VARIoT IoT vulnerabilities database

HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R2P11) have an information exposure vulnerability. The system does not properly authenticate the application that access a specified interface. Attackers can trick users into installing malicious software to exploit this vulnerability and obtain some information about the device. Successful exploit may cause information disclosure. Huawei P30 is a smart phone launched by Huawei

An authentication-bypass issue was discovered on D-Link DAP-1522 devices 1.4x before 1.10b04Beta02. There exist a few pages that are directly accessible by any unauthorized user, e.g., logout.php and login.php. This occurs because of checking the value of NO_NEED_AUTH. If the value of NO_NEED_AUTH is 1, the user has direct access to the webpage without any authentication. By appending a query string NO_NEED_AUTH with the value of 1 to any protected URL, any unauthorized user can access the application directly, as demonstrated by bsc_lan.php?NO_NEED_AUTH=1. D-Link DAP-1522 There is an authentication vulnerability in the device.Information may be obtained. D-Link DAP-1522 is a wireless access point product of D-Link, Taiwan. D-Link DAP-1522 1.10b04Beta02 has a security vulnerability in the 1.4x version. An attacker can use this vulnerability to bypass authentication and directly access the application

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet. D-Link DIR-816L On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. D-Link DIR-816L 1.10b04Beta02 has an operating system command injection vulnerability in 2.x versions. Attackers can use this vulnerability to inject arbitrary commands

HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E160R2P11) have an improper authorization vulnerability. The software does not properly restrict certain operation in certain scenario, the attacker should do certain configuration before the user turns on student mode function. Successful exploit could allow the attacker to bypass the limit of student mode function. Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8). HUAWEI Mate 20 There is an authentication vulnerability in smartphones.Information may be tampered with. Huawei Mate 20 is a smartphone launched by Huawei

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an exposed administration function in getcfg.php, which can be used to call various services. It can be utilized by an attacker to retrieve various sensitive information, such as admin login credentials, by setting the value of _POST_SERVICES in the query string to DEVICE.ACCOUNT. D-Link DIR-816L The device contains a vulnerability related to information leakage.Information may be obtained. D-Link DIR-816L is a wireless router made by D-Link in Taiwan. D-Link DIR-816L 1.10b04Beta02 has an information disclosure vulnerability in 2.x versions

CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Memory Allocation. CODESYS Control Is vulnerable to resource allocation without restrictions or throttling.Service operation interruption (DoS) It may be put into a state. 3S-Smart Software Solutions CODESYS Control is a set of industrial control program programming software. 3S-Smart Software Solutions CODESYS Control has a denial of service vulnerability. Allow remote attackers to use vulnerabilities to submit special requests and perform denial of service attacks

An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage. D-Link DIR-816L A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. D-Link DIR-816L is a wireless AC750 dual-band cloud router

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. The Cisco ASA series is a series of customized solutions for security equipment launched by Cisco. It integrates advanced security and VPN services to protect business communications and organizations of all sizes from cyber threats. Cisco has a variety of arbitrary file reading vulnerabilities, which can be exploited by attackers to obtain sensitive information. The platform provides features such as highly secure access to data and network resources

Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Google Chrome is a web browser developed by Google (Google). WebRTC is one of the components that supports browsers for real-time voice or video conversations. A security vulnerability exists in WebRTC in versions prior to Google Chrome 84.0.4147.89. An attacker could exploit this vulnerability to bypass security restrictions. WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR. To reproduce, place the following code on line 9529 of sctp_output.c. This will output the peer's address to the log: struct sctp_state_cookie cookie2; struct sctp_state_cookie* cookie3; cookie3 = sctp_get_next_param(cookie, 4, &cookie2, sizeof(struct sctp_state_cookie)); LOGE(\"COOKIE INITACK ADDRESS %llx laddress %llx\", *((long long*)cookie3->address), *((long long*)cookie3->address)); Or, view the SCTP packets sent by WebRTC before they are sent to the encryption layer. They are full of pointers. This bug is subject to a 90 day disclosure deadline. After 90 days elapse, the bug report will become visible to the public. The scheduled disclosure date is 2020-Jul-28. Disclosure at an earlier date is possible if agreed upon by all parties. Related CVE Numbers: CVE-2020-6514. Found by: deadbeef@chromium.org . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:3253-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3253 Issue date: 2020-07-30 CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652 CVE-2020-15659 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.11.0 ESR. Security Fix(es): * chromium-browser: Use after free in ANGLE (CVE-2020-6463) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652) * Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker 1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: firefox-68.11.0-1.el7_8.src.rpm x86_64: firefox-68.11.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.11.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: firefox-68.11.0-1.el7_8.i686.rpm firefox-debuginfo-68.11.0-1.el7_8.i686.rpm Red Hat Enterprise Linux Server (v. 7): Source: firefox-68.11.0-1.el7_8.src.rpm ppc64: firefox-68.11.0-1.el7_8.ppc64.rpm firefox-debuginfo-68.11.0-1.el7_8.ppc64.rpm ppc64le: firefox-68.11.0-1.el7_8.ppc64le.rpm firefox-debuginfo-68.11.0-1.el7_8.ppc64le.rpm s390x: firefox-68.11.0-1.el7_8.s390x.rpm firefox-debuginfo-68.11.0-1.el7_8.s390x.rpm x86_64: firefox-68.11.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.11.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): x86_64: firefox-68.11.0-1.el7_8.i686.rpm firefox-debuginfo-68.11.0-1.el7_8.i686.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: firefox-68.11.0-1.el7_8.src.rpm x86_64: firefox-68.11.0-1.el7_8.x86_64.rpm firefox-debuginfo-68.11.0-1.el7_8.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: firefox-68.11.0-1.el7_8.i686.rpm firefox-debuginfo-68.11.0-1.el7_8.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-6463 https://access.redhat.com/security/cve/CVE-2020-6514 https://access.redhat.com/security/cve/CVE-2020-15652 https://access.redhat.com/security/cve/CVE-2020-15659 https://access.redhat.com/security/updates/classification/#important https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXyMgu9zjgjWX9erEAQg1Lw//ThDhQNyzbi/DcKqRZ4oE2crnYGEpor13 fbkpiATllwswE+uVcroydKTdj+hFJ3kopnSxTL2uvtIqq2fNAVRQiCyRwR5Cza7X i9khFoKJOoEtw4ZpkMOXEQxWBeAX9Jo8et1e3Fq0FP7SJvt+rTFJag380FKi+qUu Ixy+ks3rKmFPUdvSbqm4OMIIPJUJa04xRtx9qrHgMSsxw88bwEUezckl0unJorCq iGI2j9hjmiYGKhzr9TamTaQqRIKenn1E8J8gYrgHO5fBMaD5JaPchYM5KjPCsAyz Tv97a31s16Vn+gUKbb8HGORbXd1V8JtzqYowyQJm+DIj6/K1g0Ahjui7wI1+HIvq eQokM/2JHqulmG39kwfEze4X0T/AIiGKFxhLutRbih+YZ9XJ5utmhnJ02ueK7TWM rRRlyWw/lmryGCK5zOL5+9tx4rJUHxwiaQSDcCzf5Dtf4mEPhsizT5KBJCbdd5ZO AP+/eyAFnb5z/+Fsj35glsgF5mNuDb/DiYFKjrg11KKp/aViNx709ZVmi/jcGd6c hoba26uGhr4Dn8oWI+r0M5R/+jfiyJ0Ay/xhQrjwnj/hNArf0+Re3wsqtCTbRVrA PeesTMwXOBpuVJ7wCWtE1Ns2UdKy3COnBTla4xRE3U5JKSSD+Coi2HEwhZW0zUhH EmDN6VjH+XE=JK3R -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-64 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Thunderbird: Multiple vulnerabilities Date: July 31, 2020 Bugs: #734978 ID: 202007-64 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 mail-client/thunderbird < 68.11.0 >= 68.11.0 2 mail-client/thunderbird-bin < 68.11.0 >= 68.11.0 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Thunderbird users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-68.11.0" All Mozilla Thunderbird binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.11.0" References ========= [ 1 ] CVE-2020-15652 https://nvd.nist.gov/vuln/detail/CVE-2020-15652 [ 2 ] CVE-2020-15659 https://nvd.nist.gov/vuln/detail/CVE-2020-15659 [ 3 ] CVE-2020-6463 https://nvd.nist.gov/vuln/detail/CVE-2020-6463 [ 4 ] CVE-2020-6514 https://nvd.nist.gov/vuln/detail/CVE-2020-6514 [ 5 ] MFSA-2020-35 https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/ Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-64 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Background ========= Library for rendering dynamic web content in Qt5 C++ and QML applications. 8.1) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. 6) - i386, i686, x86_64 3. Security Fix(es): * chromium-browser: Heap buffer overflow in background fetch (CVE-2020-6510) * chromium-browser: Side-channel information leakage in content security policy (CVE-2020-6511) * chromium-browser: Type Confusion in V8 (CVE-2020-6512) * chromium-browser: Heap buffer overflow in PDFium (CVE-2020-6513) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514) * chromium-browser: Use after free in tab strip (CVE-2020-6515) * chromium-browser: Policy bypass in CORS (CVE-2020-6516) * chromium-browser: Heap buffer overflow in history (CVE-2020-6517) * chromium-browser: Use after free in SCTP (CVE-2020-6532) * chromium-browser: Type Confusion in V8 (CVE-2020-6537) * chromium-browser: Inappropriate implementation in WebView (CVE-2020-6538) * chromium-browser: Use after free in CSS (CVE-2020-6539) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6540) * chromium-browser: Use after free in WebUSB (CVE-2020-6541) * chromium-browser: Use after free in developer tools (CVE-2020-6518) * chromium-browser: Policy bypass in CSP (CVE-2020-6519) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6520) * chromium-browser: Side-channel information leakage in autofill (CVE-2020-6521) * chromium-browser: Inappropriate implementation in external protocol handlers (CVE-2020-6522) * chromium-browser: Out of bounds write in Skia (CVE-2020-6523) * chromium-browser: Heap buffer overflow in WebAudio (CVE-2020-6524) * chromium-browser: Heap buffer overflow in Skia (CVE-2020-6525) * chromium-browser: Inappropriate implementation in iframe sandbox (CVE-2020-6526) * chromium-browser: Insufficient policy enforcement in CSP (CVE-2020-6527) * chromium-browser: Incorrect security UI in basic auth (CVE-2020-6528) * chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6529) * chromium-browser: Out of bounds memory access in developer tools (CVE-2020-6530) * chromium-browser: Side-channel information leakage in scroll to text (CVE-2020-6531) * chromium-browser: Type Confusion in V8 (CVE-2020-6533) * chromium-browser: Heap buffer overflow in WebRTC (CVE-2020-6534) * chromium-browser: Insufficient data validation in WebUI (CVE-2020-6535) * chromium-browser: Incorrect security UI in PWAs (CVE-2020-6536) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/): 1857320 - CVE-2020-6511 chromium-browser: Side-channel information leakage in content security policy 1857321 - CVE-2020-6512 chromium-browser: Type Confusion in V8 1857322 - CVE-2020-6513 chromium-browser: Heap buffer overflow in PDFium 1857323 - CVE-2020-6515 chromium-browser: Use after free in tab strip 1857324 - CVE-2020-6516 chromium-browser: Policy bypass in CORS 1857325 - CVE-2020-6518 chromium-browser: Use after free in developer tools 1857326 - CVE-2020-6519 chromium-browser: Policy bypass in CSP 1857327 - CVE-2020-6520 chromium-browser: Heap buffer overflow in Skia 1857328 - CVE-2020-6521 chromium-browser: Side-channel information leakage in autofill 1857329 - CVE-2020-6523 chromium-browser: Out of bounds write in Skia 1857330 - CVE-2020-6524 chromium-browser: Heap buffer overflow in WebAudio 1857331 - CVE-2020-6525 chromium-browser: Heap buffer overflow in Skia 1857332 - CVE-2020-6526 chromium-browser: Inappropriate implementation in iframe sandbox 1857333 - CVE-2020-6527 chromium-browser: Insufficient policy enforcement in CSP 1857334 - CVE-2020-6528 chromium-browser: Incorrect security UI in basic auth 1857336 - CVE-2020-6529 chromium-browser: Inappropriate implementation in WebRTC 1857337 - CVE-2020-6530 chromium-browser: Out of bounds memory access in developer tools 1857338 - CVE-2020-6531 chromium-browser: Side-channel information leakage in scroll to text 1857339 - CVE-2020-6533 chromium-browser: Type Confusion in V8 1857340 - CVE-2020-6534 chromium-browser: Heap buffer overflow in WebRTC 1857341 - CVE-2020-6535 chromium-browser: Insufficient data validation in WebUI 1857342 - CVE-2020-6536 chromium-browser: Incorrect security UI in PWAs 1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC 1857351 - CVE-2020-6517 chromium-browser: Heap buffer overflow in history 1857352 - CVE-2020-6522 chromium-browser: Inappropriate implementation in external protocol handlers 1857400 - CVE-2020-6510 chromium-browser: Heap buffer overflow in background fetch 1861464 - CVE-2020-6537 chromium-browser: Type Confusion in V8 1861465 - CVE-2020-6538 chromium-browser: Inappropriate implementation in WebView 1861466 - CVE-2020-6532 chromium-browser: Use after free in SCTP 1861467 - CVE-2020-6539 chromium-browser: Use after free in CSS 1861468 - CVE-2020-6540 chromium-browser: Heap buffer overflow in Skia 1861469 - CVE-2020-6541 chromium-browser: Use after free in WebUSB 6

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated user to send malformed requests to cause a denial of service against the server. IBM X-Force ID: 179476. IBM Verify Gateway (IVG) Vulnerability in Vendor exploits this vulnerability IBM X-Force ID: 179476 It is published as.Service operation interruption (DoS) It may be put into a state. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 179266. Vendor exploits this vulnerability IBM X-Force ID: 179266 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, PAM version 1.0.1, WinLogin version 1.0.0, WinLogin version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 179478. Vendor exploits this vulnerability IBM X-Force ID: 179478 It is published as.Information may be obtained. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, version 1.0.1, WinLogin version 1.0.0, version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 179009. Vendor exploits this vulnerability IBM X-Force ID: 179009 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The following products and versions are affected: IBM IVG RADIUS version 1.0.0, PAM version 1.0.0, version 1.0.1, WinLogin version 1.0.0, version 1.0.1

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive information in plain text which could be obtained by an attacker using man in the middle techniques. IBM X-Force ID: 179428. Vendor exploits this vulnerability IBM X-Force ID: 179428 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. Attackers can exploit this vulnerability to obtain information through man-in-the-middle techniques

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive information in leftover debug code that could be used aid a local user in further attacks against the system. IBM X-Force ID: 179008. Vendor exploits this vulnerability IBM X-Force ID: 179008 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1. A local attacker can exploit this vulnerability to further attack the system

IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive information in cleartext that could be obtained by a user. IBM X-Force ID: 179004. Vendor exploits this vulnerability IBM X-Force ID: 179004 It is published as.Information may be obtained. IBM Verify Gateway (IVG) is a set of cloud-based identity verification solutions from IBM Corporation in the United States. A security vulnerability exists in IBM IVG PAM versions 1.0.0 and 1.0.1 due to the fact that the program allows sensitive information to be transmitted in clear text. An attacker could exploit this vulnerability to obtain information

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-867, DIR-878, and DIR-882 routers with firmware 1.20B10_BETA. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP requests. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the router. Was ZDI-CAN-10835. Zero Day Initiative To this vulnerability ZDI-CAN-10835 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-878 and D-Link DIR-867 are both wireless routers manufactured by D-Link in Taiwan. DIR-867-US using firmware version 1.20B10 and earlier and DIR-878 using firmware version 1.20B05 and earlier have security loopholes in HNAP request processing, which stems from incorrect string matching logic

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-842 3.13B05 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of HNAP GetCAPTCHAsetting requests. The issue results from the lack of proper handling of sessions. An attacker can leverage this vulnerability to execute arbitrary code in the context of the device. Was ZDI-CAN-10083. Zero Day Initiative To this vulnerability ZDI-CAN-10083 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DIR-842 is a wireless router made by D-Link in Taiwan. There are security loopholes in the HNAP GetCAPTCHAsetting request processing process in D-Link DIR-842. The vulnerability stems from the network system or product not properly verifying the user's identity

ZLAN5102/ZLAN5103 serial server is an industrial-grade protocol converter between RS232/485 and TCP/IP produced by Shanghai ZLAN. ZLAN serial server has a denial of service vulnerability. Attackers can use the vulnerability to cause the device to deny service and restart.

China Mobile Railcom's main business is communication technology, information system development, consulting services, and construction project management. China Mobile Railcom's Suzhou branch Yu Luqi has a logic flaw vulnerability. Attackers can use the vulnerability to gain unauthorized access to the system background.