Vulnerabilities

Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality.

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error.  Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program.

In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints.  When only a list of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed.  This could permit the application to resolve domain names that were previously restricted.

Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module.

Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function.

Deserialization of Untrusted Data, Improper Input Validation vulnerability in Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK, Apache UIMA Java SDK.This issue affects Apache UIMA Java SDK: before 3.5.0.<br /> <br /> Users are recommended to upgrade to version 3.5.0, which fixes the issue.<br /> <br /> There are several locations in the code where serialized Java objects are deserialized without verifying the data. This affects in particular:<br /> * the deserialization of a Java-serialized CAS, but also other binary CAS formats that include TSI information using the CasIOUtils class;<br /> * the CAS Editor Eclipse plugin which uses the the CasIOUtils class to load data;<br /> * the deserialization of a Java-serialized CAS of the Vinci Analysis Engine service which can receive using Java-serialized CAS objects over network connections;<br /> * the CasAnnotationViewerApplet and the CasTreeViewerApplet;<br /> * the checkpointing feature of the CPE module.<br /> <br /> Note that the UIMA framework by default does not start any remotely accessible services (i.e. Vinci) that would be vulnerable to this issue. A user or developer would need to make an active choice to start such a service. However, users or developers may use the CasIOUtils in their own applications and services to parse serialized CAS data. They are affected by this issue unless they ensure that the data passed to CasIOUtils is not a serialized Java object.<br /> <br /> When using Vinci or using CasIOUtils in own services/applications, the unrestricted deserialization of Java-serialized CAS files may allow arbitrary (remote) code execution.<br /> <br /> As a remedy, it is possible to set up a global or context-specific ObjectInputFilter (cf. https://openjdk.org/jeps/290  and  https://openjdk.org/jeps/415 ) if running UIMA on a Java version that supports it. <br /> <br /> Note that Java 1.8 does not support the ObjectInputFilter, so there is no remedy when running on this out-of-support platform. An upgrade to a recent Java version is strongly recommended if you need to secure an UIMA version that is affected by this issue.<br /> <br /> To mitigate the issue on a Java 9+ platform, you can configure a filter pattern through the "jdk.serialFilter" system property using a semicolon as a separator:<br /> <br /> To allow deserializing Java-serialized binary CASes, add the classes:<br /> * org.apache.uima.cas.impl.CASCompleteSerializer<br /> * org.apache.uima.cas.impl.CASMgrSerializer<br /> * org.apache.uima.cas.impl.CASSerializer<br /> * java.lang.String<br /> <br /> To allow deserializing CPE Checkpoint data, add the following classes (and any custom classes your application uses to store its checkpoints):<br /> * org.apache.uima.collection.impl.cpm.CheckpointData<br /> * org.apache.uima.util.ProcessTrace<br /> * org.apache.uima.util.impl.ProcessTrace_impl<br /> * org.apache.uima.collection.base_cpm.SynchPoint<br /> <br /> Make sure to use "!*" as the final component to the filter pattern to disallow deserialization of any classes not listed in the pattern.<br /> <br /> Apache UIMA 3.5.0 uses tightly scoped ObjectInputFilters when reading Java-serialized data depending on the type of data being expected. Configuring a global filter is not necessary with this version.

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack tools.

Vulnerability of improper permission control in the Booster module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Out-of-bounds vulnerability in the sensor module. Successful exploitation of this vulnerability may cause mistouch prevention errors on users&amp;#39; mobile phones.

Vulnerability of identity verification being bypassed in the face unlock module. Successful exploitation of this vulnerability will affect integrity and confidentiality.