A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User-Agent field.

CVE-2022-24573: Element-IT software products news

A remote code execution (RCE) vulnerability in the Avatar parameter under /admin/?page=user/manage_user of Home Owners Collection Management System v1.0 allows attackers to execute arbitrary code via a crafted PNG file.

**Home Owners Collection Management****Vendor**

![](https://github.com/nu11secur1ty/CVE-nu11secur1ty/raw/main/vendors/oretnom23/2022/Home-Owners-Collection-Management/Docs/Screenshot%202022-02-12%20135214.png)

**Description:**

The system Home Owners Collection Management System 1.0 is vulnerable to RCE The employee or user who requests an administrative or another type of account can upload dangerous RCE code and he can use it to manipulate the system. It depends on the malicious scenarios. This is CRITICAL for the owner of this system! Not correctly sanitizing, of extension for upload the picture, when the user wants to upload and change his profile picture!

Status: CRITICAL

**Reproduce:**

href

**Proof and Exploit:**

href

CVE-2022-25115: CVE-nu11secur1ty/vendors/oretnom23/2022/Home-Owners-Collection-Management at main · nu11secur1ty/CVE-nu11secur1ty

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service.

Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. HP is releasing mitigation for the potential vulnerabilities.

Severity

High

HP Reference

HPSBHF03775 Rev. 1

Release date

February 28, 2022

Last updated

February 28, 2022

Category

PC

Potential Security Impact

Denial of Service

**Relevant Common Vulnerabilities and Exposures (CVE) List**

Reported by Assaf Carlsbad and Itai Liba of SentinelOne

List of CVE IDs    

CVE ID

Base Score

Base Vector

Vendor ID

CVE-2022-23956

8.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

HP

CVE-2022-23953

7.9

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

HP

CVE-2022-23954

7.9

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

HP

CVE-2022-23955

7.9

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

HP

CVE-2022-23957

7.9

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

HP

CVE-2022-23958

7.9

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

HP

Learn more about CVSS 3.1 base metrics, which range from 0 to 10.

PSR-2021-0130

**Resolution**

HP has identified affected platforms and corresponding SoftPaqs with minimum versions that mitigate the potential vulnerabilities. See the affected platforms listed below.

Newer versions may become available, and the minimum versions listed below may become obsolete.  If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model.

HP recommends keeping your system up to date with the latest firmware and software.

Note:

This bulletin might be updated when new information and/or SoftPaqs are available. Sign up for HP Subscriptions to be notified and receive:

*   Product support eAlerts
    
*   Driver updates
    
*   Security Bulletin updates
    

**SoftPaqs and affected products**

Find the SoftPaqs that resolve the vulnerabilities of your system.

SoftPaq Status

*   **Pending**: SoftPaq is in progress.
    
*   **Under investigation**: System under investigation for impact, or the SoftPaq is under investigation for feasibility/availability.
    
*   **Not available**: SoftPaq not available due to technical or logistical constraints.
    
*   **Check Support Page**: The listed SoftPaq has been removed from the download site. SoftPaqs with newer versions may be available on the HP Customer Support - Software and Driver Downloads site.
    

**Affected products**

Identify the affected products by category of PC.

**Business Notebook PCs**

Pending

**Business Desktop PCs**

Pending

**Retail Point-of-Sale Systems**

Pending

**Workstations**

Under Investigation

**Thin Client PCs**

Under Investigation

**Revision history**

This document has been revised according to the information below.

List of versions   

Version

Description

Date

1

Initial Release

February 28, 2022

**Additional information**

Follow these links for additional information.

Third-party security patches

Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.

Support

For issues about implementing the recommendations of this Security Bulletin, visit http://www.hp.com/go/contacthp to learn about your HP support options.

Report

To report a potential security vulnerability with any HP supported product, send email to: hp-security-alert@hp.com.

Subscribe

To initiate a subscription to receive future HP Security Bulletin alerts via email, visit https://h41369.www4.hp.com/alerts-signup.php?lang=en&cc=US&jumpid=hpsc\_profile.

Security bulletin archive

To view released Security Bulletins, visit https://support.hp.com/security-bulletins.

It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.

Download HP’s security-alert PGP key

**Legal information**

System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.

HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Security Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Security Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.

© Copyright 2022 HP Development Company, L.P.

HP Inc. (HP) shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP nor its affiliates, subcontractors or suppliers will be liable for incidental, special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. "HP Inc.," "HP" and the names of HP products referenced herein are trademarks of HP Inc. or its affiliates in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.

CVE-2022-23956: HP PC BIOS February 2022 Security Update

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.

Advisory ID: VMSA-2022-0006

CVSSv3 Range: 6.6

Issue Date: 2022-02-23

Updated On: 2022-02-23 (Initial Advisory)

CVE(s): CVE-2022-22944

Synopsis: VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)

Share this page on social media

Sign up for Security Advisories

****1\. Impacted Products****

*   VMware Workspace ONE Boxer

****2\. Introduction****

A stored cross-site scripting (XSS) vulnerability affecting VMware Workspace ONE Boxer was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

****3a. VMware Workspace ONE Boxer update addresses a stored cross-site scripting (XSS) vulnerability (CVE-2022-22944)****

VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.

Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window.

To remediate CVE-2022-22944 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' below.

VMware would like to thank Eugene Lim for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workspace ONE Boxer

Any

iOS

CVE-2022-22944

6.6

moderate

22.02

None

None

Workspace ONE Boxer

Any

Android

CVE-2022-22944

N/A

N/A

Unaffected

N/A

N/A

****4\. References****

****5\. Change Log****

**2022-02-23: VMSA-2022-0006  
**Initial security advisory.

****6\. Contact****

CVE-2022-22944: VMSA-2022-0006

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 220394.

CVE-2022-22350: IBM X-Force Exchange

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 213076.

**Security Bulletin**

  

**Summary**

There are multiple vulnerabilities in AIX CAA.

**Vulnerability Details**

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.cluster.rte

7.1.5.0

7.1.5.38

bos.cluster.rte

7.2.4.0

7.2.4.4

bos.cluster.rte

7.2.5.0

7.2.5.1

bos.cluster.rte

7.2.5.100

7.2.5.101

bos.cluster.rte

7.3.0.0

7.3.0.0

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.cluster.rte

  

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ37355

SP10

7.2.4

IJ37496

SP06

7.2.5

IJ36682

SP04

7.3.0

IJ36596

SP02

 

VIOS Level

APAR

SP

3.1.1

IJ37496

3.1.1.60

3.1.2

IJ37512

3.1.2.40

3.1.3

IJ36682

3.1.3.20

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ37355s7a.220228.epkg.Z

7.1.5.8

IJ37355s8a.220228.epkg.Z

7.1.5.9

IJ37355s9a.220228.epkg.Z

7.1.5.9

IJ37355s9b.220228.epkg.Z

7.2.4.3

IJ37496s3a.220228.epkg.Z

7.2.4.4

IJ37496s4a.220228.epkg.Z

7.2.4.5

IJ37496s5a.220228.epkg.Z

7.2.5.1

IJ37512s1a.220228.epkg.Z

7.2.5.2

IJ37512s2a.220228.epkg.Z

7.2.5.3

IJ36682s3a.220228.epkg.Z

7.2.5.3

IJ36682s3b.220228.epkg.Z

7.3.0.1

IJ36596s1a.220228.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

NOTE:  Multiple iFixes are provided for AIX 7100-05-09 and 7200-05-03.

IJ37355s9a is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.38.

IJ37355s9b is for AIX 7100-05-09 with bos.cluster.rte fileset level 7.1.5.37.

IJ36682s3a is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.101.

IJ36682s3b is for AIX 7200-05-03 with bos.cluster.rte fileset level 7.2.5.100.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.1.30

IJ37496s3a.220228.epkg.Z

3.1.1.40

IJ37496s4a.220228.epkg.Z

3.1.1.50

IJ37496s5a.220228.epkg.Z

3.1.2.10

IJ37512s1a.220228.epkg.Z

3.1.2.21

IJ37512s2a.220228.epkg.Z

3.1.3.10

IJ36682s3b.220228.epkg.Z

3.1.3.14

IJ36682s3a.220228.epkg.Z

To extract the fixes from the tar file:

tar xvf caa\_fix2.tar

cd caa\_fix2

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

6e45651c382f9915771c9714b994d26a783a8caecb8e3c8b3350d981aee7349b

IJ36596s1a.220228.epkg.Z

88a2f0bcc4b7676eab0db362fd885d360ad3a38104edbe7bed1e4c79a56be30d

IJ36682s3a.220228.epkg.Z

a81847ca47786818db8dce79f4a982c285815f561e2c9e8630840c229a27d381

IJ36682s3b.220228.epkg.Z

b4efa8234dc00c91148c75ec25e1c5fd3cd96ec691131ece6e458e5c33591335

IJ37355s7a.220228.epkg.Z

e141352471d842585e176bfb3ccc27289620b63de96478cca7688f4851841023

IJ37355s8a.220228.epkg.Z

9440584798abfa576e4e90287847f22cc9019281a213f1d289df330e75e77b56

IJ37355s9a.220228.epkg.Z

4d77a4e7fd8cd356deda29d6ff9a5996912ebd22e0898ede34725220d8df2577

IJ37355s9b.220228.epkg.Z

991ac1e17a4dd3b20feb44162b3f04a9dcda8cb2acce398e09c520b5871ccff3

IJ37496s3a.220228.epkg.Z

a0a24034a8a2fc3f2fa4ed8e5b05da045587300708812fe5c796a41b87b8e855

IJ37496s4a.220228.epkg.Z

2f74bee159291cec6944f8b522dbbf086f01b65a30da76595773b5851008c0ba

IJ37496s5a.220228.epkg.Z

95086a37dbf91e218f145c172cf2ca39029dfbecb00f072d4a36887f91536551

IJ37512s1a.220228.epkg.Z

9e2ecbbe30354bdd275679ac9e22ec7ca0dfb8a87cbe73f46767422b90206afd

IJ37512s2a.220228.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

An LPAR system reboot is required to complete the iFix installation, or Live Update may be used on AIX 7.2 and 7.3 to avoid a reboot.

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

01 Mar 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""},{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}}\]

CVE-2021-38996: Security Bulletin: Vulnerabilities in AIX CAA (CVE-2022-22350, CVE-2021-38996)

A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and below, version 6.0.11 and below, version 5.6.13 and below allows attacker to disclose sensitive information via SNI Client Hello TLS packets.

**![](https://fortiguard.com/static/images/icons/psirt.svg?v=5463) PSIRT Advisories**

**FortiOS - Bypassing FortiGate security profiles via SNI in Client Hello**

**Summary**

An exposure of sensitive information to an unauthorized actor vulnerability \[CWE-200\] in FortiOS may allow a privileged attacker to disclose sensitive information via SNI Client Hello TLS packets.

**Affected Products**

Forti​OS version 6.4.3 and below  
Forti​OS version 6.2.5 and below  
Forti​OS version 6.0.11 and below  
 

**Solutions**

Given that there is no systematic way to detect **all** exfiltration attempts and to exhaustively enumerate all possibilities offered by exfiltration channels, Fortinet has addressed the issue by releasing a set of signatures:

1.  Python/SNICat.A!exploit  
    https://www.fortiguard.com/encyclopedia/virus/10069638
    
2.  SNIcat.Data.Exfiltration.Tool  
    https://www.fortiguard.com/encyclopedia/ips/50952
    

**References**

*   https://community.fortinet.com/t5/FortiGate/Technical-Tip-Bypassing-FortiGate-web-filter-profile-by-using/ta-p/200212

CVE-2020-15936: Fortiguard

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands. IBM X-Force ID: 211825.

**Security Bulletin**

  

**Summary**

There is a vulnerability in the AIX audit user commands.

**Vulnerability Details**

**CVEID:**   CVE-2021-38955  
**DESCRIPTION:**   IBM AIX could allow a local user with elevated privileges to cause a denial of service due to a file creation vulnerability in the audit commands.  
CVSS Base score: 4.4  
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/211825 for the current score.  
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

**Affected Products and Versions**

Affected Product(s)

Version(s)

AIX

7.1

AIX

7.2

AIX

7.3

VIOS

3.1

The vulnerabilities in the following filesets are being addressed:

Fileset

Lower Level

Upper Level

bos.rte.security

7.1.5.0

7.1.5.37

bos.rte.security

7.2.4.0

7.2.4.4

bos.rte.security

7.2.5.0

7.2.5.2

bos.rte.security

7.2.5.100

7.2.5.101

bos.rte.security

7.3.0.0

7.3.0.0

To find out whether the affected filesets are installed on your systems, refer to the lslpp command found in AIX user's guide.

Example:  lslpp -L | grep -i bos.rte.security

  

**Remediation/Fixes**

**A. APARS**

IBM has assigned the following APARs to this problem:

AIX Level

APAR

SP

7.1.5

IJ38113

SP10

7.2.4

IJ38115

SP06

7.2.5

IJ38117

SP04

7.3.0

IJ38121

SP02

 

VIOS Level

APAR

SP

3.1.1

IJ38115

3.1.1.60

3.1.2

IJ38119

3.1.2.40

3.1.3

IJ38117

3.1.3.20

Subscribe to the APARs here:

By subscribing, you will receive periodic email alerting you to the status of the APAR, and a link to download the fix once it becomes available.

**B. FIXES**

AIX and VIOS fixes are available.

The AIX and VIOS fixes can be downloaded via ftp or http from:

The link above is to a tar file containing this signed advisory, fix packages, and OpenSSL signatures for each package. The fixes below include prerequisite checking. This will enforce the correct mapping between the fixes and AIX Technology Levels.

AIX Level

Interim Fix

7.1.5.7

IJ38113m9a.220227.epkg.Z

7.1.5.8

IJ38113m9a.220227.epkg.Z

7.1.5.9

IJ38113m9a.220227.epkg.Z

7.2.4.3

IJ38115m5a.220227.epkg.Z

7.2.4.4

IJ38115m5a.220227.epkg.Z

7.2.4.5

IJ38115m5a.220227.epkg.Z

7.2.5.1

IJ38119m2a.220227.epkg.Z

7.2.5.2

IJ38119m2a.220227.epkg.Z

7.2.5.3

IJ38117m3a.220227.epkg.Z

7.3.0.1

IJ38121m1a.220227.epkg.Z

Please note that the above table refers to AIX TL/SP level as opposed to fileset level, i.e., 7.2.5.2 is AIX 7200-05-02.

Please reference the Affected Products and Version section above for help with checking installed fileset levels.

VIOS Level

Interim Fix

3.1.1.30

IJ38115m5a.220227.epkg.Z

3.1.1.40

IJ38115m5a.220227.epkg.Z

3.1.1.50

IJ38115m5a.220227.epkg.Z

3.1.2.10

IJ38119m2a.220227.epkg.Z

3.1.2.21

IJ38119m2a.220227.epkg.Z

3.1.3.10

IJ38117m3a.220227.epkg.Z

3.1.3.14

IJ38117m3a.220227.epkg.Z

To extract the fixes from the tar file:

tar xvf audit\_fix.tar

cd audit\_fix

Verify you have retrieved the fixes intact:

The checksums below were generated using the "openssl dgst -sha256 \[filename\]" command as the following:

openssl dgst -sha256

filename

9c106a0fcc85c04f1cb41b939b3019daa7fb2fa2b826f6ea41bf4b6e415f54ae

IJ38113m9a.220227.epkg.Z

3da452a1fadea25122c899a851907b8df6e0346f016373e22e98a36a7deedaf2

IJ38115m5a.220227.epkg.Z

abcc517295ba08a79f994f1091778c7845729cb96a0ac5530b0777ea23e93050

IJ38117m3a.220227.epkg.Z

851e4b2c602e5e869b36bea8190da813b880f10aae6227f2595ecf06289dd58c

IJ38119m2a.220227.epkg.Z

e61fce4c31be526987ad5842155d71a8912622dde0b76091545ad3a40ea70f78

IJ38121m1a.220227.epkg.Z

These sums should match exactly. The OpenSSL signatures in the tar file and on this advisory can also be used to verify the integrity of the fixes.  If the sums or signatures cannot be confirmed, contact IBM Support at http://ibm.com/support/ and describe the discrepancy.         

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[advisory\_file\].sig \[advisory\_file\]

openssl dgst -sha256 -verify \[pubkey\_file\] -signature \[ifix\_file\].sig \[ifix\_file\]

Published advisory OpenSSL signature file location:

**C. FIX AND INTERIM FIX INSTALLATION**

If possible, it is recommended that a mksysb backup of the system be created. Verify it is both bootable and readable before proceeding.

To preview a fix installation:

installp -a -d fix\_name -p all  # where fix\_name is the name of the

                                            # fix package being previewed.

To install a fix package:

installp -a -d fix\_name -X all  # where fix\_name is the name of the

                                            # fix package being installed.

Interim fixes have had limited functional and regression testing but not the full regression testing that takes place for Service Packs; however, IBM does fully support them.

Interim fix management documentation can be found at:

To preview an interim fix installation:

emgr -e ipkg\_name -p         # where ipkg\_name is the name of the

                                         # interim fix package being previewed.

To install an interim fix package:

emgr -e ipkg\_name -X         # where ipkg\_name is the name of the

                                         # interim fix package being installed.

**Workarounds and Mitigations**

None

**References**

Off

**Change History**

28 Feb 2022: Initial Publication

\*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

**Disclaimer**

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

**Document Location**

Worldwide

\[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"7.1,7.2,7.3","Edition":"","Line of Business":{"code":"LOB08","label":"Cognitive Systems"}},{"Business Unit":{"code":"BU048","label":"Systems w\\/TPS"},"Product":{"code":"SSSMHJ","label":"PowerVM Virtual I\\/O Server"},"Component":"","Platform":\[{"code":"PF002","label":"AIX"}\],"Version":"3.1","Edition":""}\]

CVE-2021-38955: Security Bulletin: Vulnerability in AIX audit commands (CVE-2021-38955)

Audio File commit 004065d was discovered to contain a heap-buffer overflow in the function fouBytesToInt():AudioFile.h.

A heap-buffer-overflow was discovered in function fouBytesToInt():AudioFile.h:1196  
The issue is being triggered in function getIndexOfChunk()

    git clone the Lastest Version firstly.
    mkdir build
    cd build && cmake ..
    g++ -g -fsanitize=address -o valibin a.cpp AudioFile.h
    ./ poc
    

    #include <iostream>
    #define _USE_MATH_DEFINES
    #include <cmath>
    #include "AudioFile.h"
    
    namespace examples
    
    {
    
        void writeSineWaveToAudioFile();
    
        void loadAudioFileAndPrintSummary(char *);
    
        void loadAudioFileAndProcessSamples(char *);
    
    } // namespace examples
    
    int main(int argc, char **argv)
    
    {
            examples::loadAudioFileAndPrintSummary(argv[1]);
            examples::loadAudioFileAndProcessSamples(argv[1]);
    }
    
    
    
    
    
    namespace examples
    
    {
    
        void writeSineWaveToAudioFile()
    
        {
      
    
            AudioFile<float> a;
    
            a.setNumChannels(2);
    
            a.setNumSamplesPerChannel(44100);
    
    
    
            //---------------------------------------------------------------
    
            // 2. Create some variables to help us generate a sine wave
    
    
    
            const float sampleRate = 44100.f;
    
            const float frequencyInHz = 440.f;
    
    
    
            //---------------------------------------------------------------
    
            // 3. Write the samples to the AudioFile sample buffer
    
    
    
            for (int i = 0; i < a.getNumSamplesPerChannel(); i++)
    
            {
    
                for (int channel = 0; channel < a.getNumChannels(); channel++)
    
                {
    
                    a.samples[channel][i] = sin((static_cast<float>(i) / sampleRate) * frequencyInHz * 2.f * M_PI);
    
                }
    
            }
    
    
    
            //---------------------------------------------------------------
    
            // 4. Save the AudioFile
    
    
    
            std::string filePath = "sine-wave.wav"; // change this to somewhere useful for you
    
            a.save("sine-wave.wav", AudioFileFormat::Wave);
    
        }
    
    
    
        //=======================================================================
    
        void loadAudioFileAndPrintSummary(char *file)
    
        {
            const std::string filePath = std::string(file);
    
            AudioFile<float> a;
    
            bool loadedOK = a.load(filePath);
    
    
    
            /** If you hit this assert then the file path above
    
             probably doesn't refer to a valid audio file */
    
            assert(loadedOK);
    
    
    
            //---------------------------------------------------------------
    
            // 3. Let's print out some key details
    
    
    
            std::cout << "Bit Depth: " << a.getBitDepth() << std::endl;
    
            std::cout << "Sample Rate: " << a.getSampleRate() << std::endl;
    
            std::cout << "Num Channels: " << a.getNumChannels() << std::endl;
    
            std::cout << "Length in Seconds: " << a.getLengthInSeconds() << std::endl;
    
            std::cout << std::endl;
    
        }
    
    
    
        //=======================================================================
    
        void loadAudioFileAndProcessSamples(char *file)
    
        {
    
            //---------------------------------------------------------------
    
            std::cout << "**********************" << std::endl;
    
            std::cout << "Running Example: Load Audio File and Process Samples" << std::endl;
    
            std::cout << "**********************" << std::endl
    
                      << std::endl;
    
    
    
            //---------------------------------------------------------------
    
            // 1. Set a file path to an audio file on your machine
    
            const std::string inputFilePath = std::string(file);
    
    
    
            //---------------------------------------------------------------
    
            // 2. Create an AudioFile object and load the audio file
    
    
    
            AudioFile<float> a;
    
            bool loadedOK = a.load(inputFilePath);
    
    
    
            /** If you hit this assert then the file path above
    
             probably doesn't refer to a valid audio file */
    
            assert(loadedOK);
    
    
    
            //---------------------------------------------------------------
    
            // 3. Let's apply a gain to every audio sample
    
    
    
            float gain = 0.5f;
    
    
    
            for (int i = 0; i < a.getNumSamplesPerChannel(); i++)
    
            {
    
                for (int channel = 0; channel < a.getNumChannels(); channel++)
    
                {
    
                    a.samples[channel][i] = a.samples[channel][i] * gain;
    
                }
    
            }
    
    
    
            //---------------------------------------------------------------
    
            // 4. Write audio file to disk
    
    
    
            //std::string outputFilePath = "quieter-audio-filer.wav"; // change this to somewhere useful for you
    
            //a.save(outputFilePath, AudioFileFormat::Aiff);
    
        }
    
    } // namespace examples
    
    

POC file at the bottom of this report.

CVE-2022-25023: [Bug]heap-buffer-overflow in function fouBytesToInt():AudioFile.h:1196 · Issue #58 · adamstark/AudioFile

The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities.

Tag

#ios