VARIoT IoT vulnerabilities database

mySCADA myPRO: Versions 8.20.0 and prior has a feature to send emails, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes

mySCADA myPRO: Versions 8.20.0 and prior has a feature where the password can be specified, which may allow an attacker to inject arbitrary operating system commands through a specific parameter. mySCADA myPRO for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. mySCADA myPRO is an HMI/SCADA system designed primarily for visualization and control of industrial processes

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. SonicWall SMA100 Exists in observable mismatch vulnerabilities.Information may be obtained. Sonicwall SMA100 is a secure access gateway device from Sonicwall Company in the United States. The SonicWall SMA100 has a security flaw that could allow an attacker to enumerate usernames

mySCADA myPRO Versions 8.20.0 and prior stores passwords using MD5, which may allow an attacker to crack the previously retrieved password hashes. mySCADA myPRO contains a vulnerability related to the use of insufficiently strong password hashes.Information may be obtained. mySCADA myPRO is an HMI/SCADA system, mainly designed for visualization and control of industrial processes

An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. SMA100 The series has an unspecified vulnerability.Information may be obtained

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one of the factors of authentication

Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. (DoS) It may be in a state

Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of data. Dell Wyse Management Suite There is a security level vulnerability in.Information may be obtained and information may be tampered with

Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information

An Improper Input Validation vulnerability in DataImportHandler of Apache Solr allows an attacker to provide a Windows UNC path resulting in an SMB network call being made from the Solr host to another host on the network. If the attacker has wider access to the network, this may lead to SMB attacks, which may result in: * The exfiltration of sensitive data such as OS user hashes (NTLM/LM hashes), * In case of misconfigured systems, SMB Relay Attacks which can lead to user impersonation on SMB Shares or, in a worse-case scenario, Remote Code Execution This issue affects all Apache Solr versions prior to 8.11.1. This issue only affects Windows. Apache Solr Exists in a past traversal vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apache Solr is a search server based on Lucene (a full-text search engine) of the Apache Foundation in the United States. The product supports level search, vertical search, highlight search results, etc. Apache Solr has security flaws that could allow attackers to gain wider access to the network, potentially leading to SMB attacks

A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). The server is fast, reliable, and can be expanded through simple APIs. Attackers can use this vulnerability to cause system crashes or server request forgery. Tenable.sc versions 5.14.0 up to and including 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated malicious user to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. Also, Tenable.sc leverages third-party software to help provide underlying functionality. One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution, and in line with best practice, Tenable has upgraded the bundled components to address the potential impact of these issues. Tenable.sc 5.20.0 updates Apache to version 2.4.52 to address the identified vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppKit Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleAVD Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22675: an anonymous researcher AppleGraphicsControl Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro CoreTypes Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2022-22663: Arsenii Kostromin (0x3c3e) CVMS Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) Graphics Drivers Available for: macOS Big Sur Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2022-22674: an anonymous researcher Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing LaunchServices Available for: macOS Big Sur Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) libresolv Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) Printing Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Security Available for: macOS Big Sur Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Big Sur Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SMB Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) TCC Available for: macOS Big Sur Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) Vim Available for: macOS Big Sur Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 WebKit Available for: macOS Big Sur Impact: Processing a maliciously crafted mail message may lead to running arbitrary javascript Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589: Heige of KnownSec 404 Team (knownsec.com) and Bo Qu of Palo Alto Networks (paloaltonetworks.com) Wi-Fi Available for: macOS Big Sur Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval zip Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Big Sur Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Big Sur Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. macOS Big Sur 11.6.6 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhgJBg/9HpPp6P2OtFdYHigfaoga/3szMAjXC650MlC2rF1lXyTRVsO54eupz4er K8Iud3+YnDVTUKkadftWt2XdxAADGtfEFhJW584RtnWjeli+XtGEjQ8jD1/MNPJW qtnrOh2pYG9SxolKDofhiecbYxIGppRKSDRFl0/3VGFed2FIpiRDunlttHBEhHu/ vZVSFzMrNbGvhju+ZCdwFLKXOgB851aRSeo9Xkt63tSGiee7rLmVAINyFbbPwcVP yXwMvn0TNodCBn0wBWD0+iQ3UXIDIYSPaM1Z0BQxVraEhK3Owro3JKgqNbWswMvj SY0KUulbAPs3aOeyz1BI70npYA3+Qwd+bk2hxbzbU/AxvxCrsEk04QfxLYqvj0mR VZYPcup2KAAkiTeekQ5X739r8NAyaaI+bp7FllFv/Z2jVW9kGgNIFr46R05MD9NF aC1JAZtJ4VWbMEGHnHAMrOgdGaHpryvzl2BjUXRgW27vIq5uF5YiNcpjS2BezTFc R2ojiMNRB33Y44LlH7Zv3gHm4bE3+NzcGeWvBzwOsHznk9Jiv6x2eBUxkttMlPyO zymQMONQN3bktSMT8JnmJ8rlEgISONd7NeTEzuhlGIWaWNAFmmBoPnBiPk+yC3n4 d22yFs6DLp2pJ+0zOWmTcqt1xYng05Jwj4F0KT49w0TO9Up79+o= =rtPl -----END PGP SIGNATURE----- . For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u7. For the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2. We recommend that you upgrade your apache2 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-admin/apache-tools < 2.4.54 >= 2.4.54 2 www-servers/apache < 2.4.54 >= 2.4.54 Description ========== Multiple vulnerabilities have been discovered in Apache HTTPD. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . ========================================================================== Ubuntu Security Notice USN-5212-1 January 06, 2022 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. (CVE-2021-44224) It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. (CVE-2021-44790) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: apache2 2.4.48-3.1ubuntu3.2 apache2-bin 2.4.48-3.1ubuntu3.2 Ubuntu 21.04: apache2 2.4.46-4ubuntu1.5 apache2-bin 2.4.46-4ubuntu1.5 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.9 apache2-bin 2.4.41-4ubuntu3.9 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.21 apache2-bin 2.4.29-1ubuntu4.21 In general, a standard system update will make all the necessary changes

