VARIoT IoT vulnerabilities database

There is a Business Logic Errors vulnerability in Huawei Smartphone. The malicious apps installed on the device can keep taking screenshots in the background. This issue does not cause system errors, but may cause personal information leakage. Huawei There are unspecified vulnerabilities in smartphones.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is a Security Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. Huawei There are unspecified vulnerabilities in smartphones.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have an information disclosure vulnerability, which stems from configuration errors during the operation of the product

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Attackers with physical access to the device can thereby exploit this vulnerability. A successful exploitation of this vulnerability can compromise the device's data security and functional availability. Huawei Smartphones are vulnerable to lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Improper Validation of Array Index vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause code to execute, thus obtaining system permissions. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections. Huawei Smartphones contain vulnerabilities related to fraudulent authentication.Information may be tampered with. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Certain Huawei phones contain an access control error vulnerability that could be exploited by an attacker to cause application redirection. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

There is a Memory Buffer Improper Operation Limit vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause exceptions in image processing. Huawei A buffer error vulnerability exists in smartphones.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause leaking of user click data. Huawei There are unspecified vulnerabilities in smartphones.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. Huawei There are unspecified vulnerabilities in smartphones.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. Huawei Smartphones are vulnerable to inadequate protection of credentials.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have an authorization issue vulnerability, which stems from the lack of authentication measures or insufficient authentication strength in the product

There is an Information Disclosure vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may result in video streams being intercepted during transmission. Huawei Smartphones contain vulnerabilities in the transmission of important information in clear text.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company

There is an Improper Control of Generation of Code vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause denial of security services on a rooted device. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Apache HTTP Server has a denial of service vulnerability, which is caused by a crash caused by a NULL pointer dereference. Attackers can use this vulnerability to cause malicious back-end servers and SessionHeader denial of service.

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow. Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Attackers can use this vulnerability to trigger remote code execution or denial of service attacks. ========================================================================== Ubuntu Security Notice USN-4994-1 June 21, 2021 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950) Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.1 apache2-bin 2.4.46-4ubuntu1.1 Ubuntu 20.10: apache2 2.4.46-1ubuntu1.2 apache2-bin 2.4.46-1ubuntu1.2 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.3 apache2-bin 2.4.41-4ubuntu3.3 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.16 apache2-bin 2.4.29-1ubuntu4.16 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache: Multiple vulnerabilities Date: July 17, 2021 Bugs: #795231 ID: 202107-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.48 >= 2.4.48 Description =========== Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.48" References ========== [ 1 ] CVE-2019-17567 https://nvd.nist.gov/vuln/detail/CVE-2019-17567 [ 2 ] CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 [ 3 ] CVE-2020-35452 https://nvd.nist.gov/vuln/detail/CVE-2020-35452 [ 4 ] CVE-2021-26690 https://nvd.nist.gov/vuln/detail/CVE-2021-26690 [ 5 ] CVE-2021-26691 https://nvd.nist.gov/vuln/detail/CVE-2021-26691 [ 6 ] CVE-2021-30641 https://nvd.nist.gov/vuln/detail/CVE-2021-30641 [ 7 ] CVE-2021-31618 https://nvd.nist.gov/vuln/detail/CVE-2021-31618 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-38 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 5. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM HVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg qzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T QyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa 4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU WPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL dRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY OkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU vPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje 1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S DW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT EuH/ObqPu58= =Q2rT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u5. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8 TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+ AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26 qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps= =O0O+ -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7

There is a race condition vulnerability in eCNS280_TD V100R005C00 and V100R005C10. There is a timing window exists in which the database can be operated by another thread that is operating concurrently. Successful exploit may cause the affected device abnormal. eCNS280_TD Is vulnerable to a race condition.Denial of service (DoS) It may be put into a state. Huawei eCNS280_TD is the core network device of Huawei's wireless broadband trunking system

This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PICT image can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, a DLL hijacking issue exists in cachecleaner.dll included in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. BIG-IP Edge Client Windows Installer There is a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. F5 BIG-IP Edge Gateway is a set of remote access solutions of F5 Company in the United States. F5 BIG-IP Edge Gateway has a security vulnerability that allows an unprivileged user to use a malicious DLL to elevate privileges on client Windows systems

On version 7.2.1.x before 7.2.1.3 and 7.1.x before 7.1.9.9 Update 1, the BIG-IP Edge Client Windows Installer Service's temporary folder has weak file and folder permissions. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. F5 BIG-IP Edge Gateway is a set of remote access solutions of F5 Company in the United States. A security vulnerability exists in BIG-IP Edge Client that could allow an unprivileged user to run a specially crafted application to gain privilege escalation on the client Windows system

BCOS is a home router. Ruijie Networks Co., Ltd. BCOS has a command execution vulnerability. Attackers can use this vulnerability to restart the device.

Four-Faith is a router product of Xiamen Four-Faith Communication Technology Co., Ltd. The Four-Faith build 2781M router has a command execution vulnerability, which can be exploited by an attacker to gain control of the server.