CHIYU IoT devices suffer from an integer overflow denial of service vulnerability. Affected devices include BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC with firmware versions prior to June 2021.
369646f20627c73fcfc4b1175de5a5c27aedb1a01b4addefab4dce955c086e87Several IoT devices from the CHIYU Technology firm are vulnerable to a flaw that permits bypassing the telnet authentication process due to an overflow during the negotiation of the telnet protocol. Telnet authentication is bypassed by supplying a specially malformed request, and an attacker may force the remote telnet server to believe that the user has already authenticated. Several models are vulnerable, including BF-430, BF-431, BF-450M, and SEMAC with the most recent firmware versions.
781c1db46d4908a42a01a83b90b7f6c823afa8285764c401421aada6d4c0a9d1Red Hat Security Advisory 2021-2204-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
9a035cfbc87a6747d586ceffa4815409fcf7aad17db61e4c0e3bcf4d050443faRed Hat Security Advisory 2021-2206-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR.
dffad670a09383ba6fa1c657c89f16e3cc7a33ddd47569476f37df5d4f7fa1e5Red Hat Security Advisory 2021-2208-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.11.0 ESR.
464dea18c30172a6f68ee59fc10ab9585a12325b63bfa234d495f3c338abf7c6Red Hat Security Advisory 2021-2203-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
dd3e30c1af6db9ac71e476608dc4cff4393c6e1c95889d77a2726b043e3fd61aPHP version 8.1.0-dev remote code execution exploit that leverages a backdoor under the User-Agentt header.
db919b002e73a69b79a28203d0b5d0d2988353385d8bcdefb7ee78add38b8c00Red Hat Security Advisory 2021-2205-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a buffer overflow vulnerability.
7b10f31af5f71c94bea5faf3ae9bc196be54c049f7d3c1fa687e2957b580eb62Red Hat Security Advisory 2021-2210-01 - These are CVE issues filed against XP1 releases that have been fixed in the underlying EAP 7.3.x base, so no changes to the EAP XP1 code base. Issues addressed include bypass, code execution, and information leakage vulnerabilities.
9691b25285d178232646384c2b04af0fd9b63a9114c31e28a05a6df16be9db85Ubuntu Security Notice 4976-1 - Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks.
2212e9df1205123c33fd5f3260226e53e71124f8f9d77b357eea7fca92bb7dcdUbuntu Security Notice 4975-1 - It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. Various other issues were also addressed.
23dda5ba935125c5afba517c657a63caaeaad0e6c1d85a6b3a1006d40d42023bBasicNote version 1.1.9 suffers from a denial of service vulnerability.
9387e3360f4b9a75dce80179b03b5b213620f9bc40b3f925c877728693c4e664Blacknote version 2.2.1 suffers from a denial of service vulnerability.
e371f5326b185488fd8f6cd28cbc65cb7afab4dfb6123919616fb2dc5eee01c0Notepad Notes version 2.6.7 suffers from a denial of service vulnerability.
d329e1499add897d89d20c2c6d9d1e80beae52494ab9daf149891a39961b5810ColorNote version 4.1.9 suffers from a denial of service vulnerability.
a5e9ecde1c55dbbed1be5767b277896bab7af27ac1c742fa039223aec8f79cb1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed