VARIoT IoT vulnerabilities database
| VAR-202001-1622 | CVE-2020-5221 | uftpd path traversal vulnerability |
CVSS V2: 6.4 CVSS V3: 7.2 Severity: HIGH |
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11. uftpd Contains a path traversal vulnerability.The information may be obtained and the information may be altered. uftpd is a FTP / TFTP file transfer server based on Linux platform.
Path traversal vulnerability exists in uftpd before version 2.11
| VAR-202002-0601 | CVE-2020-1842 | plural Huawei Product authentication vulnerabilities |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version 1.0.0.71(SP1); and OSCA-550AX and OSCA-550X version 1.0.0.71(SP2) have an insufficient authentication vulnerability. An attacker can access the device physically and perform specific operations to exploit this vulnerability. Successful exploitation may cause the attacker obtain high privilege. plural Huawei The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
| VAR-202002-0602 | CVE-2020-1843 | plural Huawei Product input verification vulnerabilities |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), OSCA-550A version 1.0.0.71(SP1), OSCA-550AX version 1.0.0.71(SP2), and OSCA-550X version 1.0.0.71(SP2) have an insufficient verification vulnerability. An attacker can perform specific operations to exploit this vulnerability by physical access methods. Successful exploitation may cause the attacker perform an illegal operation. plural Huawei The product contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. OSCA-550AX is a 55-inch smart screen launched by Huawei's glory brand. OSCA-550A is the first 55-inch terminal smart screen using Huawei Hongmeng operating system launched by Honor.
There are security holes in many Huawei products
| VAR-202001-1427 | CVE-2018-16270 | Samsung Galaxy Gear Series permission vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path
| VAR-202001-1429 | CVE-2018-16272 | Samsung Galaxy Gear Series permission vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2
| VAR-202001-1426 | CVE-2018-16269 | Samsung Galaxy Gear Vulnerability related to information disclosure in the series |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2
| VAR-202009-1109 | CVE-2020-3130 | Cisco Unity Connection Input confirmation vulnerability |
CVSS V2: 5.5 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system. Cisco Unity Connection Is vulnerable to input validation.Information is tampered with and denial of service (DoS) It may be put into a state. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can utilize voice commands to make calls or listen to messages hands-free. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
| VAR-202009-1112 | CVE-2020-3137 | Cisco Email Security Appliance Cross-site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. AsyncOS Software is a set of operating systems running on it. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
| VAR-202009-1111 | CVE-2020-3135 | Cisco Unified Communications Manager Cross Site Request Forgery Vulnerability |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. Cisco Unified Communications Manager (CUCM, Unified CM, CallManager) is a call processing component in a unified communication system of Cisco (Cisco). This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user
| VAR-202009-1108 | CVE-2020-3124 | Cisco Hosted Collaboration Mediation Fulfillment Cross Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user
| VAR-202001-1428 | CVE-2018-16271 | Samsung Galaxy Gear Series permission vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. An arbitrary email can also be sent from the mailbox via the paired smartphone. This affects Tizen-based firmwares including Samsung Galaxy Gear series before build RE2. A remote attacker could use this vulnerability to submit a special application request and unauthorized operation of the user's mailbox
| VAR-202009-0487 | CVE-2019-16000 | Windows for Cisco Umbrella Roaming Client Vulnerability for inadequate validation of data reliability in |
CVSS V2: 2.1 CVSS V3: 4.4 Severity: MEDIUM |
A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications. Windows for Cisco Umbrella Roaming Client Exists in an inadequate validation of data reliability vulnerabilities.Information may be tampered with
| VAR-202002-0573 | CVE-2020-1790 | GaussDB 200 Injection vulnerabilities in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. GaussDB 200 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Huawei GaussDB 200 is a distributed parallel relational database system developed by China Huawei (Huawei) based on the open source database Postgres-XC
| VAR-202001-1422 | CVE-2018-16265 | Tizen and Samsung Galaxy Gear Series permission vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
The bt/bt_core system service in Tizen allows an unprivileged process to create a system user interface and control the Bluetooth pairing process, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2
| VAR-202001-1421 | CVE-2018-16264 | Tizen and Samsung Galaxy Gear Vulnerability related to information disclosure in the series |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2
| VAR-202001-0521 | CVE-2019-19344 | samba Vulnerabilities in use of freed memory |
CVSS V2: 4.0 CVSS V3: 6.5 Severity: MEDIUM |
There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer. samba Contains a vulnerability involving the use of freed memory.Denial of service (DoS) May be in a state. ==========================================================================
Ubuntu Security Notice USN-4244-1
January 21, 2020
samba vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.10
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Samba.
Software Description:
- samba: SMB/CIFS file, print, and login server for Unix
Details:
It was discovered that Samba did not automatically replicate ACLs set to
inherit down a subtree on AD Directory, contrary to expectations. This
issue was only addressed in Ubuntu 18.04 LTS, Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-14902)
Robert Święcki discovered that Samba incorrectly handled certain character
conversions when the log level is set to 3 or above. (CVE-2019-14907)
Christian Naumer discovered that Samba incorrectly handled DNS zone
scavenging. This issue could possibly result in some incorrect data being
written to the DB. This issue only applied to Ubuntu 19.04 and Ubuntu
19.10. (CVE-2019-19344)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.10:
samba 2:4.10.7+dfsg-0ubuntu2.4
Ubuntu 19.04:
samba 2:4.10.0+dfsg-0ubuntu2.8
Ubuntu 18.04 LTS:
samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.15
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.25
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4244-1
CVE-2019-14902, CVE-2019-14907, CVE-2019-19344
Package Information:
https://launchpad.net/ubuntu/+source/samba/2:4.10.7+dfsg-0ubuntu2.4
https://launchpad.net/ubuntu/+source/samba/2:4.10.0+dfsg-0ubuntu2.8
https://launchpad.net/ubuntu/+source/samba/2:4.7.6+dfsg~ubuntu-0ubuntu2.15
https://launchpad.net/ubuntu/+source/samba/2:4.3.11+dfsg-0ubuntu0.16.04.25
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202003-52
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Samba: Multiple vulnerabilities
Date: March 25, 2020
Bugs: #664316, #672140, #686036, #693558, #702928, #706144
ID: 202003-52
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Samba, the worst of which
could lead to remote code execution.
Background
==========
Samba is a suite of SMB and CIFS client/server programs.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-fs/samba < 4.11.6 *>= 4.9.18
*>= 4.10.13
*>= 4.11.6
Description
===========
Multiple vulnerabilities have been discovered in Samba. Please review
the CVE identifiers referenced below for details.
Impact
======
A remote attacker could possibly execute arbitrary code, cause a Denial
of Service condition, conduct a man-in-the-middle attack, or obtain
sensitive information.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Samba 4.9.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.9.18"
All Samba 4.10.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.10.13"
All Samba 4.11.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-4.11.6"
References
==========
[ 1 ] CVE-2018-10858
https://nvd.nist.gov/vuln/detail/CVE-2018-10858
[ 2 ] CVE-2018-10918
https://nvd.nist.gov/vuln/detail/CVE-2018-10918
[ 3 ] CVE-2018-10919
https://nvd.nist.gov/vuln/detail/CVE-2018-10919
[ 4 ] CVE-2018-1139
https://nvd.nist.gov/vuln/detail/CVE-2018-1139
[ 5 ] CVE-2018-1140
https://nvd.nist.gov/vuln/detail/CVE-2018-1140
[ 6 ] CVE-2018-14629
https://nvd.nist.gov/vuln/detail/CVE-2018-14629
[ 7 ] CVE-2018-16841
https://nvd.nist.gov/vuln/detail/CVE-2018-16841
[ 8 ] CVE-2018-16851
https://nvd.nist.gov/vuln/detail/CVE-2018-16851
[ 9 ] CVE-2018-16852
https://nvd.nist.gov/vuln/detail/CVE-2018-16852
[ 10 ] CVE-2018-16853
https://nvd.nist.gov/vuln/detail/CVE-2018-16853
[ 11 ] CVE-2018-16857
https://nvd.nist.gov/vuln/detail/CVE-2018-16857
[ 12 ] CVE-2018-16860
https://nvd.nist.gov/vuln/detail/CVE-2018-16860
[ 13 ] CVE-2019-10197
https://nvd.nist.gov/vuln/detail/CVE-2019-10197
[ 14 ] CVE-2019-14861
https://nvd.nist.gov/vuln/detail/CVE-2019-14861
[ 15 ] CVE-2019-14870
https://nvd.nist.gov/vuln/detail/CVE-2019-14870
[ 16 ] CVE-2019-14902
https://nvd.nist.gov/vuln/detail/CVE-2019-14902
[ 17 ] CVE-2019-14907
https://nvd.nist.gov/vuln/detail/CVE-2019-14907
[ 18 ] CVE-2019-19344
https://nvd.nist.gov/vuln/detail/CVE-2019-19344
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202003-52
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202001-1987 | No CVE | ZTE ZXR10 1800-2S router has arbitrary file reading vulnerability (CNVD-2020-01283) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE ZXR10 1800-2S router is a multi-service intelligent router produced by ZTE Corporation.
The ZTE ZXR10 1800-2S router has an arbitrary file reading vulnerability. An attacker can use this vulnerability to access arbitrary files by sending a malicious request.
| VAR-202001-1988 | No CVE | ZTE ZXR10 1800-2S Router Has Denial of Service Vulnerability (CNVD-2020-01289) |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
ZTE ZXR10 1800-2S router is a multi-service intelligent router produced by ZTE Corporation.
The ZTE ZXR10 1800-2S router has a denial of service vulnerability. An attacker can use this vulnerability to restart the device, causing a denial of service such as HTTP.
| VAR-202001-1970 | No CVE | ZTE ZXR10 1800-2S router has a denial of service vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
ZTE ZXR10 1800-2S router is a multi-service intelligent router produced by ZTE Corporation.
The ZTE ZXR10 1800-2S router has a denial of service vulnerability. An attacker can use this vulnerability to restart the device and cause a denial of service.
| VAR-202001-1964 | No CVE | ZTE ZXR10 1800-2S router has arbitrary file reading vulnerability (CNVD-2020-01284) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ZTE ZXR10 1800-2S router is a multi-service intelligent router produced by ZTE Corporation.
The ZTE ZXR10 1800-2S router has an arbitrary file reading vulnerability. An attacker can use this vulnerability to access arbitrary files by sending a malicious request.