VARIoT IoT vulnerabilities database

An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. plural Apple The product contains a resource disclosure vulnerability to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in an STL file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. CVE-2022-22591: Antonio Zekic (@antoniozekic) of Diverto IOMobileFrameBuffer Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-26-1 iOS 15.3 and iPadOS 15.3 iOS 15.3 and iPadOS 15.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213053. ColorSync Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be “15.3" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0vIACgkQeC9qKD1p rhj4hBAAuITBqrZx38zr9+MFgchRltErtLD/ZVUZ0mYD/bbVaF8+2RwoP0d3XBHj hkiZAqV8LCe+r9qs2SHBxXZteEEs79R1AIzZCSAjMU9LUK8yXYgHC5BGDoanRmes yuFyrWp78zz5Ix3jop5SUTt0xcxSOK49m7Oozrgr4sfzDg83VzDF9ebna+Obcar1 WArT/yhPC35dwJ5tOJ0Xmdogb3gPEk+ccjw885UpjnQqnkX8g0KOUzRSp/BYwexM vea9a7z3IGrCHaU8rlJWX+GupMUgRtpZr/k6jCzwT7g4BDRYSMYFvJcKZF6xFNgy raxl8Vdm+ZhTK//YNFl7BB1aKixVzI6i85aegtOErUPRwzICD1NDlQK5q3ErBpp+ 5FTvuwn7SWy5BPkSIOwmfoJfGrWTzDmdOAajM5o6Yy5m/OnR5ZqK4egfvwmPjoEy lx9ffhcvm7HbQmLjO4DTQlpqiyk3UmMmE5MEG4QSMA5UOqMinjE0kl+2JEkV7cmt Ugkcc4Auu7jUM3YxCkPfMi/x4/t52BBJbIXzpLnj2qebpci7GW9c3aDPNoQbTty9 +Y1amSmQvVRlqKGEi2xlVKGqN0uduhanyiL6+tt2Q1Afo/jf6JjERVUrOGl/Fv7r sJKt1GE0w3uJ6RQVQ6C3w33HTmzNWwzfdy+I8Ik3Cn8ZgfHY3JA= =JRMz -----END PGP SIGNATURE-----

An incorrect default permission vulnerability exists in the cgiserver.cgi cgi_check_ability functionality of reolink RLC-410W v3.0.0.136_20121102. The UpgradePrepare is the API that checks if a provided filename identifies a new version of the RLC-410W firmware. If the version is new, it would be possible, allegedly, to later on perform the Upgrade. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is a vulnerability in improper default permissions.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Information is tampered with and service operation is interrupted (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company. Reolink RLC-410W has a security vulnerability in version v3.0.0.136_20121102. The vulnerability stems from the fact that the product parse_command_list function does not properly validate the input data

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. GetMdAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetPtzPatrol param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetMask param is not object. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot.SetIrLights param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetCloudSchedule param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNetPort param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetUpnp param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. SetNtp param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. vim/vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060 Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060" References ========= [ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Summary: The Migration Toolkit for Containers (MTC) 1.7.1 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * golang: net/http: Limit growth of header canonicalization cache (CVE-2021-44716) * golang: debug/macho: Invalid dynamic symbol table command can cause panic (CVE-2021-41771) * golang: archive/zip: Reader.Open panics on empty string (CVE-2021-41772) * golang: syscall: Don't close fd 0 on ForkExec error (CVE-2021-44717) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 2020725 - CVE-2021-41771 golang: debug/macho: invalid dynamic symbol table command can cause panic 2020736 - CVE-2021-41772 golang: archive/zip: Reader.Open panics on empty string 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache 2030806 - CVE-2021-44717 golang: syscall: don't close fd 0 on ForkExec error 2040378 - Don't allow Storage class conversion migration if source cluster has only one storage class defined [backend] 2057516 - [MTC UI] UI should not allow PVC mapping for Full migration 2060244 - [MTC] DIM registry route need to be exposed to create inter-cluster state migration plans 2060717 - [MTC] Registry pod goes in CrashLoopBackOff several times when MCG Nooba is used as the Replication Repository 2061347 - [MTC] Log reader pod is missing velero and restic pod logs. 2061653 - [MTC UI] Migration Resources section showing pods from other namespaces 2062682 - [MTC] Destination storage class non-availability warning visible in Intra-cluster source to source state-migration migplan. 2065837 - controller_config.yml.j2 merge type should be set to merge (currently using the default strategic) 2071000 - Storage Conversion: UI doesn't have the ability to skip PVC 2072036 - Migration plan for storage conversion cannot be created if there's no replication repository 2072186 - Wrong migration type description 2072684 - Storage Conversion: PersistentVolumeClaimTemplates in StatefulSets are not updated automatically after migration 2073496 - Errors in rsync pod creation are not printed in the controller logs 2079814 - [MTC UI] Intra-cluster state migration plan showing a warning on PersistentVolumes page 5. Bugs fixed (https://bugzilla.redhat.com/): 1995656 - CVE-2021-36221 golang: net/http/httputil: panic due to racy read of persistConn after handler panic 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: vim security update Advisory ID: RHSA-2022:0894-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0894 Issue date: 2022-03-15 CVE Names: CVE-2022-0261 CVE-2022-0318 CVE-2022-0359 CVE-2022-0361 CVE-2022-0392 CVE-2022-0413 ==================================================================== 1. Summary: An update for vim is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Vim (Vi IMproved) is an updated and improved version of the vi editor. Security Fix(es): * vim: Heap-based buffer overflow in block_insert() in src/ops.c (CVE-2022-0261) * vim: Heap-based buffer overflow in utf_head_off() in mbyte.c (CVE-2022-0318) * vim: Heap-based buffer overflow in init_ccline() in ex_getln.c (CVE-2022-0359) * vim: Illegal memory access when copying lines in visual mode leads to heap buffer overflow (CVE-2022-0361) * vim: Heap-based buffer overflow in getexmodeline() in ex_getln.c (CVE-2022-0392) * vim: Use after free in src/ex_cmds.c (CVE-2022-0413) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: vim-X11-8.0.1763-16.el8_5.12.aarch64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm noarch: vim-filesystem-8.0.1763-16.el8_5.12.noarch.rpm ppc64le: vim-X11-8.0.1763-16.el8_5.12.ppc64le.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm s390x: vim-X11-8.0.1763-16.el8_5.12.s390x.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm x86_64: vim-X11-8.0.1763-16.el8_5.12.x86_64.rpm vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: vim-8.0.1763-16.el8_5.12.src.rpm aarch64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-debugsource-8.0.1763-16.el8_5.12.aarch64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-8.0.1763-16.el8_5.12.aarch64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.aarch64.rpm ppc64le: vim-X11-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-debugsource-8.0.1763-16.el8_5.12.ppc64le.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-8.0.1763-16.el8_5.12.ppc64le.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.ppc64le.rpm s390x: vim-X11-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-debugsource-8.0.1763-16.el8_5.12.s390x.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-8.0.1763-16.el8_5.12.s390x.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.s390x.rpm x86_64: vim-X11-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-common-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-debugsource-8.0.1763-16.el8_5.12.x86_64.rpm vim-enhanced-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-8.0.1763-16.el8_5.12.x86_64.rpm vim-minimal-debuginfo-8.0.1763-16.el8_5.12.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2022-0261 https://access.redhat.com/security/cve/CVE-2022-0318 https://access.redhat.com/security/cve/CVE-2022-0359 https://access.redhat.com/security/cve/CVE-2022-0361 https://access.redhat.com/security/cve/CVE-2022-0392 https://access.redhat.com/security/cve/CVE-2022-0413 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2062751 - CVE-2022-24730 argocd: path traversal and improper access control allows leaking out-of-bound files 2062755 - CVE-2022-24731 argocd: path traversal allows leaking out-of-bound files 2064682 - CVE-2022-1025 Openshift-Gitops: Improper access control allows admin privilege escalation 5. This update provides security fixes, bug fixes, and updates the container images. Description: Red Hat Advanced Cluster Management for Kubernetes 2.4.3 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/ Security updates: * golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565) * nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450) * nanoid: Information disclosure via valueOf() function (CVE-2021-23566) * nodejs-shelljs: improper privilege management (CVE-2022-0144) * search-ui-container: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) * openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778) * imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path (CVE-2022-24778) * golang: crash in a golang.org/x/crypto/ssh server (CVE-2022-27191) * opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190) Related bugs: * RHACM 2.4.3 image files (BZ #2057249) * Observability - dashboard name contains `/` would cause error when generating dashboard cm (BZ #2032128) * ACM application placement fails after renaming the application name (BZ #2033051) * Disable the obs metric collect should not impact the managed cluster upgrade (BZ #2039197) * Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard (BZ #2039820) * The value of name label changed from clusterclaim name to cluster name (BZ #2042223) * VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys (BZ #2048500) * clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI (BZ #2053211) * Application cluster status is not updated in UI after restoring (BZ #2053279) * OpenStack cluster creation is using deprecated floating IP config for 4.7+ (BZ #2056610) * The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift (BZ #2059039) * Subscriptions stop reconciling after channel secrets are recreated (BZ #2059954) * Placementrule is not reconciling on a new fresh environment (BZ #2074156) * The cluster claimed from clusterpool cannot auto imported (BZ #2074543) 3. Bugs fixed (https://bugzilla.redhat.com/): 2024938 - CVE-2021-41190 opencontainers: OCI manifest and index parsing confusion 2030787 - CVE-2021-43565 golang.org/x/crypto: empty plaintext packet causes panic 2032128 - Observability - dashboard name contains `/` would cause error when generating dashboard cm 2033051 - ACM application placement fails after renaming the application name 2039197 - disable the obs metric collect should not impact the managed cluster upgrade 2039820 - Observability - cluster list should only contain OCP311 cluster on OCP311 dashboard 2042223 - the value of name label changed from clusterclaim name to cluster name 2043535 - CVE-2022-0144 nodejs-shelljs: improper privilege management 2044556 - CVE-2022-0155 follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor 2044591 - CVE-2022-0235 node-fetch: exposure of sensitive information to an unauthorized actor 2048500 - VMWare Cluster creation does not accept ecdsa-sha2-nistp521 ssh keys 2050853 - CVE-2021-23566 nanoid: Information disclosure via valueOf() function 2052573 - CVE-2022-24450 nats-server: misusing the "dynamically provisioned sandbox accounts" feature authenticated user can obtain the privileges of the System account 2053211 - clusterSelector matchLabels spec are cleared when changing app name/namespace during creating an app in UI 2053259 - CVE-2022-0536 follow-redirects: Exposure of Sensitive Information via Authorization Header leak 2053279 - Application cluster status is not updated in UI after restoring 2056610 - OpenStack cluster creation is using deprecated floating IP config for 4.7+ 2057249 - RHACM 2.4.3 images 2059039 - The value of Vendor reported by cluster metrics was Other even if the vendor label in managedcluster was Openshift 2059954 - Subscriptions stop reconciling after channel secrets are recreated 2062202 - CVE-2022-0778 openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates 2064702 - CVE-2022-27191 golang: crash in a golang.org/x/crypto/ssh server 2069368 - CVE-2022-24778 imgcrypt: Unauthorized access to encryted container image on a shared system due to missing check in CheckAuthorization() code path 2074156 - Placementrule is not reconciling on a new fresh environment 2074543 - The cluster claimed from clusterpool can not auto imported 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-10-27-7 Additional information for APPLE-SA-2022-09-12-4 macOS Monterey 12.6 macOS Monterey 12.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213444. AppleMobileFileIntegrity Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42789: Koh M. Nakagawa of FFRI Security, Inc. Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t) Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: An access issue was addressed with additional sandbox restrictions. CVE-2022-32904: Mickey Jin (@patch1t) Entry added October 27, 2022 ATS Available for: macOS Monterey Impact: An app may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2022-32902: Mickey Jin (@patch1t) Calendar Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: An access issue was addressed with improved access restrictions. CVE-2022-42819: an anonymous researcher Entry added October 27, 2022 GarageBand Available for: macOS Monterey Impact: An app may be able to access user-sensitive data Description: A configuration issue was addressed with additional restrictions. CVE-2022-32877: Wojciech Reguła (@_r3ggi) of SecuRing Entry added October 27, 2022 ImageIO Available for: macOS Monterey Impact: Processing an image may lead to a denial-of-service Description: A denial-of-service issue was addressed with improved validation. CVE-2022-1622 Entry added October 27, 2022 Image Processing Available for: macOS Monterey Impact: A sandboxed app may be able to determine which app is currently using the camera Description: The issue was addressed with additional restrictions on the observability of app states. CVE-2022-32913: Yiğit Can YILMAZ (@yilmazcanyigit) Entry added October 27, 2022 iMovie Available for: macOS Monterey Impact: A user may be able to view sensitive user information Description: This issue was addressed by enabling hardened runtime. CVE-2022-32896: Wojciech Reguła (@_r3ggi) Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-32914: Zweig of Kunlun Lab Entry added October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to execute arbitrary code with kernel privileges Description: The issue was addressed with improved memory handling. CVE-2022-32911: Zweig of Kunlun Lab CVE-2022-32866: Linus Henze of Pinauten GmbH (pinauten.de) CVE-2022-32924: Ian Beer of Google Project Zero Entry updated October 27, 2022 Kernel Available for: macOS Monterey Impact: An app may be able to disclose kernel memory Description: The issue was addressed with improved memory handling. CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: The issue was addressed with improved bounds checks. CVE-2022-32917: an anonymous researcher Maps Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved restrictions. CVE-2022-32883: Ron Masas of breakpointhq.com Entry updated October 27, 2022 MediaLibrary Available for: macOS Monterey Impact: A user may be able to elevate privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-32908: an anonymous researcher ncurses Available for: macOS Monterey Impact: A user may be able to cause unexpected app termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-39537 Entry added October 27, 2022 PackageKit Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-32900: Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: An app may be able to modify protected parts of the file system Description: A logic issue was addressed with improved restrictions. CVE-2022-32881: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 27, 2022 Security Available for: macOS Monterey Impact: An app may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2022-42793: Linus Henze of Pinauten GmbH (pinauten.de) Entry added October 27, 2022 Sidecar Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A logic issue was addressed with improved state management. CVE-2022-42790: Om kothawade of Zaprico Digital Entry added October 27, 2022 SMB Available for: macOS Monterey Impact: A remote user may be able to cause kernel code execution Description: The issue was addressed with improved memory handling. CVE-2022-32934: Felix Poulin-Belanger Entry added October 27, 2022 Vim Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-0261 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0359 CVE-2022-0361 CVE-2022-0368 CVE-2022-0392 Entry added October 27, 2022 Vim Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial- of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2022-1720 CVE-2022-2000 CVE-2022-2042 CVE-2022-2124 CVE-2022-2125 CVE-2022-2126 Entry added October 27, 2022 Weather Available for: macOS Monterey Impact: An app may be able to read sensitive location information Description: A logic issue was addressed with improved state management. CVE-2022-32875: an anonymous researcher Entry added October 27, 2022 WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. WebKit Bugzilla: 242047 CVE-2022-32888: P1umer (@p1umer) Entry added October 27, 2022 Additional recognition Identity Services We would like to acknowledge Joshua Jones for their assistance. macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmNbKpcACgkQ4RjMIDke Nxkwlg//SSBu/uDg4G5fbGIYbNhe6z0pbPi6KhKQJI/fwDQw0rD1rRCYMYY3FqSv QwV8MyduewVyNTYL/OiNUDEBJolv3HmAGSLOKML4fJzExGN8j0hzxB+VDreh0PP7 /dIFsarwPIdQTaqD+oolT6XPJ1oG+GClaFn2JRJd1eCMstpQ9n04TZlTa6g5kSzT ZU6GnRyVBTSi9o2FGKJ0uZxTVZ06G2M1Y6j5qEugEiO+8mSP6DbE8GuMNhxQHgdQ IThRbMhaggheulPHgoF5023MB2eHOxzd92qGQBfilGXiDEXYQW8dCD21yhEDQt9J 5TKrgDRnGweDZIrTm3/dUiEfcAIrpNCGvieXCTmuBLnG9DqJyfYq8KPAh7E5Mwry TQvtTSVvf5Gp/vfrDZSbkS5dzWoIlJJByvc9Zt9MtC+eP2vYXjYAwDRd9duM/N+J 1wzXK8axVwImx58j5Ae1VsfELkbiGicovRn306MKUWgl3iz6D2JNTJPIyI96K3D7 ZDg4FhFJOTfXdmSdH9bbGKMt2LTPbYem3gk7zm4a5eKp3RQGd8HnhTRbMbr5e7Vh /C6AwsIbWhvE2SY3Pig7+BkzjfX4wNlnxKpa+wzZfamaXHxYYu6jwHdi74gqv5JA GDdcqUsSlUaFU+VsZlWnogpZGJjq5dxowq+2jmD2AOjevacHe3c= =uGN6 -----END PGP SIGNATURE-----

