VARIoT IoT vulnerabilities database

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Netis N3Mv2 is a router device

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. Netis N3Mv2 is a router device. Netis N3Mv2 has a buffer overflow vulnerability

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Sending a size larger than the buffer size results in leakage of data from memory resulting in an information disclosure. If the size is large enough, it causes communications over the common industrial protocol to become unresponsive to any type of packet, resulting in a denial-of-service to FactoryTalk Linx over the common industrial protocol. Rockwell Automation Provided by FactoryTalk Linx The following vulnerabilities exist in. It was * Inappropriate input confirmation (CWE-20) - CVE-2023-29464If the vulnerability is exploited, it may be affected as follows. It was * Information may be obtained by a remote third party via a specially crafted packet, or a denial of service (denial of service) may be attempted. DoS ) state. This product is mainly used for communication between small applications and large automation systems

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function. Yifan YF325 is a wireless router from Yifan Company. Yifan YF325 has a buffer overflow vulnerability, which originates from a boundary error in the gwcfg_cgi_set_manage_post_data function malloc function when processing untrusted input

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the cgi_handler function. Yifan YF325 is an industrial cellular router. The vulnerability is caused by a boundary error in the next_page parameter in the cgi_handler function when processing untrusted input

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function. Yifan YF325 is an industrial cellular router. The vulnerability is caused by a boundary error in the next_page parameter in the gozila_cgi function when processing untrusted input

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. fortinet's FortiMail Exists in a fraudulent authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiMail is a set of email security gateway products from the American company Fortinet. The product provides features such as email security and data protection. Fortinet FortiMail has an authorization issue vulnerability, which results from improper authorization of the product

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Fortinet FortiWLM is a wireless manager from the American company Fortinet. Fortinet FortiWLM has a command execution vulnerability. The vulnerability is caused by the application's failure to properly filter special characters, commands, etc. in constructed commands

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. fortinet's FortiWLM for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5549-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 05, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : trafficserver CVE ID : CVE-2022-47185 CVE-2023-33934 CVE-2023-39456 CVE-2023-41752 CVE-2023-44487 Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or information disclosure. For the oldstable distribution (bullseye), these problems have been fixed in version 8.1.9+ds-1~deb11u1. For the stable distribution (bookworm), these problems have been fixed in version 9.2.3+ds-1+deb12u1. We recommend that you upgrade your trafficserver packages. For the detailed security status of trafficserver please refer to its security tracker page at: https://security-tracker.debian.org/tracker/trafficserver Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmVH8qoACgkQEMKTtsN8 TjbxOhAAkZMjvXgCcE1d9hO03bcOOVEU8dm3D7POoeIVqmZlgHRH6Q7xh1E3ER+C dl2Nix0Y+8KiCP9JjL6K9yzNcMpmeQ1M6QYD8HJxyj/ihVpWv+SMrdelVyYG5BPM ClWLHzNk6oQm3fMWE//EXm6vxoXOust61gTjhjozV7D1VvWYvLdDt/w59I+wHHc2 XIJ9gVakNvVrmdB2ItEwrYmPrRA6uECB3ag3xP4Wh1H9SkwVgcbBW6ZrgmPAjVQO UTxdCYJuoWkYavr6bolxUG833DfnJRPk9mZJVCdvX4FJnNI6Mp/XGWQ0KNx8K2Xj u6bG//dTJ948q0i5c4thWlCuKkalpZAJ3KxcFyZo6Io1QjCaSN49Rj1agCuiJp4r nmbh0GAlebvOypuiOZieJEEbTIhJpgF1hCLS2jy/Eo8qLP7Iodvr2US7JNwVEirj v0GZx9w9uyFYKfNgRDlJDdaJsmi+2YfbXO4uxp8rFNUY3acL/P8mTsMJohiWjNuH q+/hY7egr7igRPSe+zl2m/tpx1zlPxH761qMqdTVNwztE4t09vW4crPrQ8siwmC1 0HCyGef7R8eNqlODCwpeG1wC+DXHzx00FWUG1r24lNGf7koFnsuALJBPGRptbHqm v6z+piRi8deQNb1vCsQXBzsXjVrK+i/MAAjNixnvTJ9BnVh2ZPY= =gKYQ -----END PGP SIGNATURE----- . Description: Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Description: A security update for Camel K 1.10.4 is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Description: Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. ========================================================================== Ubuntu Security Notice USN-6438-1 October 19, 2023 dotnet6, dotnet7 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 Summary: Several security issues were fixed in dotnet6, dotnet7. Software Description: - dotnet6: dotNET CLI tools and runtime - dotnet7: dotNET CLI tools and runtime Details: Kevin Jones discovered that .NET did not properly process certain X.509 certificates. An attacker could possibly use this issue to cause a denial of service. (CVE-2023-36799) It was discovered that the .NET Kestrel web server did not properly handle HTTP/2 requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2023-44487) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: aspnetcore-runtime-6.0 6.0.123-0ubuntu1 aspnetcore-runtime-7.0 7.0.112-0ubuntu1 dotnet-host 6.0.123-0ubuntu1 dotnet-host-7.0 7.0.112-0ubuntu1 dotnet-hostfxr-6.0 6.0.123-0ubuntu1 dotnet-hostfxr-7.0 7.0.112-0ubuntu1 dotnet-runtime-6.0 6.0.123-0ubuntu1 dotnet-runtime-7.0 7.0.112-0ubuntu1 dotnet-sdk-6.0 6.0.123-0ubuntu1 dotnet-sdk-7.0 7.0.112-0ubuntu1 dotnet6 6.0.123-0ubuntu1 dotnet7 7.0.112-0ubuntu1 In general, a standard system update will make all the necessary changes. The following data is constructed from data provided by Red Hat's json file at: https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_5922.json Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment. - Packet Storm Staff ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4 security update Advisory ID: RHSA-2023:5922-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2023:5922 Issue date: 2023-10-19 Revision: 01 CVE Names: CVE-2023-44487 ==================================================================== Summary: A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.4. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution: CVEs: CVE-2023-44487 References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/ . Software Description: - netty: Java NIO client/server socket framework Details: It was discovered that Netty did not properly sanitize its input parameters. (CVE-2023-34462) It was discovered that Netty incorrectly handled request cancellation

A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290). Siemens' parasolid and tecnomatix Exists in an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. Siemens' sicam pas/pqs Contains a vulnerability in improper permission assignment for critical resources.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software from Germany's Siemens with operating systems for energy automation and power quality