A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. The server is fast, reliable, and can be expanded through simple APIs. An attacker can use this vulnerability to cause a buffer overflow. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-05-16-2 macOS Monterey 12.4 macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257. AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26772: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-26741: ABC Research s.r.o CVE-2022-26742: ABC Research s.r.o CVE-2022-26749: ABC Research s.r.o CVE-2022-26750: ABC Research s.r.o CVE-2022-26752: ABC Research s.r.o CVE-2022-26753: ABC Research s.r.o CVE-2022-26754: ABC Research s.r.o apache Available for: macOS Monterey Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 CVE-2021-44790 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 AppleGraphicsControl Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26751: Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26697: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read issue was addressed with improved bounds checking. CVE-2022-26698: Qi Sun of Trend Micro AVEVideoEncoder Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26736: an anonymous researcher CVE-2022-26737: an anonymous researcher CVE-2022-26738: an anonymous researcher CVE-2022-26739: an anonymous researcher CVE-2022-26740: an anonymous researcher Contacts Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26694: Wojciech Reguła (@_r3ggi) of SecuRing CVMS Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A memory initialization issue was addressed. CVE-2022-26721: Yonghwi Jin (@jinmo123) of Theori CVE-2022-26722: Yonghwi Jin (@jinmo123) of Theori DriverKit Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: An out-of-bounds access issue was addressed with improved bounds checking. CVE-2022-26763: Linus Henze of Pinauten GmbH (pinauten.de) ImageIO Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow issue was addressed with improved input validation. CVE-2022-26711: actae0n of Blacksun Hackers Club working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Monterey Impact: Photo location information may persist after it is removed with Preview Inspector Description: A logic issue was addressed with improved state management. CVE-2022-26725: Andrew Williams and Avi Drissman of Google Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26720: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26769: Antonio Zekic (@antoniozekic) Intel Graphics Driver Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26770: Liu Long of Ant Security Light-Year Lab Intel Graphics Driver Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26748: Jeonghoon Shin of Theori working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved input validation. CVE-2022-26756: Jack Dates of RET2 Systems, Inc IOKit Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2022-26701: chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab IOMobileFrameBuffer Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2022-26768: an anonymous researcher Kernel Available for: macOS Monterey Impact: An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26743: Jordy Zomer (@pwningsystems) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-26714: Peter Nguyễn Vũ Hoàng (@peternguyen14) of STAR Labs (@starlabs_sg) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-26757: Ned Williamson of Google Project Zero Kernel Available for: macOS Monterey Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A memory corruption issue was addressed with improved validation. CVE-2022-26764: Linus Henze of Pinauten GmbH (pinauten.de) Kernel Available for: macOS Monterey Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A race condition was addressed with improved state handling. CVE-2022-26765: Linus Henze of Pinauten GmbH (pinauten.de) LaunchServices Available for: macOS Monterey Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with additional sandbox restrictions on third-party applications. CVE-2022-26706: Arsenii Kostromin (0x3c3e) LaunchServices Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: The issue was addressed with additional permissions checks. CVE-2022-26767: Wojciech Reguła (@_r3ggi) of SecuRing libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2022-26776: Zubair Ashraf of Crowdstrike, Max Shavrick (@_mxms) of the Google Security Team CVE-2022-26708: Max Shavrick (@_mxms) of the Google Security Team libresolv Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2022-26775: Max Shavrick (@_mxms) of the Google Security Team LibreSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: A denial of service issue was addressed with improved input validation. CVE-2022-0778 libxml2 Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2022-23308 OpenSSL Available for: macOS Monterey Impact: Processing a maliciously crafted certificate may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2022-0778 PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed by removing the vulnerable code. CVE-2022-26712: Mickey Jin (@patch1t) PackageKit Available for: macOS Monterey Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved entitlements. CVE-2022-26727: Mickey Jin (@patch1t) Preview Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-26693: Wojciech Reguła (@_r3ggi) of SecuRing Printing Available for: macOS Monterey Impact: A malicious application may be able to bypass Privacy preferences Description: This issue was addressed by removing the vulnerable code. CVE-2022-26746: @gorelics Safari Private Browsing Available for: macOS Monterey Impact: A malicious website may be able to track users in Safari private browsing mode Description: A logic issue was addressed with improved state management. CVE-2022-26731: an anonymous researcher Security Available for: macOS Monterey Impact: A malicious app may be able to bypass signature validation Description: A certificate parsing issue was addressed with improved checks. CVE-2022-26766: Linus Henze of Pinauten GmbH (pinauten.de) SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-26715: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds read issue was addressed with improved input validation. CVE-2022-26718: Peter Nguyễn Vũ Hoàng of STAR Labs SMB Available for: macOS Monterey Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2022-26723: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved entitlements. CVE-2022-26728: Mickey Jin (@patch1t) Spotlight Available for: macOS Monterey Impact: An app may be able to gain elevated privileges Description: A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. CVE-2022-26704: an anonymous researcher TCC Available for: macOS Monterey Impact: An app may be able to capture a user's screen Description: This issue was addressed with improved checks. CVE-2022-26726: an anonymous researcher Tcl Available for: macOS Monterey Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2022-26755: Arsenii Kostromin (0x3c3e) WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238178 CVE-2022-26700: ryuzaki WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 236950 CVE-2022-26709: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 237475 CVE-2022-26710: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab WebKit Bugzilla: 238171 CVE-2022-26717: Jeonghoon Shin of Theori WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 238183 CVE-2022-26716: SorryMybad (@S0rryMybad) of Kunlun Lab WebKit Bugzilla: 238699 CVE-2022-26719: Dongzhuo Zhao working with ADLab of Venustech WebRTC Available for: macOS Monterey Impact: Video self-preview in a webRTC call may be interrupted if the user answers a phone call Description: A logic issue in the handling of concurrent media was addressed with improved state handling. WebKit Bugzilla: 237524 CVE-2022-22677: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: A malicious application may disclose restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2022-26745: an anonymous researcher Wi-Fi Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26761: Wang Yu of Cyberserval Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2022-26762: Wang Yu of Cyberserval zip Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to a denial of service Description: A denial of service issue was addressed with improved state handling. CVE-2022-0530 zlib Available for: macOS Monterey Impact: An attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-25032: Tavis Ormandy zsh Available for: macOS Monterey Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed by updating to zsh version 5.8.1. CVE-2021-45444 Additional recognition AppleMobileFileIntegrity We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. Bluetooth We would like to acknowledge Jann Horn of Project Zero for their assistance. Calendar We would like to acknowledge Eugene Lim of Government Technology Agency of Singapore for their assistance. FaceTime We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. FileVault We would like to acknowledge Benjamin Adolphi of Promon Germany GmbH for their assistance. Login Window We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Photo Booth We would like to acknowledge Wojciech Reguła (@_r3ggi) of SecuRing for their assistance. System Preferences We would like to acknowledge Mohammad Tausif Siddiqui (@toshsiddiqui), an anonymous researcher for their assistance. WebKit We would like to acknowledge James Lee, an anonymous researcher for their assistance. Wi-Fi We would like to acknowledge Dana Morrison for their assistance. macOS Monterey 12.4 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmKC1TUACgkQeC9qKD1p rhigoQ//cTnC2MOYau+vO6pv8PHMbeEWPPvtsGpemCNz4iChXRhVOHKxgMQAHEgg Ejpxvw5D1jg12wroXypL8ADOD1V20OA7u5A20Lip1NIDL145692jPfmGuNxqkRnI DyoykhUogRL8Yvzkd5P8D3Jlo0EzCa4ZhO4tqBwbrGQZRb7gHclMPtzlgt15ZIma mH42QGRkJcK8v4MWNIxvibnQPwx3we2k4T8FajBvoCxYinMOlg/j16hFREj8Src+ rQwKPV6JHiBBQ3LQpGeBlJrFLH72CyHbCu8IqWFYvvDXsT5Gr9JoagW7+g/9+8Wc 402HjkY4wOZrxIBtlaUlNFZuB1mtIv8amHn9AaVOK/7GALSP6MQzA+U3HUqd3hYV J23pw6iRWBTZZSmO31kdEGU/X9uDkDKJL6QxUfzVXPVmOs0VNMmOJUdTRKf3tdsa 5qnPcjowRONgltX8NqIP0q4aJPr1WigtFGyASIr3me/t9Ft7Kss4gJt7YLDsN6MZ opD8hTRHSAXAAYsA57omyo/DnmajHIbUGVEujzAh/DOEYxgT9aaaAHnkNuaQgIbs Z5g/dfhDaJodyk0q7BIeK+RPbkvrJvnoBWkRnAUaSgYMX14DQdExlBEvbpcPg71f LHzUlUewIuuP/57huTz/b4vEEke0JUwrWk6T1ACbndL3FsPIOX4= =jaCZ -----END PGP SIGNATURE----- . This was addressed with improved input validation. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790) * httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691) * httpd: NULL pointer dereference via malformed requests (CVE-2021-34798) * httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.4.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. 7.7) - noarch, x86_64 3. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u7. For the stable distribution (bullseye), these problems have been fixed in version 2.4.52-1~deb11u2. We recommend that you upgrade your apache2 packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Description: Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications. Bugs fixed (https://bugzilla.redhat.com/): 2050826 - CVE-2022-24348 gitops: Path traversal and dereference of symlinks when passing Helm value files 5. ========================================================================== Ubuntu Security Notice USN-5212-2 January 10, 2022 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 ESM - Ubuntu 14.04 ESM Summary: Several security issues were fixed in Apache HTTP Server. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. (CVE-2021-44790) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm4 apache2-bin 2.4.18-2ubuntu3.17+esm4 Ubuntu 14.04 ESM: apache2 2.4.7-1ubuntu4.22+esm3 apache2-bin 2.4.7-1ubuntu4.22+esm3 In general, a standard system update will make all the necessary changes

vim is vulnerable to Heap-based Buffer Overflow. vim Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is an editor based on the UNIX platform. No detailed vulnerability details are currently available. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3927) A flaw was found in vim. A possible stack-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3928) A flaw was found in vim. A possible heap use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3968) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3973) A flaw was found in vim. A possible use-after-free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. The highest threat from this vulnerability is to system availability. (CVE-2021-3974) A flaw was found in vim. A possible heap-based buffer overflow allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is confidentiality, integrity, and system availability. (CVE-2021-3984) A flaw was found in vim. A possible heap-based buffer overflow vulnerability allows an malicious user to input a specially crafted file, leading to a crash or code execution. The highest threat from this vulnerability is system availability. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4136) A flaw was found in vim. A possible heap-based buffer overflow could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4166) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. (CVE-2021-4173) A flaw was found in vim. A possible use after free vulnerability could allow an malicious user to input a specially crafted file leading to a crash or code execution. Sourcing a specially crafted file in vim could crash the vim process or possibly lead to other undefined behaviors. A specially crafted file could be used to, when opened in vim, disclose some of the process's internal memory. (CVE-2021-4193) References to CVE-2021-4192 and CVE-2021-4193 have been added after the original release of this advisory, however those vulnerabilities were fixed by the packages referenced by this advisory's initial release on 2022-01-18. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2022-03-14-4 macOS Monterey 12.3 macOS Monterey 12.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213183. Accelerate Framework Available for: macOS Monterey Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2022-22633: an anonymous researcher AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22669: an anonymous researcher AppKit Available for: macOS Monterey Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2022-22665: Lockheed Martin Red Team AppleGraphicsControl Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22631: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22625: Mickey Jin (@patch1t) of Trend Micro AppleScript Available for: macOS Monterey Impact: An application may be able to read restricted memory Description: This issue was addressed with improved checks. CVE-2022-22648: an anonymous researcher AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22626: Mickey Jin (@patch1t) of Trend Micro CVE-2022-22627: Qi Sun and Robert Ai of Trend Micro AppleScript Available for: macOS Monterey Impact: Processing a maliciously crafted file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2022-22597: Qi Sun and Robert Ai of Trend Micro BOM Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) curl Available for: macOS Monterey Impact: Multiple issues in curl Description: Multiple issues were addressed by updating to curl version 7.79.1. CVE-2021-22946 CVE-2021-22947 CVE-2021-22945 CVE-2022-22623 FaceTime Available for: macOS Monterey Impact: A user may send audio and video in a FaceTime call without knowing that they have done so Description: This issue was addressed with improved checks. CVE-2022-22643: Sonali Luthar of the University of Virginia, Michael Liao of the University of Illinois at Urbana-Champaign, Rohan Pahwa of Rutgers University, and Bao Nguyen of the University of Florida ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2022-22611: Xingyu Jin of Google ImageIO Available for: macOS Monterey Impact: Processing a maliciously crafted image may lead to heap corruption Description: A memory consumption issue was addressed with improved memory handling. CVE-2022-22612: Xingyu Jin of Google Intel Graphics Driver Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2022-22661: an anonymous researcher, Peterpan0927 of Alibaba Security Pandora Lab IOGPUFamily Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22641: Mohamed Ghannam (@_simo36) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22613: Alex, an anonymous researcher Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2022-22614: an anonymous researcher CVE-2022-22615: an anonymous researcher Kernel Available for: macOS Monterey Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2022-22632: Keegan Saunders Kernel Available for: macOS Monterey Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2022-22638: derrek (@derrekr6) Kernel Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved validation. CVE-2022-22640: sqrtpwn libarchive Available for: macOS Monterey Impact: Multiple issues in libarchive Description: Multiple memory corruption issues existed in libarchive. These issues were addressed with improved input validation. CVE-2021-36976 Login Window Available for: macOS Monterey Impact: A person with access to a Mac may be able to bypass Login Window Description: This issue was addressed with improved checks. CVE-2022-22647: an anonymous researcher LoginWindow Available for: macOS Monterey Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2022-22656 GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory initialization issue was addressed with improved memory handling. CVE-2022-22657: Brandon Perry of Atredis Partners GarageBand MIDI Available for: macOS Monterey Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2022-22664: Brandon Perry of Atredis Partners NSSpellChecker Available for: macOS Monterey Impact: A malicious application may be able to access information about a user's contacts Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. CVE-2022-22644: an anonymous researcher PackageKit Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22617: Mickey Jin (@patch1t) Preferences Available for: macOS Monterey Impact: A malicious application may be able to read other applications' settings Description: The issue was addressed with additional permissions checks. CVE-2022-22609: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) QuickTime Player Available for: macOS Monterey Impact: A plug-in may be able to inherit the application's permissions and access user data Description: This issue was addressed with improved checks. CVE-2022-22650: Wojciech Reguła (@_r3ggi) of SecuRing Safari Downloads Available for: macOS Monterey Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2022-22616: Ferdous Saljooki (@malwarezoo) and Jaron Bradley (@jbradley89) of Jamf Software, Mickey Jin (@patch1t) Sandbox Available for: macOS Monterey Impact: A malicious application may be able to bypass certain Privacy preferences Description: The issue was addressed with improved permissions logic. CVE-2022-22600: Sudhakar Muthumani of Primefort Private Limited, Khiem Tran Siri Available for: macOS Monterey Impact: A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen Description: A permissions issue was addressed with improved validation. CVE-2022-22599: Andrew Goldberg of the University of Texas at Austin, McCombs School of Business (linkedin.com/andrew-goldberg/) SMB Available for: macOS Monterey Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2022-22651: Felix Poulin-Belanger SoftwareUpdate Available for: macOS Monterey Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2022-22639: Mickey Jin (@patch1t) System Preferences Available for: macOS Monterey Impact: An app may be able to spoof system notifications and UI Description: This issue was addressed with a new entitlement. CVE-2022-22660: Guilherme Rambo of Best Buddy Apps (rambo.codes) UIKit Available for: macOS Monterey Impact: A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions Description: This issue was addressed with improved checks. CVE-2022-22621: Joey Hewitt Vim Available for: macOS Monterey Impact: Multiple issues in Vim Description: Multiple issues were addressed by updating Vim. CVE-2021-4136 CVE-2021-4166 CVE-2021-4173 CVE-2021-4187 CVE-2021-4192 CVE-2021-4193 CVE-2021-46059 CVE-2022-0128 CVE-2022-0156 CVE-2022-0158 VoiceOver Available for: macOS Monterey Impact: A user may be able to view restricted content from the lock screen Description: A lock screen issue was addressed with improved state management. CVE-2021-30918: an anonymous researcher WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A cookie management issue was addressed with improved state management. WebKit Bugzilla: 232748 CVE-2022-22662: Prakash (@1lastBr3ath) of Threat Nix WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved state management. WebKit Bugzilla: 232812 CVE-2022-22610: Quan Yin of Bigo Technology Live Client Team WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. WebKit Bugzilla: 233172 CVE-2022-22624: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Bugzilla: 234147 CVE-2022-22628: Kirin (@Pwnrin) of Tencent Security Xuanwu Lab WebKit Available for: macOS Monterey Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. WebKit Bugzilla: 234966 CVE-2022-22629: Jeonghoon Shin at Theori working with Trend Micro Zero Day Initiative WebKit Available for: macOS Monterey Impact: A malicious website may cause unexpected cross-origin behavior Description: A logic issue was addressed with improved state management. WebKit Bugzilla: 235294 CVE-2022-22637: Tom McKee of Google Wi-Fi Available for: macOS Monterey Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2022-22668: MrPhil17 xar Available for: macOS Monterey Impact: A local user may be able to write arbitrary files Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2022-22582: Richard Warren of NCC Group Additional recognition AirDrop We would like to acknowledge Omar Espino (omespino.com), Ron Masas of BreakPoint.sh for their assistance. Bluetooth We would like to acknowledge an anonymous researcher, chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab for their assistance. Face Gallery We would like to acknowledge Tian Zhang (@KhaosT) for their assistance. Intel Graphics Driver We would like to acknowledge Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) for their assistance. Local Authentication We would like to acknowledge an anonymous researcher for their assistance. Notes We would like to acknowledge Nathaniel Ekoniak of Ennate Technologies for their assistance. Password Manager We would like to acknowledge Maximilian Golla (@m33x) of Max Planck Institute for Security and Privacy (MPI-SP) for their assistance. Siri We would like to acknowledge an anonymous researcher for their assistance. syslog We would like to acknowledge Yonghwi Jin (@jinmo123) of Theori for their assistance. TCC We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge Tim Shadel of Day Logger, Inc. for their assistance. WebKit We would like to acknowledge Abdullah Md Shaleh for their assistance. WebKit Storage We would like to acknowledge Martin Bajanik of FingerprintJS for their assistance. macOS Monterey 12.3 may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ All information is also posted on the Apple Security Updates web site: https://support.apple.com/en-us/HT201222. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmIv0O4ACgkQeC9qKD1p rhjGGRAAjqIyEzN+LAk+2uzHIMQNEwav9fqo/ZNoYAOzNgActK56PIC/PBM3SzHd LrGFKbBq/EMU4EqXT6ycB7/uZfaAZVCBDNo1qOoYNHXnKtGL2Z/96mV14qbSmRvC jfg1pC0G1jPTxJKvHhuQSZHDGj+BI458fwuTY48kjCnzlWf9dKr2kdjUjE38X9RM 0upKVKqY+oWdbn5jPwgZ408NOqzHrHDW1iIYd4v9UrKN3pfMGDzVZTr/offL6VFL osOVWv1IZvXrhPsrtd2KfG0hTHz71vShVZ7jGAsGEdC/mT79zwFbYuzBFy791xFa rizr/ZWGfWBSYy8O90d1l13lDlE739YPc/dt1mjcvP9FTnzMwBagy+6//zAVe0v/ KZOjmvtK5sRvrQH54E8qTYitdMpY2aZhfT6D8tcl+98TjxTDNXXj/gypdCXNWqyB L1PtFhTjQ0WnzUNB7sosM0zAjfZ1iPAZq0XHDQ6p6gEdVavNOHo/ekgibVm5f1pi kwBHkKyq55QbzipDWwXl6Owk/iaHPxgENYb78BpeUQSFei+IYDUsyLkPh3L95PHZ JSyKOtbBArlYOWcxlYHn+hDK8iotA1c/SHDefYOoNkp1uP853Ge09eWq+zMzUwEo GXXJYMi1Q8gmJ9wK/A3d/FKY4FBZxpByUUgjYhiMKTU5cSeihaI= =RiA+ -----END PGP SIGNATURE----- . Apple is aware of a report that this issue may have been actively exploited. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Vim, gVim: Multiple Vulnerabilities Date: August 21, 2022 Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231 ID: 202208-32 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Vim, the worst of which could result in denial of service. Background ========= Vim is an efficient, highly configurable improved version of the classic ‘vi’ text editor. gVim is the GUI version of Vim. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-editors/gvim < 9.0.0060 >= 9.0.0060 2 app-editors/vim < 9.0.0060 >= 9.0.0060 3 app-editors/vim-core < 9.0.0060 >= 9.0.0060 Description ========== Multiple vulnerabilities have been discovered in Vim and gVim. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Vim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060" All gVim users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060" All vim-core users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060" References ========= [ 1 ] CVE-2021-3770 https://nvd.nist.gov/vuln/detail/CVE-2021-3770 [ 2 ] CVE-2021-3778 https://nvd.nist.gov/vuln/detail/CVE-2021-3778 [ 3 ] CVE-2021-3796 https://nvd.nist.gov/vuln/detail/CVE-2021-3796 [ 4 ] CVE-2021-3872 https://nvd.nist.gov/vuln/detail/CVE-2021-3872 [ 5 ] CVE-2021-3875 https://nvd.nist.gov/vuln/detail/CVE-2021-3875 [ 6 ] CVE-2021-3927 https://nvd.nist.gov/vuln/detail/CVE-2021-3927 [ 7 ] CVE-2021-3928 https://nvd.nist.gov/vuln/detail/CVE-2021-3928 [ 8 ] CVE-2021-3968 https://nvd.nist.gov/vuln/detail/CVE-2021-3968 [ 9 ] CVE-2021-3973 https://nvd.nist.gov/vuln/detail/CVE-2021-3973 [ 10 ] CVE-2021-3974 https://nvd.nist.gov/vuln/detail/CVE-2021-3974 [ 11 ] CVE-2021-3984 https://nvd.nist.gov/vuln/detail/CVE-2021-3984 [ 12 ] CVE-2021-4019 https://nvd.nist.gov/vuln/detail/CVE-2021-4019 [ 13 ] CVE-2021-4069 https://nvd.nist.gov/vuln/detail/CVE-2021-4069 [ 14 ] CVE-2021-4136 https://nvd.nist.gov/vuln/detail/CVE-2021-4136 [ 15 ] CVE-2021-4166 https://nvd.nist.gov/vuln/detail/CVE-2021-4166 [ 16 ] CVE-2021-4173 https://nvd.nist.gov/vuln/detail/CVE-2021-4173 [ 17 ] CVE-2021-4187 https://nvd.nist.gov/vuln/detail/CVE-2021-4187 [ 18 ] CVE-2021-4192 https://nvd.nist.gov/vuln/detail/CVE-2021-4192 [ 19 ] CVE-2021-4193 https://nvd.nist.gov/vuln/detail/CVE-2021-4193 [ 20 ] CVE-2021-46059 https://nvd.nist.gov/vuln/detail/CVE-2021-46059 [ 21 ] CVE-2022-0128 https://nvd.nist.gov/vuln/detail/CVE-2022-0128 [ 22 ] CVE-2022-0156 https://nvd.nist.gov/vuln/detail/CVE-2022-0156 [ 23 ] CVE-2022-0158 https://nvd.nist.gov/vuln/detail/CVE-2022-0158 [ 24 ] CVE-2022-0213 https://nvd.nist.gov/vuln/detail/CVE-2022-0213 [ 25 ] CVE-2022-0261 https://nvd.nist.gov/vuln/detail/CVE-2022-0261 [ 26 ] CVE-2022-0318 https://nvd.nist.gov/vuln/detail/CVE-2022-0318 [ 27 ] CVE-2022-0319 https://nvd.nist.gov/vuln/detail/CVE-2022-0319 [ 28 ] CVE-2022-0351 https://nvd.nist.gov/vuln/detail/CVE-2022-0351 [ 29 ] CVE-2022-0359 https://nvd.nist.gov/vuln/detail/CVE-2022-0359 [ 30 ] CVE-2022-0361 https://nvd.nist.gov/vuln/detail/CVE-2022-0361 [ 31 ] CVE-2022-0368 https://nvd.nist.gov/vuln/detail/CVE-2022-0368 [ 32 ] CVE-2022-0392 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 [ 33 ] CVE-2022-0393 https://nvd.nist.gov/vuln/detail/CVE-2022-0393 [ 34 ] CVE-2022-0407 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 [ 35 ] CVE-2022-0408 https://nvd.nist.gov/vuln/detail/CVE-2022-0408 [ 36 ] CVE-2022-0413 https://nvd.nist.gov/vuln/detail/CVE-2022-0413 [ 37 ] CVE-2022-0417 https://nvd.nist.gov/vuln/detail/CVE-2022-0417 [ 38 ] CVE-2022-0443 https://nvd.nist.gov/vuln/detail/CVE-2022-0443 [ 39 ] CVE-2022-0554 https://nvd.nist.gov/vuln/detail/CVE-2022-0554 [ 40 ] CVE-2022-0629 https://nvd.nist.gov/vuln/detail/CVE-2022-0629 [ 41 ] CVE-2022-0685 https://nvd.nist.gov/vuln/detail/CVE-2022-0685 [ 42 ] CVE-2022-0714 https://nvd.nist.gov/vuln/detail/CVE-2022-0714 [ 43 ] CVE-2022-0729 https://nvd.nist.gov/vuln/detail/CVE-2022-0729 [ 44 ] CVE-2022-0943 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 [ 45 ] CVE-2022-1154 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 [ 46 ] CVE-2022-1160 https://nvd.nist.gov/vuln/detail/CVE-2022-1160 [ 47 ] CVE-2022-1381 https://nvd.nist.gov/vuln/detail/CVE-2022-1381 [ 48 ] CVE-2022-1420 https://nvd.nist.gov/vuln/detail/CVE-2022-1420 [ 49 ] CVE-2022-1616 https://nvd.nist.gov/vuln/detail/CVE-2022-1616 [ 50 ] CVE-2022-1619 https://nvd.nist.gov/vuln/detail/CVE-2022-1619 [ 51 ] CVE-2022-1620 https://nvd.nist.gov/vuln/detail/CVE-2022-1620 [ 52 ] CVE-2022-1621 https://nvd.nist.gov/vuln/detail/CVE-2022-1621 [ 53 ] CVE-2022-1629 https://nvd.nist.gov/vuln/detail/CVE-2022-1629 [ 54 ] CVE-2022-1674 https://nvd.nist.gov/vuln/detail/CVE-2022-1674 [ 55 ] CVE-2022-1720 https://nvd.nist.gov/vuln/detail/CVE-2022-1720 [ 56 ] CVE-2022-1733 https://nvd.nist.gov/vuln/detail/CVE-2022-1733 [ 57 ] CVE-2022-1735 https://nvd.nist.gov/vuln/detail/CVE-2022-1735 [ 58 ] CVE-2022-1769 https://nvd.nist.gov/vuln/detail/CVE-2022-1769 [ 59 ] CVE-2022-1771 https://nvd.nist.gov/vuln/detail/CVE-2022-1771 [ 60 ] CVE-2022-1785 https://nvd.nist.gov/vuln/detail/CVE-2022-1785 [ 61 ] CVE-2022-1796 https://nvd.nist.gov/vuln/detail/CVE-2022-1796 [ 62 ] CVE-2022-1851 https://nvd.nist.gov/vuln/detail/CVE-2022-1851 [ 63 ] CVE-2022-1886 https://nvd.nist.gov/vuln/detail/CVE-2022-1886 [ 64 ] CVE-2022-1897 https://nvd.nist.gov/vuln/detail/CVE-2022-1897 [ 65 ] CVE-2022-1898 https://nvd.nist.gov/vuln/detail/CVE-2022-1898 [ 66 ] CVE-2022-1927 https://nvd.nist.gov/vuln/detail/CVE-2022-1927 [ 67 ] CVE-2022-1942 https://nvd.nist.gov/vuln/detail/CVE-2022-1942 [ 68 ] CVE-2022-1968 https://nvd.nist.gov/vuln/detail/CVE-2022-1968 [ 69 ] CVE-2022-2000 https://nvd.nist.gov/vuln/detail/CVE-2022-2000 [ 70 ] CVE-2022-2042 https://nvd.nist.gov/vuln/detail/CVE-2022-2042 [ 71 ] CVE-2022-2124 https://nvd.nist.gov/vuln/detail/CVE-2022-2124 [ 72 ] CVE-2022-2125 https://nvd.nist.gov/vuln/detail/CVE-2022-2125 [ 73 ] CVE-2022-2126 https://nvd.nist.gov/vuln/detail/CVE-2022-2126 [ 74 ] CVE-2022-2129 https://nvd.nist.gov/vuln/detail/CVE-2022-2129 [ 75 ] CVE-2022-2175 https://nvd.nist.gov/vuln/detail/CVE-2022-2175 [ 76 ] CVE-2022-2182 https://nvd.nist.gov/vuln/detail/CVE-2022-2182 [ 77 ] CVE-2022-2183 https://nvd.nist.gov/vuln/detail/CVE-2022-2183 [ 78 ] CVE-2022-2206 https://nvd.nist.gov/vuln/detail/CVE-2022-2206 [ 79 ] CVE-2022-2207 https://nvd.nist.gov/vuln/detail/CVE-2022-2207 [ 80 ] CVE-2022-2208 https://nvd.nist.gov/vuln/detail/CVE-2022-2208 [ 81 ] CVE-2022-2210 https://nvd.nist.gov/vuln/detail/CVE-2022-2210 [ 82 ] CVE-2022-2231 https://nvd.nist.gov/vuln/detail/CVE-2022-2231 [ 83 ] CVE-2022-2257 https://nvd.nist.gov/vuln/detail/CVE-2022-2257 [ 84 ] CVE-2022-2264 https://nvd.nist.gov/vuln/detail/CVE-2022-2264 [ 85 ] CVE-2022-2284 https://nvd.nist.gov/vuln/detail/CVE-2022-2284 [ 86 ] CVE-2022-2285 https://nvd.nist.gov/vuln/detail/CVE-2022-2285 [ 87 ] CVE-2022-2286 https://nvd.nist.gov/vuln/detail/CVE-2022-2286 [ 88 ] CVE-2022-2287 https://nvd.nist.gov/vuln/detail/CVE-2022-2287 [ 89 ] CVE-2022-2288 https://nvd.nist.gov/vuln/detail/CVE-2022-2288 [ 90 ] CVE-2022-2289 https://nvd.nist.gov/vuln/detail/CVE-2022-2289 [ 91 ] CVE-2022-2304 https://nvd.nist.gov/vuln/detail/CVE-2022-2304 [ 92 ] CVE-2022-2343 https://nvd.nist.gov/vuln/detail/CVE-2022-2343 [ 93 ] CVE-2022-2344 https://nvd.nist.gov/vuln/detail/CVE-2022-2344 [ 94 ] CVE-2022-2345 https://nvd.nist.gov/vuln/detail/CVE-2022-2345 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-32 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-32787: Dohyun Lee (@l33d0hyun) of SSD Secure Disclosure Labs & DNSLab, Korea Univ. CVE-2022-32812: Yinyi Wu (@3ndy1), ABC Research s.r.o

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability.The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validation of user-supplied data, which can result in a resource exhaustion condition. An attacker can leverage this vulnerability to create a denial-of-service condition on the process. Log4j is an open source project of Apache. By using Log4j, the destination of log information transmission can be controlled to be console, file, GUI component, even socket server, NT event recorder, etc. Apache Log4j2 has a denial of service vulnerability. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse product documentation pages: Fuse 7.8: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.9: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.9/html/deploying_into_spring_boot/patch-red-hat-fuse-applications Fuse 7.10: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/installing_on_apache_karaf/apply-hotfix-patch https://access.redhat.com/documentation/en-us/red_hat_fuse/7.10/html/deploying_into_spring_boot/patch-red-hat-fuse-applications 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat build of Eclipse Vert.x 4.1.8 security update Advisory ID: RHSA-2022:0083-01 Product: Red Hat OpenShift Application Runtimes Advisory URL: https://access.redhat.com/errata/RHSA-2022:0083 Issue date: 2022-01-20 CVE Names: CVE-2021-44832 CVE-2021-45046 CVE-2021-45105 ==================================================================== 1. Summary: An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section. 2. Description: This release of Red Hat build of Eclipse Vert.x 4.1.8 GA includes security updates. For more information, see the release notes listed in the References section. Security Fix(es): * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832) * log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) (CVE-2021-45046) * log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern (CVE-2021-45105) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 2032580 - CVE-2021-45046 log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228) 2034067 - CVE-2021-45105 log4j-core: DoS in log4j 2.x with Thread Context Map (MDC) input data contains a recursive lookup and context lookup pattern 2035951 - CVE-2021-44832 log4j-core: remote code execution via JDBC Appender 5. References: https://access.redhat.com/security/cve/CVE-2021-44832 https://access.redhat.com/security/cve/CVE-2021-45046 https://access.redhat.com/security/cve/CVE-2021-45105 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product\xcatRhoar.eclipse.vertx&version=4.1.8 https://access.redhat.com/documentation/en-us/red_hat_build_of_eclipse_vert.x/4.1/html/release_notes_for_eclipse_vert.x_4.1/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYemZRNzjgjWX9erEAQg3kg//TMRnMbFneaojfw2Cav3ewH7CQEqai/UQ 4nb5leVBZUlkoGk302d1Xlmjc8oYeyRHP2w95PuWfSqxpU5GhOabUjlJzul1Um34 Y0QaFhBI7xuAk28szn7JKoB6yZ6UAgB/vmYYo0YdlphtInAwnp3Vipb/3vgzXJUH eaFAkTvEMc4h0gcyLO98Krr/4u87+YJyY2wbWSpRDoQpQUcnDzGNqessOp6NMSsS mo0SHcFVYLXqsM9/cHaQyhIfTlF5JDApe0DO5y1zE60B1tYJyU34fgoRprFs5ybv f4Enn/qVWfmx2PCdEwOdKvjf2jQzVplqbPQwxILMRN2f3+y7OBNNWPB16kTskP3u jYUXZd6AN+YdJBzpBw23TFDmtSbGn9A3jTOWz1uACu3vYxNPSzDYIkOgD0hYfNIb dZntht5p3WgkBQ0Xkgd0At2UXwc70eJ2uH51Ck/bosH46MuKzVSeCoAsCCEXRMTm vGsfK5EV8Es5ltzsw1Im+3DZ8QcBNN7SUWidrJa9d6U9F0pzZVe1co4D12Xchapv bxQp0QeWHIgFNBQA8vQk6SZsdJH3THzHi0GUzLvSMED02MsfAd7HQhyndu/b9vs6 s2OIgauHd09+Siw1twydZUg1eEbeNctFUW2pi2LRggCY4cqLA0j4l0q0zQnKCdw3 73/w3ORRBdI=mx2F -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. JIRA issues fixed (https://issues.jboss.org/): JBEAP-22105 - (7.4.z) Upgrade from com.io7m.xom:xom 1.2.10 to xom:xom 1.3.7 JBEAP-22385 - (7.4.z) Upgrade ASM from 7.1 to 9.1 JBEAP-22731 - (7.4.z) Upgrade Artemis from 2.16.0.redhat-00032 to 2.16.0.redhat-00034 JBEAP-22738 - (7.4.z) Upgrade jbossws-cxf from 5.4.2.Final to 5.4.4.Final(Fix UsernameTokenElytronTestCase on SE 17) JBEAP-22819 - [GSS] (7.4.z) HAL-1762 - Aliases are removed from the credential store when passwords are updated from the admin console JBEAP-22839 - [GSS](7.4.z) Upgrade yasson from 1.0.9.redhat-00001 to 1.0.10.redhat-00001 JBEAP-22864 - (7.4.z) Upgrade HAL from 3.3.8.Final-redhat-00001 to 3.3.9.Final-redhat-00001 JBEAP-22904 - (7.4.z) Upgrade Hibernate ORM from 5.3.24.Final-redhat-00001 to 5.3.25.Final-redhat-00002 JBEAP-22911 - (7.4.z) Upgrade OpenSSL from 2.1.3.Final-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22912 - (7.4.z) Upgrade OpenSSL Natives from 2.1.0.SP01-redhat-00001 to 2.2.0.Final-redhat-00001 JBEAP-22913 - (7.4.z) Upgrade WildFly Core from 15.0.6.Final-redhat-00003 to 15.0.7.Final-redhat-00001 JBEAP-22935 - (7.4.z) Upgrade jboss-vfs from 3.2.15.Final-redhat-00001 to 3.2.16.Final-redhat-00001 JBEAP-22945 - (7.4.z) Upgrade org.apache.logging.log4j from 2.14.0.redhat-00002 to 2.17.1.redhat-00001 JBEAP-22973 - (7.4.z) Upgrade Elytron from 1.15.9.Final-redhat-00001 to 1.15.11.Final-redhat-00002 JBEAP-23038 - (7.4.z) Upgrade galleon-plugins from 5.1.4.Final to 5.2.6.Final JBEAP-23040 - (7.4.z) Upgrade galleon-plugins in wildfly-core-eap from 5.1.4.Final to 5.2.6.Final JBEAP-23045 - (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001 JBEAP-23101 - (7.4.z) Upgrade Infinispan from 11.0.12.Final to 11.0.15.Final JBEAP-23105 - (7.4.z) Upgrade Narayana from 5.11.3.Final-redhat-00001 to 5.11.4.Final-redhat-00001 JBEAP-23143 - (7.4.z) Upgrade from org.eclipse.jdt.core.compiler:ecj:4.6.1 to org.eclipse.jdt:ecj:3.26 JBEAP-23177 - (7.4.z) Upgrade XNIO from 3.8.5.SP1-redhat-00001 to 3.8.6.Final-redhat-00001 JBEAP-23323 - [GSS](7.4.z) WFLY-16112 - Batch JobOperatorService should look for only active job names to stop during suspend JBEAP-23373 - (7.4.z) Upgrade OpenSSL from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 JBEAP-23374 - (7.4.z) Upgrade WildFly Core from 15.0.7.Final-redhat-00001 to 15.0.8.Final-redhat-00001 JBEAP-23375 - (7.4.z) Upgrade OpenSSL Natives from 2.2.0.Final-redhat-00001 to 2.2.0.Final-redhat-00002 6. Description: Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. JIRA issues fixed (https://issues.jboss.org/): LOG-2073 - The elasticsearch-im-xxx job failed when trying to start index management process for a non-existent(empty-named) index [openshift-logging-5.2] LOG-2087 - resourceVersion is overflowing type Integer causing ES rejection 6. ========================================================================= Ubuntu Security Notice USN-5222-1 January 11, 2022 apache-log4j2 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.10 - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache Log4j 2. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-45105) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.10: liblog4j2-java 2.17.1-0.21.10.1 Ubuntu 21.04: liblog4j2-java 2.17.1-0.21.04.1 Ubuntu 20.04 LTS: liblog4j2-java 2.17.1-0.20.04.1 Ubuntu 18.04 LTS: liblog4j2-java 2.12.4-0ubuntu0.1 In general, a standard system update will make all the necessary changes. For the oldstable distribution (buster), this problem has been fixed in version 2.17.0-1~deb10u1. For the stable distribution (bullseye), this problem has been fixed in version 2.17.0-1~deb11u1. We recommend that you upgrade your apache-log4j2 packages. For the detailed security status of apache-log4j2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache-log4j2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmG+Ro1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQVuBAArOperYABsLeaPcs3DgNxHcDDUNGCcvo5fsBtkh+MDvHMspqOb8VqLShx BtzPJGE0UTdBrfAqWeuMCbV1LdBYfwRUlrUyZiQXBiEx5BI5vDB4vaDUtAomwC6o vnbJwDlvlpoSwbURcls/Z0Hs15gwHX2D/lSa+j+NSxaNCkEOqvjr8dbpnHMSIbwz f0hSWQm4jydadUHP/zXSwN+LeZrJs+uP1tIdajtZjr6VoPkV48EDxCctaVttn27q 9DrGM9RjKGyCCKB/WrWToRbv/Mke20AJ4SOWoDdy1u/m2wcgW3pv1cap7J3RRjYO K5V5qacdJDo9FWoRkb1ftXlanyVe5DyI+j/9un+uZLSlOkeTha+hP+Tj2P/sx/Z4 xbpmPRGJ+O/BuxoPXUJNSTkh7vLu0CJkCfzi3Gj24c22jkBV3POJ7iZsFvNbJHAi 3i6VBc7e6tcqdiIhZqj/+odu2rCqeYqMbvhLL/slnQQVU4YMn3F1FtPWEpfAmQzP YCg2vLei5rTt3dYjA5aBluJPEPXO5rA5nZa3xq5hbzAJMl/m1yU9K6v73mCk9gnK yFHoaD+Ls97tPCMiO/56kIQecLv5s7GuuwLQlC8rm9TgXzl/m6rqst7a93IcsnV9 P+f2RZsciOyXo1N4zhakNkZ4dkmRZCfm9xCfeqAKUQgqVPXhBtE= =Wkr6 -----END PGP SIGNATURE-----

Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an attacker is able to recover the profile password

A misconfiguration in HTTP/1.0 and HTTP/1.1 of the web interface in TP-Link AX10v1 before V1_211117 allows a remote unauthenticated attacker to send a specially crafted HTTP request and receive a misconfigured HTTP/0.9 response, potentially leading into a cache poisoning attack. TP-Link AX10 for, HTTP There is a vulnerability related to request smuggling.Service operation interruption (DoS) It may be in a state. TP-Link AX10 is a router from Tp-link company in China. No detailed vulnerability details are currently provided

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. DIAEnergie Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. DIAEnergie Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

FiberHome ONU GPON AN5506-04-F RP2617 is affected by an OS command injection vulnerability. This vulnerability allows the attacker, once logged in, to send commands to the operating system as the root user via the ping diagnostic tool, bypassing the IP address field, and concatenating OS commands with a semicolon. (DoS) It may be in a state. Fiberhome FiberHome ONU GPON is a router from Fiberhome in China

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. DIAEnergie Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with