VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-202003-0792 CVE-2019-13194 Brother Industries HL-L8360CDW Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Some Brother printers (such as the HL-L8360CDW v1.20) were affected by different information disclosure vulnerabilities that provided sensitive information to an unauthenticated user who visits a specific URL. plural Brother Printers are vulnerable to information leakage.Information may be obtained. Brother Industries HL-L8360CDW is a multi-function printer from Brother Industries, Japan. The vulnerability stems from network system or product configuration errors during operation
VAR-202003-0592 CVE-2019-4719 IBM MQ and IBM MQ Appliance information disclosure vulnerability CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within runmqras data. The product provides a reliable, proven messaging backbone for service-oriented architecture (SOA). IBM MQ Appliance is an all-in-one device for rapid deployment of enterprise-level messaging middleware
VAR-202003-0796 CVE-2019-13198 plural Kyocera Cross-site scripting vulnerabilities in printers CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Stored XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code
VAR-202003-0921 CVE-2019-13171 plural Xerox Out-of-bounds write vulnerabilities in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handling of the register parameters, because the size used within a memcpy() function, which copied the action value into a local variable, was not checked properly. plural Xerox The printer contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
VAR-202003-0797 CVE-2019-13199 Kyocera ECOSYS M5526CDW Cross-Site Request Forgery Vulnerability CVSS V2: 4.3
CVSS V3: 6.5
Severity: MEDIUM
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) did not implement any mechanism to avoid CSRF. Successful exploitation of this vulnerability can lead to the takeover of a local account on the device. plural Kyocera A cross-site request forgery vulnerability exists in the printer.Information may be tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan
VAR-202003-0789 CVE-2019-13395 Voo branded NETGEAR CG3700b cross-site request forgery vulnerability CVSS V2: 6.8
CVSS V3: 8.8
Severity: HIGH
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF against all /goform/ URIs. An attacker can modify all settings including WEP/WPA/WPA2 keys, restore the router to factory settings, or even upload an entire malicious configuration file. NETGEAR CG3700b A cross-site request forgery vulnerability exists in custom firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. NETGEAR CG3700b is a cable modem and router from NETGEAR. The vulnerability stems from the fact that the network system or product does not fully verify the source or authenticity of the data. An attacker can use the forged data to attack
VAR-202003-0795 CVE-2019-13197 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the URI paths of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. Kyocera ECOSYS M5526CDW 2R7_2000.001.701 has a buffer overflow vulnerability in the URI path of the web application
VAR-202003-0804 CVE-2019-13206 plural Kyocera Classic buffer overflow vulnerability in printers CVSS V2: 9.0
CVSS V3: 8.8
Severity: HIGH
Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. The Kyocera ECOSYS M5526CDW 2R7_2000.001.701 version of the web application's ‘Document Boxes’ function has a buffer overflow vulnerability in multiple parameters
VAR-202003-0798 CVE-2019-13200 Kyocera ECOSYS M5526CDW cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
The web application of several Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was affected by Reflected XSS. Successful exploitation of this vulnerability can lead to session hijacking of the administrator in the web application or the execution of unwanted actions. plural Kyocera A cross-site scripting vulnerability exists in the printer.Information may be obtained and tampered with. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. This vulnerability stems from the lack of proper verification of client data by WEB applications. An attacker can use this vulnerability to execute client code
VAR-202003-0787 CVE-2019-13393 NETGEAR CG3700b Authentication vulnerabilities in custom firmware CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same default 8 character passphrase for the administrative console and the WPA2 pre-shared key. Either an attack against HTTP Basic Authentication or an attack against WPA2 could be used to determine this passphrase. NETGEAR CG3700b Custom firmware contains an authentication vulnerability.Information may be obtained. NETGEAR CG3700b is a cable modem and router from NETGEAR. Voo branded NETGEAR CG3700b has an authorization issue vulnerability
VAR-202003-0918 CVE-2019-13168 plural Xerox Classic buffer overflow vulnerability in printers CVSS V2: 10.0
CVSS V3: 9.8
Severity: CRITICAL
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the attributes parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
VAR-202003-0589 CVE-2019-4619 IBM MQ and MQ Appliance Vulnerability regarding information leakage in CVSS V2: 2.1
CVSS V3: 5.5
Severity: MEDIUM
IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD could allow a local attacker to obtain sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 168862. Vendor exploits this vulnerability IBM X-Force ID: 168862 It is published as.Information may be obtained
VAR-202003-0916 CVE-2019-13166 plural Xerox Inadequate protection of credentials in printer vulnerabilities CVSS V2: 5.0
CVSS V3: 7.5
Severity: HIGH
Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not implement account lockout. Local account credentials may be extracted from the device via brute force guessing attacks. plural Xerox Printers are vulnerable to inadequate protection of credentials.Information may be obtained. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality
VAR-202003-0889 CVE-2019-18578 Dell EMC XtremIO XMS Cross-site scripting vulnerability in CVSS V2: 6.0
CVSS V3: 9.0
Severity: CRITICAL
Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HTML or JavaScript code in application fields. When victim users access the injected page through their browsers, the malicious code may be executed by the web browser in the context of the vulnerable web application. (DoS) It may be put into a state. Dell EMC XtremIO XMS is a set of XtremIO (enterprise storage platform) management software of Dell (Dell)
VAR-202003-0888 CVE-2019-18577 Dell EMC XtremIO XMS Vulnerability in improper permission assignment for critical resources in CVSS V2: 7.2
CVSS V3: 6.7
Severity: MEDIUM
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an incorrect permission assignment vulnerability. A malicious local user with XtremIO xinstall privileges may exploit this vulnerability to gain root access. (DoS) It may be put into a state. Dell EMC XtremIO XMS is a set of XtremIO (enterprise storage platform) management software of Dell (Dell)
VAR-202003-0887 CVE-2019-18576 Dell EMC XtremIO XMS Vulnerability regarding information leakage from log files in CVSS V2: 2.1
CVSS V3: 6.7
Severity: MEDIUM
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. Dell EMC XtremIO XMS Exists in a vulnerability related to information leakage from log files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dell EMC XtremIO XMS is the US Dell ( Dell ) set of company XtremIO (Enterprise storage platform) management software. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
VAR-202003-0584 CVE-2019-3770 Dell Wyse Management Suite Cross-site scripting vulnerability in CVSS V2: 3.5
CVSS V3: 6.4
Severity: MEDIUM
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability when unregistering a device. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
VAR-202003-0583 CVE-2019-3769 Dell Wyse Management Suite Cross-site scripting vulnerability in CVSS V2: 3.5
CVSS V3: 6.4
Severity: MEDIUM
Dell Wyse Management Suite versions prior to 1.4.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious payload in the device heartbeat request. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
VAR-202003-1583 CVE-2020-6812 Debian Security Advisory 4639-1 CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. An information disclosure issue has been found in Firefox prior to 74. For the oldstable distribution (stretch), these problems have been fixed in version 68.6.0esr-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 68.6.0esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5pOM4ACgkQEMKTtsN8 TjYgNRAAjqHD8ZWHZPCnBeZ0AjJ5vtvMJzRLMEtcWQ3qDq9vhXvcdDD4bJ7Mc85n Ma6+4J1/l4Q0G3c/QKCDaGf26RZqvo76Ql1E5ct7M3C82kpDdEHaAW/UWF+v2XhR 89M0SLecr6C8SVlMxHB0kV15N/L9sekOOQgFHK3hDO8eArPNgmwQqjOtLDS9A+1U FGiDMN6OyKMKx+ItAU4TaCVs3EEbxcBvLKcJ7zvxX/FY9AYR1NOmHlKUKRgCnlzV yd4LEyEwDLzAjuGI77K8sGa7Zq73ttWj4tBl+NgiWEoIoUGEfn3l0grR/VeCI8Hk 6GYYrRd9ChOhnPqZHMxaLEuaLBvnj85qUQwR0xBb+fsarJwum84jNKznbt/2my/r zutYM9K6lL8DdKopKbwARWOlAR5hhw++5d6cKxNVgVBmR9FbdkZDoHnlqyRTZCtw MbNHT5KNZzcVXuu5H7HrgIQ+cMdBHphoIG4ZPUCJeESu4YK6vSr1S3BCEBI+4243 i3Hy7A09a7j7Th13ZnQ02Y4Rwc6nF0MjuhaYWT20ysM8RF+pntIuRHL5kF5MtCJ6 1QqzHU7PfQ/yNFZbaabazzUPgO34KkWiMRt42XZZBztPeNoNe7ql6Qp/rIXgtZWs ZT8Fa4jKGviVEZFxWKwt0/U1UKPAAB+4b93MC+qfY/5BLbtWD1o= =tfz5 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:0816-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0816 Issue date: 2020-03-16 CVE Names: CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1812199 - CVE-2020-6805 Mozilla: Use-after-free when removing data about origins 1812200 - CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion 1812201 - CVE-2020-6807 Mozilla: Use-after-free in cubeb during stream destruction 1812202 - CVE-2020-6811 Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection 1812203 - CVE-2019-20503 Mozilla: Out of bounds reads in sctp_load_addresses_from_init 1812204 - CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission 1812205 - CVE-2020-6814 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm ppc64: firefox-68.6.0-1.el6_10.ppc64.rpm firefox-debuginfo-68.6.0-1.el6_10.ppc64.rpm s390x: firefox-68.6.0-1.el6_10.s390x.rpm firefox-debuginfo-68.6.0-1.el6_10.s390x.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20503 https://access.redhat.com/security/cve/CVE-2020-6805 https://access.redhat.com/security/cve/CVE-2020-6806 https://access.redhat.com/security/cve/CVE-2020-6807 https://access.redhat.com/security/cve/CVE-2020-6811 https://access.redhat.com/security/cve/CVE-2020-6812 https://access.redhat.com/security/cve/CVE-2020-6814 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXm9LGtzjgjWX9erEAQgnMxAAjP5+D/J2CdW/5qP/DkFY840VQzO19ZnK 91SNP1WIbKnN4xemphuc6nDG5dGXUawr1CYYthOg2VGTakPiGlfKzwDMuWwNaCVO yHZlybSZhnRa6BErvOkHn+pBHV9G8nR8C2Vi9fOaXmiJRbm8AcMs76gPWO/9Eory f1GrEx+8GEPSUPFEhpZOvdExR16fJbHuUpfFkUo23VVj28evL+nOccAibRmnYT0P RxXzXSm4MPuHoMBUJeIeBrYk5xlo/1sZITq0I40FLpejUWZoun76IPTIc371xtE/ tV6BN3Zrd5hDTXh9Df9wYGSDvwB1g2G1UEbG7FdRmeitC7NhoXLDSDyrOR75PbJe YvDgjT75UeJvfu2RykzKvy2Ygqguc6Tsz/upO0vSWIUf7VXk3d/o+HEYn1T8YENU 9t97UOIkLFS49lGXyOilXrsYKQUmh/b1lJWfrs5T/AYjCPziiY0n70px4TX5Zzsd 5ERjQZUC/Sd8CNFXYybIpOKVkUGRFt+VDyRmJYd05g43Wflm01DpRVcZiXLjCwHQ 6zGss1xvIBkCeqds/BSX4AHzU2T0kcMQhSyzOsmggF0gArm2lcrXt52TZB1e9vQC yGTam7ecr0QeSQWMyuPbSBhs9xAzONH9AwVJQOEadKpLw35VB/Y7/XyQm3JQHr2v 0ITEstr9Sac=GeLY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 8.0) - ppc64le, x86_64 3. Description: Mozilla Thunderbird is a standalone mail and newsgroup client. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: March 12, 2020 Bugs: #702638, #705000, #709346, #712182 ID: 202003-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 68.6.0 >= 68.6.0 2 www-client/firefox-bin < 68.6.0 >= 68.6.0 ------------------------------------------------------------------- 2 affected packages Description =========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker may be able to perform Man-in-the-Middle attacks, obtain sensitive information, spoof the address bar, conduct clickjacking attacks, bypass security restrictions and protection mechanisms, or have other unspecified impact. Workaround ========== There is no known workaround at this time. Resolution ========== All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-68.6.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-68.6.0" References ========== [ 1 ] CVE-2019-11745 https://nvd.nist.gov/vuln/detail/CVE-2019-11745 [ 2 ] CVE-2019-17005 https://nvd.nist.gov/vuln/detail/CVE-2019-17005 [ 3 ] CVE-2019-17008 https://nvd.nist.gov/vuln/detail/CVE-2019-17008 [ 4 ] CVE-2019-17010 https://nvd.nist.gov/vuln/detail/CVE-2019-17010 [ 5 ] CVE-2019-17011 https://nvd.nist.gov/vuln/detail/CVE-2019-17011 [ 6 ] CVE-2019-17012 https://nvd.nist.gov/vuln/detail/CVE-2019-17012 [ 7 ] CVE-2019-17016 https://nvd.nist.gov/vuln/detail/CVE-2019-17016 [ 8 ] CVE-2019-17017 https://nvd.nist.gov/vuln/detail/CVE-2019-17017 [ 9 ] CVE-2019-17022 https://nvd.nist.gov/vuln/detail/CVE-2019-17022 [ 10 ] CVE-2019-17024 https://nvd.nist.gov/vuln/detail/CVE-2019-17024 [ 11 ] CVE-2019-17026 https://nvd.nist.gov/vuln/detail/CVE-2019-17026 [ 12 ] CVE-2019-20503 https://nvd.nist.gov/vuln/detail/CVE-2019-20503 [ 13 ] CVE-2020-6796 https://nvd.nist.gov/vuln/detail/CVE-2020-6796 [ 14 ] CVE-2020-6797 https://nvd.nist.gov/vuln/detail/CVE-2020-6797 [ 15 ] CVE-2020-6798 https://nvd.nist.gov/vuln/detail/CVE-2020-6798 [ 16 ] CVE-2020-6799 https://nvd.nist.gov/vuln/detail/CVE-2020-6799 [ 17 ] CVE-2020-6800 https://nvd.nist.gov/vuln/detail/CVE-2020-6800 [ 18 ] CVE-2020-6805 https://nvd.nist.gov/vuln/detail/CVE-2020-6805 [ 19 ] CVE-2020-6806 https://nvd.nist.gov/vuln/detail/CVE-2020-6806 [ 20 ] CVE-2020-6807 https://nvd.nist.gov/vuln/detail/CVE-2020-6807 [ 21 ] CVE-2020-6811 https://nvd.nist.gov/vuln/detail/CVE-2020-6811 [ 22 ] CVE-2020-6812 https://nvd.nist.gov/vuln/detail/CVE-2020-6812 [ 23 ] CVE-2020-6814 https://nvd.nist.gov/vuln/detail/CVE-2020-6814 [ 24 ] MFSA-2019-37 https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/ [ 25 ] MFSA-2020-03 https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/ [ 26 ] MFSA-2020-06 https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ [ 27 ] MFSA-2020-09 https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/ Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202003-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . 8.0) - aarch64, ppc64le, s390x, x86_64 3
VAR-202003-1771 CVE-2019-14887 Red Hat Wildfly encryption problem vulnerability CVSS V2: 6.4
CVSS V3: 9.1
Severity: CRITICAL
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable. Red Hat Wildfly is a lightweight open source application server based on JavaEE from American Red Hat (Red Hat) company. The vulnerability stems from the program's failure to implement the'enabled-protocols' setting configured by Wildfly. Attackers can use this vulnerability to obtain information spread on the network. Description: Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.3.1 Security update Advisory ID: RHSA-2020:2511-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2020:2511 Issue date: 2020-06-10 CVE Names: CVE-2018-14371 CVE-2019-0205 CVE-2019-0210 CVE-2019-10172 CVE-2019-12423 CVE-2019-14887 CVE-2019-17573 CVE-2020-1695 CVE-2020-1729 CVE-2020-1745 CVE-2020-1757 CVE-2020-6950 CVE-2020-7226 CVE-2020-8840 CVE-2020-9546 CVE-2020-9547 CVE-2020-9548 CVE-2020-10688 CVE-2020-10719 ==================================================================== 1. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. See the Red Hat JBoss Enterprise Application Platform 7.3.1 Release Notes for information about the most significant bug fixes and enhancements included in this release. Security Fix(es): * cxf: reflected XSS in the services listing page (CVE-2019-17573) * cxf-core: cxf: OpenId Connect token service does not properly validate the clientId (CVE-2019-12423) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * undertow: servletPath in normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757) * jackson-databind: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172) * resteasy-jaxrs: resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695) * cryptacular: excessive memory allocation during a decode operation (CVE-2020-7226) * smallrye-config: SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader (CVE-2020-1729) * resteasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack (CVE-2020-10688) * jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840) * undertow: invalid HTTP request with large chunk size (CVE-2020-10719) * jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546) * jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547) * jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548) * undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745) * libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205) * libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210) * wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) * jsf-impl: Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 (CVE-2020-6950) * jsf-impl: mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter (CVE-2018-14371) For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section. 4. Solution: Before applying this update, ensure all previously released errata relevant to your system have been applied. For details about how to apply this update, see: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1607709 - CVE-2018-14371 mojarra: Path traversal in ResourceManager.java:getLocalePrefix() via the loc parameter 1715075 - CVE-2019-10172 jackson-mapper-asl: XML external entity similar to CVE-2016-3720 1730462 - CVE-2020-1695 resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class 1752770 - CVE-2020-1757 undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass 1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol 1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data 1772008 - CVE-2019-14887 wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use 1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId 1797011 - CVE-2019-17573 cxf: reflected XSS in the services listing page 1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation 1802444 - CVE-2020-1729 SmallRye: SecuritySupport class is incorrectly public and contains a static method to access the current threads context class loader 1805006 - CVE-2020-6950 Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371 1807305 - CVE-2020-1745 undertow: AJP File Read/Inclusion Vulnerability 1814974 - CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack 1816330 - CVE-2020-8840 jackson-databind: Lacks certain xbean-reflect/JNDI blocking 1816332 - CVE-2020-9546 jackson-databind: Serialization gadgets in shaded-hikari-config 1816337 - CVE-2020-9547 jackson-databind: Serialization gadgets in ibatis-sqlmap 1816340 - CVE-2020-9548 jackson-databind: Serialization gadgets in anteros-core 1828459 - CVE-2020-10719 undertow: invalid HTTP request with large chunk size 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-16114 - (7.3.z) Upgrade jboss-vfs to 3.2.15.Final JBEAP-18060 - [GSS](7.3.z) Upgrade weld from 3.1.2.Final-redhat-00001 to 3.1.4.Final-redhat-00001 JBEAP-18163 - (7.3.z) Upgrade HAL from 3.2.3.Final-redhat-00001 to 3.2.8.Final-redhat-00001 JBEAP-18221 - (7.3.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-00010 to 2.5.5.SP12-redhat-00012 JBEAP-18240 - (7.3.z) Update the Chinese translations in WildFly Core JBEAP-18241 - (7.3.z) Update the Japanese translations in WildFly Core JBEAP-18273 - (7.3.z) Upgrade IronJacamar from 1.4.19.Final to 1.4.20.Final JBEAP-18277 - [GSS](7.3.z) Upgrade JBoss JSF API from 3.0.0.SP01-redhat-00001 to 3.0.0.SP02-redhat-00001 JBEAP-18288 - [GSS](7.3.z) Upgrade FasterXML from 2.10.0 to 2.10.3 JBEAP-18294 - (7.3.z) Upgrade JAXB from 2.3.1 to 2.3.3-b02 and com.sun.istack from 3.0.7 to 3.0.10 JBEAP-18302 - [GSS](7.3.z) Upgrade wildfly-http-client from 1.0.18 to 1.0.20 JBEAP-18315 - [GSS](7.3.z) Upgrade Artemis from 2.9.0.redhat-00005 to 2.9.0.redhat-00010 JBEAP-18346 - [GSS](7.3.z) Upgrade jakarta.el from 3.0.2.redhat-00001 to 3.0.3.redhat-00002 JBEAP-18352 - [GSS](7.3.z) Upgrade JBoss Remoting from 5.0.16.Final-redhat-00001 to 5.0.18.Final-redhat-00001 JBEAP-18361 - [GSS](7.3.z) Upgrade Woodstox from 5.0.3 to 6.0.3 JBEAP-18367 - [GSS](7.3.z) Upgrade Hibernate ORM from 5.3.15 to 5.3.16 JBEAP-18393 - [GSS](7.3.z) Update $JBOSS_HOME/docs/schema to show https schema URL instead of http JBEAP-18397 - Tracker bug for the EAP 7.3.1 release for RHEL-6 JBEAP-18409 - [GSS](7.3.z) Upgrade Infinispan from 9.4.16.Final-redhat-00002 to 9.4.18.Final-redhat-00001 JBEAP-18527 - (7.3.z) Upgrade WildFly Naming Client from 1.0.10.Final to 1.0.12.Final JBEAP-18528 - (7.3.z) Upgrade jboss-ejb-client from 4.0.27.Final to 4.0.31.Final-redhat-00001 JBEAP-18596 - [GSS](7.3.z) Upgrade JBoss Modules from 1.9.1 to 1.10.0 JBEAP-18598 - [GSS](7.3.z) Upgrade Bouncycastle from 1.60.0-redhat-00001 to 1.60.0-redhat-00002 JBEAP-18640 - [Runtimes] (7.3.x) Upgrade slf4j-jboss-logmanager from 1.0.3.GA.redhat-2 to 1.0.4.GA.redhat-00001 JBEAP-18653 - (7.3.z) Upgrade Apache CXF from 3.3.4.redhat-00001 to 3.3.5.redhat-00001 JBEAP-18706 - (7.3.z) Upgrade elytron-web from 1.6.0.Final to 1.6.1.Final JBEAP-18770 - Upgrade Jandex to 2.1.2.Final-redhat-00001 JBEAP-18775 - (7.3.z) Upgrade WildFly Core to 10.1.4.Final-redhat-00001 JBEAP-18788 - (7.3.x) Upgrade wss4j from 2.2.4.redhat-00001 to 2.2.5.redhat-00001 JBEAP-18790 - (7.3.z) Upgrade cryptacular from 1.2.0.redhat-1 to 1.2.4.redhat-00001 JBEAP-18818 - (7.3.z) Upgrade PicketBox from 5.0.3.Final-redhat-00005 to 5.0.3.Final-redhat-00006 JBEAP-18836 - [GSS](7.3.z) Upgrade Remoting JMX from 3.0.3 to 3.0.4 JBEAP-18850 - (7.3.z) Upgrade smallrye-config from 1.4.1 to 1.6.2 JBEAP-18870 - Upgrade WildFly Common to 1.5.2.Final.redhat-00002 JBEAP-18875 - Upgrade MicroProfile Metrics API to 2.3 and smallrye-metrics to 2.4.0 JBEAP-18876 - Upgrade Smallrye Health to 2.2.0 and MP Health API to 2.2 JBEAP-18877 - (7.3.z) Upgrade Jaeger client to 0.34.3 JBEAP-18878 - Upgrade Smallrye Opentracing to 1.3.4 and MP Opentracing to 1.3.3 JBEAP-18879 - (7.3.z) Upgrade MicroProfile Config 1.4 JBEAP-18929 - (7.3.z) Upgrade WildFly Elytron from 1.10.5.Final-redhat-00001 to 1.10.6.Final JBEAP-18990 - (7.3.z) Upgrade jasypt from 1.9.2 to 1.9.3-redhat-00001 JBEAP-18991 - (7.3.z) Upgrade opensaml from 3.3.0.redhat-1 to 3.3.1-redhat-00002 JBEAP-19035 - In Building Custom Layers, update pom.xml content for 7.3.1 JBEAP-19054 - Upgrade MP REST Client to 1.4.0.redhat-00004 JBEAP-19066 - Upgrade snakeyaml from 1.18.0.redhat-2 to 1.24.0.redhat-00001 JBEAP-19117 - [GSS](7.3.z) Upgrade org.jboss.genericjms from 2.0.2.Final-redhat-00001 to 2.0.4.Final-redhat-00001 JBEAP-19133 - [GSS](7.3.z) Upgrade JSF based on Mojarra 2.3.9.SP08-redhat-00001 to 2.3.9.SP09-redhat-00001 JBEAP-19156 - (7.3.z) Upgrade RESTEasy from 3.11.1.Final.redhat-00001 to 3.11.2.Final.redhat-00001 JBEAP-19181 - (7.3.z) Upgrade WildFly Core to 10.1.5.Final-redhat-00001 JBEAP-19192 - (7.3.z) Update the Japanese translations JBEAP-19232 - (7.3.z) Upgrade WildFly Core from 10.1.5.Final-redhat-00001 to 10.1.7.Final-redhat-00001 JBEAP-19281 - (7.3.z) Upgrade undertow from 2.0.30.SP2-redhat-00001 to 2.0.30.SP3-redhat-00001 JBEAP-19456 - Upgrade wildfly-transaction-client to 1.1.11.Final 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2018-14371 https://access.redhat.com/security/cve/CVE-2019-0205 https://access.redhat.com/security/cve/CVE-2019-0210 https://access.redhat.com/security/cve/CVE-2019-10172 https://access.redhat.com/security/cve/CVE-2019-12423 https://access.redhat.com/security/cve/CVE-2019-14887 https://access.redhat.com/security/cve/CVE-2019-17573 https://access.redhat.com/security/cve/CVE-2020-1695 https://access.redhat.com/security/cve/CVE-2020-1729 https://access.redhat.com/security/cve/CVE-2020-1745 https://access.redhat.com/security/cve/CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-6950 https://access.redhat.com/security/cve/CVE-2020-7226 https://access.redhat.com/security/cve/CVE-2020-8840 https://access.redhat.com/security/cve/CVE-2020-9546 https://access.redhat.com/security/cve/CVE-2020-9547 https://access.redhat.com/security/cve/CVE-2020-9548 https://access.redhat.com/security/cve/CVE-2020-10688 https://access.redhat.com/security/cve/CVE-2020-10719 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/ https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/ 9. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXuEwDdzjgjWX9erEAQj5vA//da7dJ0mPXDfnjDddloLp4GhZFSzpMf+8 XOA1pa8mFiDSXeJd4LoO3jDTPQnOsvnLX/4WoMFK227o+mKMWo74ArjeEg9EosT3 YaqI77IMexUuVjBHnvKygiB8ZYCXLS3PXiC/Ods5I5Xt07uxvsu9bl328RSX2TQR fhD/EAbc8vopMD10off7iXSgNh320EW/2GJKhJDoXhdvkZyifc5gu9/SaDq1JH1Q ol8FyVhdJCiDu1cqw/LBMT1J8BSJuJI+y9b7eqyQ4oZOIhpJ5BsMgcJmmLMjgnBA X1b1CtCJy9KbhNgLIqC+og37Bce2MDfAames/HC6wyZyryeChzhVYxhOw25YUk+W hBTOfQN273TIEp/Nom/SNYKrG2D9a3ki+7AeGOHRDQbfhBXeogYHftIT+h7sErAe EfkGoAE+pGeQiNXLDkSx6eZodxednpK4S8LoysUpkCAyl1Zfd2TjbVGyZNIcOEtO kCNtJ0giM7ZccXLnA+aC/X6M0c27pd8sl2eIgkBaLymEoEYW+BgdxSE5HD5hhC/p P6WT3nq8R5k0xmRXGXOEK2ireHIjQAfhADmv50YJv4wkbfbXADl1AImiLprgnrGI y2sYyVzXGC4APQZJCgUG61wZkRp8QDtnjAdfJujSzuxg3KpE/x1MQJqlnibKflUN uvhlMQF+ipU=W6+1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect