202204-1617 CVE-2022-27007 nginx njs  Vulnerability in using free memory in CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save(). nginx njs Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
VAR-202204-1570 CVE-2022-22195 Juniper Networks Junos OS Evolved Security hole CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
An Improper Update of Reference Count vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to trigger a counter overflow, eventually causing a Denial of Service (DoS). This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S1-EVO; 21.1 versions prior to 21.1R3-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS
VAR-202204-0229 CVE-2022-26516 Red Lion Controls, Inc.  of  da50n  Insufficient validation of data authenticity in firmware vulnerability CVSS V2: 6.8
CVSS V3: 7.8
Severity: HIGH
Authorized users may install a maliciously modified package file when updating the device via the web user interface. The user may inadvertently use a package file obtained from an unauthorized source or a file that was compromised between download and deployment. Red Lion Controls, Inc. of da50n Firmware contains insufficient validation of data authenticity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. A data forgery issue vulnerability exists in the Red Lion DA50N. No detailed vulnerability details are currently provided
VAR-202204-0257 CVE-2022-26507 AT&T Labs Xmill Buffer error vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
** UNSUPPORTED WHEN ASSIGNED ** A heap-based buffer overflow exists in XML Decompression DecodeTreeBlock in AT&T Labs Xmill 0.7. A crafted input file can lead to remote code execution. This is not the same as any of: CVE-2021-21810, CVE-2021-21811, CVE-2021-21812, CVE-2021-21815, CVE-2021-21825, CVE-2021-21826, CVE-2021-21828, CVE-2021-21829, or CVE-2021-21830. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
VAR-202204-0646 CVE-2022-22189 Juniper Networks  Contrail Service Orchestration  Vulnerability in CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration (CSO) allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects: Juniper Networks Contrail Service Orchestration 6.0.0 versions prior to 6.0.0 Patch v3 on On-premises installations. This issue does not affect Juniper Networks Contrail Service Orchestration On-premises versions prior to 6.0.0. (DoS) It may be in a state
VAR-202204-0228 CVE-2022-27179 Red Lion Controls, Inc.  of  da50n  Insufficient Credential Protection Vulnerability in Firmware CVSS V2: 4.0
CVSS V3: 6.5
Severity: MEDIUM
A malicious actor having access to the exported configuration file may obtain the stored credentials and thereby gain access to the protected resource. If the same passwords were used for other resources, further such assets may be compromised. Red Lion Controls, Inc. of da50n A firmware vulnerability related to insufficient protection of credentials exists.Information may be obtained