CVE-2022-45796 – SHARP Multifunction Printer - Command Injection
https://notcve.org/view.php?id=CVE-2022-45796
Command injection vulnerability in nw_interface.html in SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 or earlier, 120 or earlier, 600 or earlier, 121 or earlier, 500 or earlier, 402 or earlier, 790 or earlier, and Digital Multifunctional System (Monochrome) 200 or earlier, 211 or earlier, 102 or earlier, 453 or earlier, 400 or earlier, 202 or earlier, 602 or earlier, 500 or earlier, 401 or earlier allows remote attackers to execute arbitrary commands via unspecified vectors. Vulnerabilidad de inyección de comando en nw_interface.html en SHARP multifunction printers (MFPs)'s Digital Full-color Multifunctional System 202 o anterior, 120 o anterior, 600 o anterior, 121 o anterior, 500 o anterior, 402 o anterior, 790 o anterior, y Digital Multifunctional System (Monochrome) 200 o anterior, 211 o anterior, 102 o anterior, 453 o anterior, 400 o anterior, 202 o anterior, 602 o anterior, 500 o anterior, 401 o anterior permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores no especificados. • http://seclists.org/fulldisclosure/2024/Jul/0 https://global.sharp/products/copier/info/info_security_2022-11.html https://jvn.jp/en/vu/JVNVU96195138/index.html https://zuso.ai/advisory/ZA-2022-01.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2022-29256 – Possible vulnerability at 'npm install' time in sharp if an attacker has control over build environment
https://notcve.org/view.php?id=CVE-2022-29256
sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5. sharp es una aplicación para el procesamiento de imágenes en Node.js. • https://github.com/lovell/sharp/commit/a6aeef612be50f5868a77481848b1de674216f0c https://github.com/lovell/sharp/security/advisories/GHSA-gp95-ppv5-3jc5 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2021-20699
https://notcve.org/view.php?id=CVE-2021-20699
Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker a buffer overflow and to execute remote code by sending long parameters that contains specific characters in http request. Sharp NEC Displays ((UN462A R1.300 y anteriores, UN462VA R1.300 y anteriores, UN492S R1.300 y anteriores, UN492VS versiones R1.300 y anteriores, UN552A versiones R1.300 y anteriores, UN552S versiones R1.300 y anteriores, UN552VS versiones R1.300 y anteriores, UN552 versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UN552V versiones R1. 300 y anteriores, UX552S versiones R1.300 y anteriores, UX552 versiones R1.300 y anteriores, V864Q versiones R2.000 y anteriores, C861Q versiones R2.000 y anteriores, P754Q versiones R2.000 y anteriores, V754Q versiones R2.000 y anteriores, C751Q versiones R2.000 y anteriores, V984Q versiones R2.000 y anteriores, C981Q versiones R2.000 y anteriores, P654Q versiones R2. 000 y anteriores, V654Q versiones R2.000 y anteriores, C651Q versiones R2.000 y anteriores, V554Q versiones R2.000 y anteriores, P404 versiones R3.200 y anteriores, P484 versiones R3.200 y anteriores, P554 versiones R3.200 y anteriores, V404 versiones R3.200 y anteriores, V484 versiones R3.200 y anteriores, V554 versiones R3.200 y anteriores, V404-T versiones R3. 200 y anteriores, V484-T versiones R3.200 y anteriores, V554-T versiones R3.200 y anteriores, C501 versiones R2.000 y anteriores, C551 versiones R2.000 y anteriores, C431 versiones R2.000 y anteriores) permite a un atacante un desbordamiento de búfer y ejecutar código remoto mediante el envío de parámetros largos que contienen caracteres específicos en la petición http • https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-20698
https://notcve.org/view.php?id=CVE-2021-20698
Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 R1.300 and prior to it, UN552V R1.300 and prior to it, UX552S R1.300 and prior to it, UX552 R1.300 and prior to it, V864Q R2.000 and prior to it, C861Q R2.000 and prior to it, P754Q R2.000 and prior to it, V754Q R2.000 and prior to it, C751Q R2.000 and prior to it, V984Q R2.000 and prior to it, C981Q R2.000 and prior to it, P654Q R2.000 and prior to it, V654Q R2.000 and prior to it, C651Q R2.000 and prior to it, V554Q R2.000 and prior to it, P404 R3.200 and prior to it, P484 R3.200 and prior to it, P554 R3.200 and prior to it, V404 R3.200 and prior to it, V484 R3.200 and prior to it, V554 R3.200 and prior to it, V404-T R3.200 and prior to it, V484-T R3.200 and prior to it, V554-T R3.200 and prior to it, C501 R2.000 and prior to it, C551 R2.000 and prior to it, C431 R2.000 and prior to it) allows an attacker to obtain root privileges and execute remote code by sending unintended parameters that contain specific characters in http request. Sharp NEC Displays (UN462A versiones R1.300 y anteriores, UN462VA versiones R1.300 y anteriores, UN492S versionesR1.300 y anteriores, UN492VS versiones R1.300 y anteriores, UN552A versiones R1.300 y anteriores, UN552S versiones R1.300 y anteriores, UN552VSversiones R1.300 y anteriores, UN552 versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UN552V versiones R1.300 y anteriores, UX552S versiones R1. 300 y anteriores, UX552 versiones R1.300 y anteriores, V864Q versiones R2.000 y anteriores, C861Q versiones R2.000 y anteriores, P754Q versiones R2.000 y anteriores, V754Q versiones R2.000 y anteriores, C751Q versiones R2.000 y anteriores, V984Q versiones R2.000 y anteriores, C981Q versiones R2.000 y anteriores, P654Q versiones R2.000 y anteriores, V654Q versiones R2. 000 y anteriores, C651Q versiones R2.000 y anteriores, V554Q versiones R2.000 y anteriores, P404 versiones R3.200 y anteriores, P484 versiones R3.200 y anteriores, P554 versiones R3.200 y anteriores, V404 versiones R3.200 y anteriores, V484 versiones R3.200 y anteriores, V554 versiones R3.200 y anteriores, V404-T versiones R3.200 y anteriores, V484-T versiones R3. 200 y anteriores, V554-T versiones R3.200 y anteriores, C501 versiones R2.000 y anteriores, C551 versiones R2.000 y anteriores, C431 versiones R2.000 y anteriores) permite a un atacante obtener privilegios de root y ejecutar código remoto mediante el envío de parámetros no deseados que contengan caracteres específicos en la solicitud http • https://www.sharp-nec-displays.com/global/support/info/A5-1_vulnerability.html •
CVE-2020-5571
https://notcve.org/view.php?id=CVE-2020-5571
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device. La serie SHARP AQUOS (AQUOS SH-M02 AQUOS SH-M02 número de compilación 01.00.05 y anteriores, AQUOS SH-RM02 número de compilación 01.00.04 y anteriores, AQUOS mini SH-M03 número de compilación 01.00.04 y anteriores, AQUOS Keitai número de compilación SH-N01 01.00. 01 y anteriores, AQUOS L2 (UQ mobile/J:COM) número de compilación 01.00.05 y anteriores, AQUOS sense lite SH-M05 número de compilación 03.00.04 y anteriores, AQUOS sense (UQ mobile) número de compilación 03.00.03 y anteriores, AQUOS compact SH-M06 número de compilación 02.00.02 y anteriores, AQUOS sense plus SH-M07 número de compilación 02.00.02 y anteriores, AQUOS sense2 SH-M08 número de compilación 02.00.05 y anteriores, y AQUOS sense2 (UQ mobile) número de compilación 02.00 .06 y anteriores), permiten a un atacante obtener información confidencial del dispositivo por medio de aplicaciones maliciosas instaladas en el dispositivo. • https://jvn.jp/en/jp/JVN93064451/index.html https://k-tai.sharp.co.jp/support/info/info036.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •