An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.

DATE

ID#

TITLE

03-07-22

PLYTV21-09

Studio X50 – Improper Neutralization of Special Elements used in an OS Command

03-07-22

PLYPL21-12

EEDII – Multiple Security Vulnerabilities

02-23-22

PLYGN21-08

Poly Systems – Apache Log4j

09-29-21

Security Advisory Version 1.0

Plantronics Hub – Local Privilege Escalation

09-07-21

Security Bulletin Version 1.0

CX5100/CX5500 Authenticated Command Injection

04-30-21

Security Advisory Version 1.0

Information Disclosure Vulnerability Poly VOIP Phones

02-24-21

Security Advisory Version 1.0

Information Disclosure Vulnerability Poly VOIP Phones

02-24-21

Security Bulletin Version 1.1

Increased SIP Provisioning Attacks

02-22-21

Security Advisory Version 1.0

Information Disclosure Vulnerability Poly ZTP Service

01-20-21

Security Bulletin Version 1.0

Cybersecurity and Infrastructure Security Agency (CISA) Alert AA20-352A

04-24-20

Security Bulletin Version 1.0

Poly Recommended Best Security Practices for Unified Communications

04-01-20

Security Advisory Version 1.0

Poly Voice Endpoints – XSS and CSRF Vulnerabilities

02-07-20

Security Bulletin Version 1.0

CCX500 - UI Vulnerability Allows Access to Android Settings

01-15-20

Security Bulletin Version 1.6

Worldwide H.323 and SIP Botnet Calling Video Systems

01-10-20

Security Advisory Version 1.2.0

Remote Code Execution Vulnerability in UCS Software

01-10-20

Security Advisory Version 1.0.0

Vulnerabilities in VxWorks Operating System and Poly Products

09-04-19

Security Advisory Version 1.0.0

Plantronics Hub - Local Privilege Escalation Vulnerability

08-06-19

Security Advisory Version 1.0

Remote Code Execution Vulnerability in Obihai OBi1022

06-19-19

Security Advisory Version 1.1

Insufficient Authentication Resulting in Information Leakage on VVX Products

06-14-19

Security Advisory Version 1.1

Hard Coded Credentials Vulnerability in VVX Products

04-26-19

Security Advisory Version 1.0

Multiple Vulnerabilities in HDX Products Older than 3.1.14

02-20-19

Security Bulletin Version 1.0

HDX (versions older than 3.1.13) can be affected by multiple Botnets

01-24-19

Security Advisory Version 1.1

Cyber Threats Targeting Default Passwords

11-30-18

Security Bulletin Version 1.1

TLS 1.2 and Microsoft O365 Impacts to Polycom Products

11-05-18

Security Bulletin Version 1.0

Bluetooth Authentication Weakness Found in Trio

11-05-18

Security Bulletin Version 1.0

Stored Cross-Site Scripting Found in Trio

11-01-18

Security Bulletin Version 1.0

Remote Code Execution Vulnerability Found in Group Series

08-10-18

Security Bulletin Version 1.1

HDX SoftwareVersions Older than 3.1.12 and Omni Botnet

07-12-18

Security Advisory Version 1.9

Processor Based "Speculative Execution" Vulnerabilities AKA "Spectre" and "Meltdown" on Polycom Products

07-11-18

Security Advisory Version 1.2

Vulnerabilities in Polycom VVX Phones and UC Software

07-03-18

Security Advisory Version 1.0

Polycom UCS Software Vulnerabilities

06-26-18

Security Advisory Version 1.1

RealPresence Web Suite Vulnerability

05-10-18

Security Advisory Version 1.0

RealPresence Debut Vulnerabilities

03-05-18

Security Advisory Version 1.0

QDX 6000 Vulnerabilities

12-20-17

Security Advisory Version 1.2

"Krack" Vulnerability with Polycom Products

11-24-17

Security Advisory Version 1.2

Remote Code Execution on HDX Endpoints

10-18-17

Security Advisory Version 1.1

BlueBorne Bluetooth Vulnerabilities

08-28-17

Security Advisory Version 1.0

Information Disclosure on Multiple Polycom Products

08-11-17

Security Bulletin Version 1.1

WannaCry Vulnerability and Polycom Products

06-14-17

Security Bulletin Version 1.0

Relating to CVE-2017-7494 "SambaCry" Vulnerability and Polycom Products

03-22-17

Security Bulletin Version 1.0

Relating to CVE-2017-5638 "Apache Struts" Vulnerability and Polycom Products

10-26-16

Security Advisory Version 1.1

Relating to CVE-2016-5195 "Dirty COW" Vulnerability

09-20-16

Security Advisory Version 2.0

Relating to a Cross-site Scripting (XSS) Vulnerability in Polycom HDX Video Endpoints

09-13-16

Security Advisory Version 1.0

Relating to an XML External Entity (XXE) Vulnerability in Polycom HDX Video Endpoints)

04-06-16

Security Advisory Version 1.2

Relating to a GNU glibc DNS Vulnerability (CVE-2015-7547)

03-08-16

Security Bulletin Version 1.0

Relating to CVE-2016-0800 “DROWN” Vulnerability and Polycom Products

02-09-16

Security Office Update 2.0

Security Update Relating to H.323 and SIP AES Media Encryption on Polycom Products

12-16-15

Security Advisory Version 1.0

Relating to RealPresence Capture Server and RealPresence Media Suite Appliance Editions

12-09-15

Security Advisory Version 1.0

Relating to Path Traversal Vulnerabilities in Polycom VVX Business Media Phones

10-23-15

Security Advisory Version 2.0

Relating to GHOST glibc Vulnerability

10-23-15

Security Advisory Version 1.6.1

Relating to Logjam Vulnerability

06-29-15

Security Bulletin Version 1.0

RealPresence Resource Manager 8.4 security fixes summary

06-23-15

Security Advisory Version 1.0

Relating to Command Shell Vulnerability in Polycom Group Series Video Endpoints

06-23-15

Security Advisory Version 1.0

Relating to Inadequate SSH Restrictions Vulnerability in Polycom Group Series Video Endpoints

06-23-15

Security Advisory Version 1.0

Relating to Software Update Vulnerability in Polycom Group Series Video Endpoints

06-23-15

Security Advisory Version 1.0

Relating to Weak Entropy Vulnerability in Polycom Group Series Video Endpoints Web Cookies

06-17-15

Security Bulletin Version 1.0

Relating to "Tomcat Denial of Service"

06-15-15

Security Bulletin Version 1.0

Relating to Leap Second Insertion

04-20-15

Security Bulletin Version 1.6

Relating to SSLv3 "POODLE" Vulnerability and Polycom Products

10-24-14

Security Advisory Version 1.7

Relating to Bash shell arbitrary code execution on Various Polycom Products

10-06-14

Security Bulletin Version 1.2

Relating to Multiple OpenSSL Vulnerabilities on Various Polycom Products

06-05-14

Security Advisory Version 1.12

Relating to OpenSSL Vulnerability “Heartbleed” on Various Polycom Products

12-20-13

Security Bulletin 5471

Relating to JBoss Application Server on RealPresence Resource Manager

03-14-13

Security Bulletin 102404

Security Advisory relating to telnet shell authorization bypass on Polycom HDX Video Endpoints

03-14-13

Security Bulletin 107522

Security Advisory Relating to the Firmware Update Command Injection Vulnerability on Polycom HDX Video Endpoints

03-14-13

Security Bulletin 107523

Security Advisory Relating to the Command Shell Vulnerability on Polycom HDX Video Endpoints

03-14-13

Security Bulletin 107524

Security Advisory Relating to the H.323 Format String Vulnerability on Polycom HDX Video Endpoints

03-14-13

Security Bulletin 107525

Security Advisory Relating to the H.323 CDR Database SQL Injection on Polycom HDX Video Endpoints

03-14-13

Security Bulletin 107526

Security Advisory Relating to the PUP File Header MAC Signature Bypass on Polycom HDX Video Endpoints

CVE-2022-26482: Security Center

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

**Name**

CVE-2022-33903

**Source**

CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

**Vulnerable and fixed packages**

The table below lists information on source packages.

Source Package

Release

Version

Status

tor (PTS)

buster, buster (security)

0.3.5.16-1

fixed

bullseye (security), bullseye

0.4.5.10-1~deb11u1

fixed

bookworm, sid

0.4.7.8-1

fixed

The information below is based on the following data on fixed versions.

Package

Type

Release

Fixed Version

Urgency

Origin

Debian Bugs

tor

source

stretch

(not affected)

tor

source

buster

(not affected)

tor

source

bullseye

(not affected)

tor

source

(unstable)

0.4.7.8-1

**Notes**

\[bullseye\] - tor <not-affected> (Only affects 0.4.7.x)  
\[buster\] - tor <not-affected> (Only affects 0.4.7.x)  
\[stretch\] - tor <not-affected> (Only affects 0.4.7.x)  
https://bugzilla.redhat.com/show\_bug.cgi?id=2099227  
https://gitlab.torproject.org/tpo/core/tor/-/issues/40626  
https://lists.torproject.org/pipermail/tor-announce/2022-June/000242.html  
https://github.com/torproject/tor/commit/b0496d40197dd5b4fb7b694c1410082d4e34dda6 (tor-0.4.7.8)

CVE-2022-33903: CVE-2022-33903

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.

CVE-2022-28809: ODA Security Advisories | Open Design Alliance

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

CVE-2022-32263: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

CVE-2022-29286: Pexip security bulletins | Pexip Infinity Docs

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

Date: 2022-04-18 13:42:36 +0000 Improve handling of Gopher responses (#1022) diff --git a/src/gopher.cc b/src/gopher.cc index c4d1aeaad..6a77d9aaf 100644 --- a/src/gopher.cc +++ b/src/gopher.cc @@ -365,7 +365,6 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len) char \*lpos = NULL; char \*tline = NULL; LOCAL\_ARRAY(char, line, TEMP\_BUF\_SIZE); - LOCAL\_ARRAY(char, tmpbuf, TEMP\_BUF\_SIZE); char \*name = NULL; char \*selector = NULL; char \*host = NULL; @@ -375,7 +374,6 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len) char gtype; StoreEntry \*entry = NULL; - memset(tmpbuf, '\\0', TEMP\_BUF\_SIZE); memset(line, '\\0', TEMP\_BUF\_SIZE); entry = gopherState->entry; @@ -410,7 +408,7 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len) return; } - String outbuf; + SBuf outbuf; if (!gopherState->HTML\_header\_added) { if (gopherState->conversion == GopherStateData::HTML\_CSO\_RESULT) @@ -582,37 +580,34 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len) break; } - memset(tmpbuf, '\\0', TEMP\_BUF\_SIZE); - if ((gtype == GOPHER\_TELNET) || (gtype == GOPHER\_3270)) { if (strlen(escaped\_selector) != 0) - snprintf(tmpbuf, TEMP\_BUF\_SIZE, " %s\\n", - icon\_url, escaped\_selector, rfc1738\_escape\_part(host), - \*port ? ":" : "", port, html\_quote(name)); + outbuf.appendf(" %s\\n", + icon\_url, escaped\_selector, rfc1738\_escape\_part(host), + \*port ? ":" : "", port, html\_quote(name)); else - snprintf(tmpbuf, TEMP\_BUF\_SIZE, " %s\\n", - icon\_url, rfc1738\_escape\_part(host), \*port ? ":" : "", - port, html\_quote(name)); + outbuf.appendf(" %s\\n", + icon\_url, rfc1738\_escape\_part(host), \*port ? ":" : "", + port, html\_quote(name)); } else if (gtype == GOPHER\_INFO) { - snprintf(tmpbuf, TEMP\_BUF\_SIZE, "\\t%s\\n", html\_quote(name)); + outbuf.appendf("\\t%s\\n", html\_quote(name)); } else { if (strncmp(selector, "GET /", 5) == 0) { /\* WWW link \*/ - snprintf(tmpbuf, TEMP\_BUF\_SIZE, " %s\\n", - icon\_url, host, rfc1738\_escape\_unescaped(selector + 5), html\_quote(name)); + outbuf.appendf(" %s\\n", + icon\_url, host, rfc1738\_escape\_unescaped(selector + 5), html\_quote(name)); } else if (gtype == GOPHER\_WWW) { - snprintf(tmpbuf, TEMP\_BUF\_SIZE, " %s\\n", - icon\_url, rfc1738\_escape\_unescaped(selector), html\_quote(name)); + outbuf.appendf(" %s\\n", + icon\_url, rfc1738\_escape\_unescaped(selector), html\_quote(name)); } else { /\* Standard link \*/ - snprintf(tmpbuf, TEMP\_BUF\_SIZE, " %s\\n", - icon\_url, host, gtype, escaped\_selector, html\_quote(name)); + outbuf.appendf(" %s\\n", + icon\_url, host, gtype, escaped\_selector, html\_quote(name)); } } safe\_free(escaped\_selector); - outbuf.append(tmpbuf); } else { memset(line, '\\0', TEMP\_BUF\_SIZE); continue; @@ -645,13 +640,12 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len) break; if (gopherState->cso\_recno != recno) { - snprintf(tmpbuf, TEMP\_BUF\_SIZE, "

**Record# %d  
_%s_**\\n

", recno, html\_quote(result));
+                    outbuf.appendf("

**Record# %d  
_%s_**\\n

", recno, html\_quote(result));
                     gopherState->cso\_recno = recno;
                 } else {
-                    snprintf(tmpbuf, TEMP\_BUF\_SIZE, "%s\\n", html\_quote(result));
+                    outbuf.appendf("%s\\n", html\_quote(result));
                 }
 
-                outbuf.append(tmpbuf);
                 break;
             } else {
                 int code;
@@ -679,8 +673,7 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len)
 
                 case 502: { /\* Too Many Matches \*/
                     /\* Print the message the server returns \*/
-                    snprintf(tmpbuf, TEMP\_BUF\_SIZE, "

**%s**\\n

", html\_quote(result));
-                    outbuf.append(tmpbuf);
+                    outbuf.appendf("

**%s**\\n

", html\_quote(result));
                     break;
                 }
 
@@ -696,13 +689,12 @@ gopherToHTML(GopherStateData \* gopherState, char \*inbuf, int len)
 
     }               /\* while loop \*/
 
-    if (outbuf.size() > 0) {
-        entry->append(outbuf.rawBuf(), outbuf.size());
+    if (outbuf.length() > 0) {
+        entry->append(outbuf.rawContent(), outbuf.length());
         /\* now let start sending stuff to client \*/
         entry->flush();
     }
 
-    outbuf.clean();
     return;
 }

CVE-2021-46784

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

CVE-2022-27937: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

CVE-2022-27931: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

CVE-2022-26656: Pexip security bulletins | Pexip Infinity Docs

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

Tag

#dos