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Digital Technology of RLC-410w A vulnerability exists in firmware related to improper shutdown and release of resources.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

Multiple denial of service vulnerabilities exist in the cgiserver.cgi JSON command parser functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability. Reolink Rlc-410W is a Wifi security camera from China Reolink company

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.136_20121102. At [1] or [2], based on DDNS type, the ddns->password variable, that has the value of the password parameter provided through the SetDdns API, is not validated properly. This would lead to an OS command injection. (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

The firmware on Moxa TN-5900 devices through 3.1 allows command injection that could lead to device damage. Moxa TN-5900 A command injection vulnerability exists in the firmware running on the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Moxa Tn-5900 is a series of En50155 wall-mounted routers from Moxa, China. in the process of user input constructing and executing commands. An attacker can exploit this vulnerability to inject and execute arbitrary commands

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. Set3G param is not object. An attacker can send an HTTP request to trigger this vulnerability. reolink RLC-410W There is an input validation vulnerability in.Service operation interruption (DoS) It may be in a state. Reolink Rlc-410W is a Wifi security camera from China Reolink company

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. plural Apple The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. PackageKit We would like to acknowledge Mickey Jin (@patch1t), Mickey Jin (@patch1t) of Trend Micro for their assistance. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-01-26-1 iOS 15.3 and iPadOS 15.3 iOS 15.3 and iPadOS 15.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213053. ColorSync Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22584: Mickey Jin (@patch1t) of Trend Micro Crash Reporter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22578: an anonymous researcher iCloud Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com) IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs Model I/O Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-22590: Toan Pham from Team Orca of Sea Security (security.sea.com) WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: A logic issue was addressed with improved state management. CVE-2022-22592: Prakash (@1lastBr3ath) WebKit Storage Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A website may be able to track sensitive user information Description: A cross-origin issue in the IndexDB API was addressed with improved input validation. CVE-2022-22594: Martin Bajanik of FingerprintJS Additional recognition WebKit We would like to acknowledge Prakash (@1lastBr3ath) for their assistance. Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be “15.3" Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx0vIACgkQeC9qKD1p rhj4hBAAuITBqrZx38zr9+MFgchRltErtLD/ZVUZ0mYD/bbVaF8+2RwoP0d3XBHj hkiZAqV8LCe+r9qs2SHBxXZteEEs79R1AIzZCSAjMU9LUK8yXYgHC5BGDoanRmes yuFyrWp78zz5Ix3jop5SUTt0xcxSOK49m7Oozrgr4sfzDg83VzDF9ebna+Obcar1 WArT/yhPC35dwJ5tOJ0Xmdogb3gPEk+ccjw885UpjnQqnkX8g0KOUzRSp/BYwexM vea9a7z3IGrCHaU8rlJWX+GupMUgRtpZr/k6jCzwT7g4BDRYSMYFvJcKZF6xFNgy raxl8Vdm+ZhTK//YNFl7BB1aKixVzI6i85aegtOErUPRwzICD1NDlQK5q3ErBpp+ 5FTvuwn7SWy5BPkSIOwmfoJfGrWTzDmdOAajM5o6Yy5m/OnR5ZqK4egfvwmPjoEy lx9ffhcvm7HbQmLjO4DTQlpqiyk3UmMmE5MEG4QSMA5UOqMinjE0kl+2JEkV7cmt Ugkcc4Auu7jUM3YxCkPfMi/x4/t52BBJbIXzpLnj2qebpci7GW9c3aDPNoQbTty9 +Y1amSmQvVRlqKGEi2xlVKGqN0uduhanyiL6+tt2Q1Afo/jf6JjERVUrOGl/Fv7r sJKt1GE0w3uJ6RQVQ6C3w33HTmzNWwzfdy+I8Ik3Cn8ZgfHY3JA= =JRMz -----END PGP SIGNATURE-----