VARIoT IoT vulnerabilities database

A vulnerability has been identified in SCALANCE W780 and W740 (IEEE 802.11n) family (All versions < V6.3). Sending specially crafted packets through the ARP protocol to an affected device could cause a partial denial-of-service, preventing the device to operate normally for a short period of time. SCALANCE W780 and W740 The family is vulnerable to resource allocation without restrictions or throttling.Denial of service (DoS) It may be put into a state. The SCALANCE W700 product is a wireless communication device used to connect industrial components such as a programmable logic controller (PLC) or human machine interface (HMI). The Siemens SCALANCE W780 and W740 ARP protocols have a denial of service vulnerability

.NET Core Remote Code Execution Vulnerability

Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution. Advantech iView There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Advantech iView is an equipment management application for the energy, water and wastewater industries. Advantech iView versions prior to 5.7.03.6112 have a key feature lack of certification vulnerability. There is a security vulnerability in Advantech iView, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time

.NET Core Remote Code Execution Vulnerability. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: .NET Core 3.1 on Red Hat Enterprise Linux security and bugfix update Advisory ID: RHSA-2021:0789-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0789 Issue date: 2021-03-09 CVE Names: CVE-2021-26701 ==================================================================== 1. Summary: An update for rh-dotnet31-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. The updated versions are .NET Core SDK 3.1.113 and .NET Core Runtime 3.1.13. Security Fix(es): * dotnet: System.Text.Encodings.Web Remote Code Execution (CVE-2021-26701) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet31-dotnet-3.1.113-1.el7_9.src.rpm x86_64: rh-dotnet31-aspnetcore-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-apphost-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-debuginfo-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-host-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-hostfxr-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-runtime-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-sdk-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-targeting-pack-3.1-3.1.13-1.el7_9.x86_64.rpm rh-dotnet31-dotnet-templates-3.1-3.1.113-1.el7_9.x86_64.rpm rh-dotnet31-netstandard-targeting-pack-2.1-3.1.113-1.el7_9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-26701 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYEfcQtzjgjWX9erEAQjYKQ/9GAgJR6yoeb0rRTrmE8PNW3uAsIBuK1EK uITzaizodY25oMJf0wW9qQGejZDZTRH5QdmRJdNOftA5fNDT0lx72SYE60rw89Ws no+T4n6s2KlnS5GJ/oQKdpZvtF2l2lWyh8oKjKqGO2Vf2lOTFB0+tqdIYpLddlf2 wQAO/RIdBjRE6buqlNA/3iaQRgubL0FMxLrrCMUiVSFcsl9Wh1stIwQCDGQVJzyW 73fA+qastsAy0uTK9F7r9Hp9/fzdWYy4epR2maImkozVQyGIttfOn96wMAEGYQcM B791utMTJQRMoXz1TUpkQ7T31NQH14nW5w1tTjVOwipXBsFqe5IspfUb6iMNihoI UXm/RtLh7z28aamZ7tPkcDW1+WktoD6mL1mToiNPZBLjC6QfSKZCPIS08J3Gyf71 M2BPqwvx8o1YWYJ6oRtEKvOs6QBmYqwsvDEBtMOuf1CqfvqJNsBckPxPibatc49T q3UGj+2OD7rBFuvv/47O/401Sj4yrpddBsWpNg2KDcRqiSwjafTTzCqiS4w38eR/ /0KvKk095cnBbDQ24bezTZrPk4bMUA6gQaObA51pw/VvBnZqxMTxcPgB+LqUzYtK o6/i+D0nxWAlCi31iCvr2pY1jFXHGZzn3v8qCk1Kn4Ii37ifJ55IAYbnI1kIuyQu cDYTfg/xJLITUF -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce

A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the AppleIntelKBLGraphics kext. The issue results from the lack of proper locking when performing operations on an object. There is a security vulnerability in the Intel Graphics Driver. Please keep an eye on CNNVD or the manufacturer's announcement. The specific flaw exists within the AppleIntelKBLGraphics kext. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-4 Security Update 2021-003 Mojave Security Update 2021-003 Mojave addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212327. APFS Available for: macOS Mojave Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1851: @0xalsr Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com) Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb) Windows Server Available for: macOS Mojave Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----

gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. ConnMan Contains an unspecified vulnerability.Information may be obtained. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ConnMan: Multiple vulnerabilities Date: July 12, 2021 Bugs: #769491, #795084 ID: 202107-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in ConnMan might allow remote attacker(s) to execute arbitrary code. Background ========== ConnMan provides a daemon for managing Internet connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/connman < 1.40 >= 1.40 Description =========== Multiple vulnerabilities have been discovered in connman. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ConnMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/connman-1.40" References ========== [ 1 ] CVE-2021-26675 https://nvd.nist.gov/vuln/detail/CVE-2021-26675 [ 2 ] CVE-2021-26676 https://nvd.nist.gov/vuln/detail/CVE-2021-26676 [ 3 ] CVE-2021-33833 https://nvd.nist.gov/vuln/detail/CVE-2021-33833 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-29 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), these problems have been fixed in version 1.36-2.1~deb10u1. We recommend that you upgrade your connman packages. For the detailed security status of connman please refer to its security tracker page at: https://security-tracker.debian.org/tracker/connman Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAhl9pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ToGg//e9ZijJG7S7wkyc4I+q+1Bn1kPikXh4osJ9wgNSUKdcsIGWpjAvnW+X1H WwT5OI+7BeuAK1uAvGIuDK5s6cPsaa8NUKLsAwgKKcwCJcN74wLKls+3j7vt4nQA ynenKrwYBxxdfq9oUFPIvMhWggZ5a1LFqbgLeXnQc36IGAJSpkCMogJpOIQqc3Ed Xi7I7TKk3l2rxsvNxD+qPaRp+0p81trEcX7M81yhEBpg1q2UeEKLrDWkHxT1+l4N +ZHGT71zS5vq7pUrwWURlcy4mwOvNG0VA7BSu/j2mCAH2iUiRMEYOnZWEZTT9rS0 woDFAtU0Yp/zE6FhnXK0iwPyTfv9lJaOLpf30QnT3rc14t1sGhs460Hzv6XUbgjA Z89M5J+ImESPr3S1P7Tw39giD8LRsuXCqX8Hh3blz8astlrp9G+vmH/oN7U/yo9j uaGuwytV5aJuDDyl6tiMPz4nl537fxawdn95Mm9R67F1glESkEUob8ua2PRJDDCl 5ZPkTRwrIMyf2yS9ggvml2AsJbKUEs7pHxuzSpf9f/0ac5vBSwlXgLiEsq91uDxj TkEoXa/UKXyjDqnp4I/ctiwAopcp51Dvmsi2eiLKKxlS8XHWUZxVTSToqcGbj3OU isUqzGXEpvRgvC7u7oFS7FvSX+rBR0+H4iXq8MwCZvgfLldCyLQ= =5+D+ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6236-1 July 19, 2023 connman vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ConnMan. Software Description: - connman: Intel Connection Manager daemon Details: It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: connman 1.41-2ubuntu0.23.04.1 Ubuntu 22.04 LTS: connman 1.36-2.3ubuntu0.1 Ubuntu 20.04 LTS: connman 1.36-2ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): connman 1.35-6ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): connman 1.21-1.2+deb8u1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6236-1 CVE-2021-26675, CVE-2021-26676, CVE-2021-33833, CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293, CVE-2023-28488 Package Information: https://launchpad.net/ubuntu/+source/connman/1.41-2ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1 https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. ConnMan Is vulnerable to an out-of-bounds write.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: ConnMan: Multiple vulnerabilities Date: July 12, 2021 Bugs: #769491, #795084 ID: 202107-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow in ConnMan might allow remote attacker(s) to execute arbitrary code. Background ========== ConnMan provides a daemon for managing Internet connections. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-misc/connman < 1.40 >= 1.40 Description =========== Multiple vulnerabilities have been discovered in connman. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All ConnMan users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/connman-1.40" References ========== [ 1 ] CVE-2021-26675 https://nvd.nist.gov/vuln/detail/CVE-2021-26675 [ 2 ] CVE-2021-26676 https://nvd.nist.gov/vuln/detail/CVE-2021-26676 [ 3 ] CVE-2021-33833 https://nvd.nist.gov/vuln/detail/CVE-2021-33833 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-29 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . For the stable distribution (buster), these problems have been fixed in version 1.36-2.1~deb10u1. We recommend that you upgrade your connman packages. For the detailed security status of connman please refer to its security tracker page at: https://security-tracker.debian.org/tracker/connman Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmAhl9pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0ToGg//e9ZijJG7S7wkyc4I+q+1Bn1kPikXh4osJ9wgNSUKdcsIGWpjAvnW+X1H WwT5OI+7BeuAK1uAvGIuDK5s6cPsaa8NUKLsAwgKKcwCJcN74wLKls+3j7vt4nQA ynenKrwYBxxdfq9oUFPIvMhWggZ5a1LFqbgLeXnQc36IGAJSpkCMogJpOIQqc3Ed Xi7I7TKk3l2rxsvNxD+qPaRp+0p81trEcX7M81yhEBpg1q2UeEKLrDWkHxT1+l4N +ZHGT71zS5vq7pUrwWURlcy4mwOvNG0VA7BSu/j2mCAH2iUiRMEYOnZWEZTT9rS0 woDFAtU0Yp/zE6FhnXK0iwPyTfv9lJaOLpf30QnT3rc14t1sGhs460Hzv6XUbgjA Z89M5J+ImESPr3S1P7Tw39giD8LRsuXCqX8Hh3blz8astlrp9G+vmH/oN7U/yo9j uaGuwytV5aJuDDyl6tiMPz4nl537fxawdn95Mm9R67F1glESkEUob8ua2PRJDDCl 5ZPkTRwrIMyf2yS9ggvml2AsJbKUEs7pHxuzSpf9f/0ac5vBSwlXgLiEsq91uDxj TkEoXa/UKXyjDqnp4I/ctiwAopcp51Dvmsi2eiLKKxlS8XHWUZxVTSToqcGbj3OU isUqzGXEpvRgvC7u7oFS7FvSX+rBR0+H4iXq8MwCZvgfLldCyLQ= =5+D+ -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-6236-1 July 19, 2023 connman vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.04 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in ConnMan. Software Description: - connman: Intel Connection Manager daemon Details: It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2021-26675, CVE-2021-33833) It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-26676) It was discovered that ConnMan could be made to read out of bounds. A remote attacker could possibly use this issue to case ConnMan to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23096, CVE-2022-23097) It was discovered that ConnMan could be made to run into an infinite loop. A remote attacker could possibly use this issue to cause ConnMan to consume resources and to stop operating, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-23098) It was discovered that ConnMan could be made to write out of bounds via the gweb component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32292) It was discovered that ConnMan did not properly manage memory under certain circumstances. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-32293) It was discovered that ConnMan could be made to write out of bounds via the gdhcp component. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2023-28488) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.04: connman 1.41-2ubuntu0.23.04.1 Ubuntu 22.04 LTS: connman 1.36-2.3ubuntu0.1 Ubuntu 20.04 LTS: connman 1.36-2ubuntu0.1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): connman 1.35-6ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): connman 1.21-1.2+deb8u1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6236-1 CVE-2021-26675, CVE-2021-26676, CVE-2021-33833, CVE-2022-23096, CVE-2022-23097, CVE-2022-23098, CVE-2022-32292, CVE-2022-32293, CVE-2023-28488 Package Information: https://launchpad.net/ubuntu/+source/connman/1.41-2ubuntu0.23.04.1 https://launchpad.net/ubuntu/+source/connman/1.36-2.3ubuntu0.1 https://launchpad.net/ubuntu/+source/connman/1.36-2ubuntu0.1

An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture (FFDC) service log if the service log is generated while managed endpoints are updating. The service log is only generated when requested by a privileged LXCA user and it is only accessible to the privileged LXCA user that requested the file and is then deleted. Lenovo XClarity Administrator (LXCA) Contains a vulnerability in the transmission of important information in clear text.Information may be obtained. There is a security vulnerability in Lenovo XClarity Administrator. Currently there is no information about this vulnerability. Please keep an eye on CNNVD or manufacturer announcements

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity. Dell PowerScale OneFS Contains a privilege management vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Dell PowerScale OneFS, currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements

Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.8280 may allow an authenticated user to potentially enable an escalation of privilege via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. Dell EMC PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information may be tampered with. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issue where the OneFS SMB directory auto-create may erroneously create a directory for a user. A remote unauthenticated attacker may take advantage of this issue to slow down the system. Dell EMC PowerScale OneFS Is vulnerable to handling exceptional conditions.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrect Permission Assignment for a Critical Resource vulnerability. This may allow a non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to exploit the vulnerability, leading to compromised cryptographic operations. Note: no non-admin users or roles have these privileges by default. Dell PowerScale OneFS Is vulnerable to an improperly assigned permission for critical resources.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Dell EMC PowerScale OneFS. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper input validation vulnerability. A user with the ISI_PRIV_CLUSTER privilege may exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Dell EMC PowerScale OneFS Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege escalation vulnerability. A non-admin user with either ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH may potentially exploit this vulnerability to read arbitrary data, tamper with system software or deny service to users. Note: no non-admin users or roles have these privileges by default. Dell EMC PowerScale OneFS There is a vulnerability in the lack of authentication for critical features.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. Dell EMC PowerScale OneFS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is currently no information about this vulnerability. Please keep an eye on CNNVD or vendor announcements

Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authenticated user to potentially enable a denial of service via local access. There is a security vulnerability in the Intel SGX Platform. There is no information about this vulnerability at present. Please keep an eye on CNNVD or manufacturer announcements

Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* before version 1.00.00.3506 may allow an authenticated user to potentially enable escalation of privilege via local access. There is no information about this vulnerability so far. Please keep an eye on CNNVD or manufacturer announcements

Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Graphics Drivers Exists in an exceptional condition check vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time

Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. Intel(R) Graphics Drivers Contains an unspecified vulnerability.Denial of service (DoS) It may be put into a state. There is a security vulnerability in Intel Graphics Drivers. There is no information about this vulnerability at present. Please pay attention to CNNVD or manufacturer announcements at any time