VARIoT IoT vulnerabilities database
| VAR-202001-1713 | CVE-2020-6862 | F6x2W Information disclosure vulnerabilities in products |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. ZTE Router is a wireless router equipment of ZTE Corporation. Unauthorized attackers can use vulnerabilities to obtain sensitive information about affected components
| VAR-202001-0486 | CVE-2019-14613 | Windows for Intel(R) VTune(TM) Amplifier Vulnerabilities in permissions management |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper access control in driver for Intel(R) VTune(TM) Amplifier for Windows* before update 8 may allow an authenticated user to potentially enable escalation of privilege via local access. Windows for Intel(R) VTune(TM) Amplifier Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. A local attacker could exploit this vulnerability to elevate privileges
| VAR-202001-0485 | CVE-2019-14601 | Windows for Intel(R) RWC 3 Inadequate default permissions vulnerability |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Improper permissions in the installer for Intel(R) RWC 3 for Windows before version 7.010.009.000 may allow an authenticated user to potentially enable escalation of privilege via local access. Windows for Intel(R) RWC 3 Contains an improper default permissions vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. There is a security vulnerability in the installer of Windows-based Intel RWC 3 versions earlier than 7.010.009.000. A local attacker could exploit this vulnerability to elevate privileges
| VAR-202001-0484 | CVE-2019-14600 | Windows for Intel(R) SNMP Subagent Stand-Alone Vulnerable to uncontrolled search path elements |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Uncontrolled search path element in the installer for Intel(R) SNMP Subagent Stand-Alone for Windows* may allow an authenticated user to potentially enable escalation of privilege via local access. Intel SNMP Subagent Stand-Alone is an agent program of Intel Corporation for remote management of Intel devices. There is a security vulnerability in the installer of Intel SNMP Subagent Stand-Alone based on Windows platform. A local attacker could exploit this vulnerability to elevate privileges
| VAR-202001-0473 | CVE-2019-14629 | Intel(R) DAAL Information Disclosure Vulnerability |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Improper permissions in Intel(R) DAAL before version 2020 Gold may allow an authenticated user to potentially enable information disclosure via local access. Intel(R) DAAL Contains an information disclosure vulnerability.Information may be obtained. A security vulnerability exists in versions prior to Intel DAAL 2020 Gold. A local attacker could exploit this vulnerability to obtain information
| VAR-202001-1870 | CVE-2020-5398 | Spring Framework Vulnerabilities in the integrity of downloaded code |
CVSS V2: 7.6 CVSS V3: 7.5 Severity: HIGH |
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. Spring Framework Contains a vulnerability in the integrity verification of downloaded code.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. A cross-site scripting vulnerability exists in Pivotal Software Spring Framework 5.2.x prior to 5.2.3, 5.1.x prior to 5.1.13, and 5.0.x prior to 5.0.16. A remote attacker could exploit this vulnerability to obtain sensitive information by conducting a Reflected File Download (RFD) attack. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat Fuse 7.8.0 release and security update
Advisory ID: RHSA-2020:5568-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2020:5568
Issue date: 2020-12-16
CVE Names: CVE-2018-1000873 CVE-2019-0205 CVE-2019-0210
CVE-2019-2692 CVE-2019-3773 CVE-2019-3774
CVE-2019-10202 CVE-2019-10219 CVE-2019-11777
CVE-2019-12406 CVE-2019-12423 CVE-2019-13990
CVE-2019-14900 CVE-2019-17566 CVE-2019-17638
CVE-2019-19343 CVE-2020-1714 CVE-2020-1719
CVE-2020-1950 CVE-2020-1960 CVE-2020-5398
CVE-2020-7226 CVE-2020-9488 CVE-2020-9489
CVE-2020-10683 CVE-2020-10740 CVE-2020-11612
CVE-2020-11971 CVE-2020-11972 CVE-2020-11973
CVE-2020-11980 CVE-2020-11989 CVE-2020-11994
CVE-2020-13692 CVE-2020-13933 CVE-2020-14326
====================================================================
1. Summary:
A minor version update (from 7.7 to 7.8) is now available for Red Hat Fuse.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
This release of Red Hat Fuse 7.8.0 serves as a replacement for Red Hat Fuse
7.7, and includes bug fixes and enhancements, which are documented in the
Release Notes document linked to in the References.
Security Fix(es):
* libquartz: XXE attacks via job description (CVE-2019-13990)
* jetty: double release of resource can lead to information disclosure
(CVE-2019-17638)
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code
Execution (CVE-2020-1714)
* springframework: RFD attack via Content-Disposition Header sourced from
request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
(CVE-2020-10740)
* camel: RabbitMQ enables Java deserialization by default which could leed
to remote code execution (CVE-2020-11972)
* camel: Netty enables Java deserialization by default which could leed to
remote code execution (CVE-2020-11973)
* shiro: spring dynamic controllers, a specially crafted request may cause
an authentication bypass (CVE-2020-11989)
* camel: server-side template injection and arbitrary file disclosure on
templating components (CVE-2020-11994)
* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
(CVE-2020-13692)
* shiro: specially crafted HTTP request may cause an authentication bypass
(CVE-2020-13933)
* RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)
* jackson-modules-java8: DoS due to an Improper Input Validation
(CVE-2018-1000873)
* thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* mysql-connector-java: privilege escalation in MySQL connector
(CVE-2019-2692)
* spring-ws: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3773)
* spring-batch: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3774)
* codehaus: incomplete fix for unsafe deserialization in jackson-databind
vulnerabilities (CVE-2019-10202)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT
library (CVE-2019-11777)
* cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12423)
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Undertow: Memory Leak in Undertow HttpOpenListener due to holding
remoting connections indefinitely (CVE-2019-19343)
* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)
* apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)
* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)
* tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's
Parsers (CVE-2020-9489)
* dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)
* netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)
* camel: DNS Rebinding in JMX Connector could result in remote command
execution (CVE-2020-11971)
* karaf: A remote client could create MBeans from arbitrary URLs
(CVE-2020-11980)
* tika: excessive memory usage in PSDParser (CVE-2020-1950)
* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
3. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
Installation instructions are available from the Fuse 7.8.0 product
documentation page:
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
4. Bugs fixed (https://bugzilla.redhat.com/):
1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector
1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability
1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution
1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution
1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers
1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass
1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs
1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components
1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS
1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure
1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass
1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library
5. References:
https://access.redhat.com/security/cve/CVE-2018-1000873
https://access.redhat.com/security/cve/CVE-2019-0205
https://access.redhat.com/security/cve/CVE-2019-0210
https://access.redhat.com/security/cve/CVE-2019-2692
https://access.redhat.com/security/cve/CVE-2019-3773
https://access.redhat.com/security/cve/CVE-2019-3774
https://access.redhat.com/security/cve/CVE-2019-10202
https://access.redhat.com/security/cve/CVE-2019-10219
https://access.redhat.com/security/cve/CVE-2019-11777
https://access.redhat.com/security/cve/CVE-2019-12406
https://access.redhat.com/security/cve/CVE-2019-12423
https://access.redhat.com/security/cve/CVE-2019-13990
https://access.redhat.com/security/cve/CVE-2019-14900
https://access.redhat.com/security/cve/CVE-2019-17566
https://access.redhat.com/security/cve/CVE-2019-17638
https://access.redhat.com/security/cve/CVE-2019-19343
https://access.redhat.com/security/cve/CVE-2020-1714
https://access.redhat.com/security/cve/CVE-2020-1719
https://access.redhat.com/security/cve/CVE-2020-1950
https://access.redhat.com/security/cve/CVE-2020-1960
https://access.redhat.com/security/cve/CVE-2020-5398
https://access.redhat.com/security/cve/CVE-2020-7226
https://access.redhat.com/security/cve/CVE-2020-9488
https://access.redhat.com/security/cve/CVE-2020-9489
https://access.redhat.com/security/cve/CVE-2020-10683
https://access.redhat.com/security/cve/CVE-2020-10740
https://access.redhat.com/security/cve/CVE-2020-11612
https://access.redhat.com/security/cve/CVE-2020-11971
https://access.redhat.com/security/cve/CVE-2020-11972
https://access.redhat.com/security/cve/CVE-2020-11973
https://access.redhat.com/security/cve/CVE-2020-11980
https://access.redhat.com/security/cve/CVE-2020-11989
https://access.redhat.com/security/cve/CVE-2020-11994
https://access.redhat.com/security/cve/CVE-2020-13692
https://access.redhat.com/security/cve/CVE-2020-13933
https://access.redhat.com/security/cve/CVE-2020-14326
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.8.0
https://access.redhat.com/documentation/en-us/red_hat_fuse/7.8/
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX9n5stzjgjWX9erEAQhLEA/+P1hIAPgSOz6uLDvvZvm73qyxbuISD92X
kJ158V+IX64dMlCuUCfFFKiuRCsDzhCSi52P4m8q06OskS1QndEmjfSixER/pG8X
YJKatVpbxbVE3V2U/wRRfrG/j18UhwNatS3VouvdKOXwQewWb0TaGwGJ9wdZLDMd
7owlOwqQ1dOh2AMS3NWAeNBSzQtfk0GUb61+V1WRdCBs/PII1roRJyZEGEBsIZtg
z66CncAjMwL7zj/ZRYK7ogWL20HwMgCQ3oAHo1ENM5k6o7scqRArhMKPthdtF88y
AwqPo8ocQCE5JB66tbUie6ze2sYPgBflWSJ0zEv3suyUbzLyO2d1utzyXn24ffYN
0F1gY0YFsLiNRZPfdtGx+cPB5dlBOnnJUOTXA1e87CXohPRKqWuqQaxChGQY8CiH
ZiWg2U/NLuBgg7SkL1Vm9Fqfe06roAfDQLL4nnd8BcRkmhNWG7KL2ve2fRDbfqKT
RH9x3XbHhD0cfvTFaEj0qVojsSCjVrE+SeJdluDY21kf0OxspVDMffQ0WD2cNVFh
PgaQJt4ItTfkanw7cKs1GNH4WjMmpuAfe2lzR3JBLlkSvf7iqiPVIrIY+NAOHYG0
Mtx6d3mbwr91KjGg3lXOoM+tTFjOiCZMr/k7WIt3VllJpBP18cbAXeGtEmpMg+jA
f8t2frnd7kM=jGVK
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202001-1972 | No CVE | Haier wireless router has unauthorized access vulnerability |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Established in 1984, Haier Group is the world's largest brand of large household appliances. At present, it has transformed from a traditional manufacturer of household appliances to a platform for incubating makers for the whole society.
An unauthorized access vulnerability exists in Haier wireless routers. Attackers can use this vulnerability to obtain sensitive information such as databases or website directories.
| VAR-202001-0807 | CVE-2019-19142 | Intelbras WRN240 Lack of authentication on device |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI. Intelbras WRN240 The device is vulnerable to a lack of authentication.Information may be altered. Intelbras WRN240 is a wireless router from Intelbras in Poland.
A security vulnerability exists in the Intelbras WRN240, which originates from a program that does not authenticate firmware replacements
| VAR-202001-1869 | CVE-2020-5397 | Spring Framework Vulnerable to cross-site request forgery |
CVSS V2: 2.6 CVSS V3: 5.3 Severity: MEDIUM |
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack. Spring Framework Contains a cross-site request forgery vulnerability.Information may be altered. Pivotal Software Spring Framework is a set of open source Java and JavaEE application frameworks from Pivotal Software in the United States. The framework helps developers build high-quality applications. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
| VAR-202001-0012 | CVE-2010-3048 | Cisco Unified Personal Communicator In NULL Pointer dereference vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Cisco Unified Personal Communicator 7.0 (1.13056) does not free allocated memory for received data and does not perform validation if memory allocation is successful, causing a remote denial of service condition. Cisco Unified Personal Communicator In NULL A vulnerability exists in pointer dereferencing.Denial of service (DoS) May be in a state. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202001-0648 | CVE-2019-11998 | HPE Superdome Flex Server Input validation vulnerability |
CVSS V2: 5.0 CVSS V3: 5.5 Severity: MEDIUM |
HPE Superdome Flex Server is vulnerable to multiple remote vulnerabilities via improper input validation of administrator commands. This vulnerability could allow an Administrator to bypass security restrictions and access multiple remote vulnerabilities including information disclosure, or denial of service. HPE has provided firmware updates that address the above vulnerabilities for the HPE Superdome Flex Server starting with firmware version v3.20.186 (not available online) and v3.20.206 (available online). Apply v3.20.206 (4 December 2019) or a newer version to resolve this issue. Please visit HPE Support Center https://support.hpe.com/hpesc/public/home to obtain the updated firmware for your product
| VAR-202001-1034 | CVE-2020-2555 | Oracle Fusion Middleware of Oracle Coherence In Caching,CacheStore,Invocation Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Oracle Fusion Middleware of Oracle Coherence In Caching,CacheStore,Invocation There are vulnerabilities that affect confidentiality, integrity, and availability due to a flaw in processing.Information gained, falsified, and denial of service by remote attackers (DoS) An attack could be made. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the T3 protocol on TCP port 7001. When deserializing objects embedded with T3 protocol messages, the server allows deserialization of classes that may lead to arbitrary code execution. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The platform provides functions such as middleware and software collection
| VAR-202001-0532 | CVE-2019-19414 | plural Huawei Integer overflow vulnerability in product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an integer overflow vulnerability in LDAP server of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. plural Huawei The product contains an integer overflow vulnerability.Denial of service (DoS) May be in a state
| VAR-202001-0901 | CVE-2020-1788 | Honor V30 Authentication vulnerabilities in smartphones |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P1) have an improper authentication vulnerability. Certain applications do not properly validate the identity of another application who would call its interface. An attacker could trick the user into installing a malicious application. Successful exploit could allow unauthorized actions leading to information disclosure. Malicious applications use this vulnerability to perform unauthorized operations and obtain information
| VAR-202001-1007 | CVE-2020-1840 | HUAWEI Mate 20 Authentication vulnerabilities in smartphones |
CVSS V2: 3.6 CVSS V3: 6.0 Severity: MEDIUM |
HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E70R3P8) have an insufficient authentication vulnerability. A local attacker with high privilege can execute a specific command to exploit this vulnerability. Successful exploitation may cause information leak and compromise the availability of the smart phones.Affected product versions include: HUAWEI Mate 20 versions Versions earlier than 10.0.0.175(C00E70R3P8). HUAWEI Mate 20 Smartphones have an authentication vulnerability.Information obtained and denial of service (DoS) May be in a state. Huawei Mate 20 is a smartphone from China's Huawei. Local attackers can use this vulnerability to leak information and affect the usability of the phone
| VAR-202006-0752 | CVE-2019-19412 | plural Huawei Vulnerabilities in smartphones |
CVSS V2: 2.1 CVSS V3: 4.6 Severity: MEDIUM |
Huawei smart phones have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker login the Talkback mode and can perform some operations to install a third-Party application. Affected products can be found in https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-frp-en. plural Huawei There are unspecified vulnerabilities in smartphones.Information may be tampered with
| VAR-202001-0531 | CVE-2019-19413 | plural Huawei Integer overflow vulnerability in product |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
There is an integer overflow vulnerability in LDAP client of some Huawei products. Due to insufficient input validation, a remote attacker could exploit this vulnerability by sending malformed packets to the target devices. Successful exploit could cause the affected system crash. plural Huawei The product contains an integer overflow vulnerability.Denial of service (DoS) May be in a state
| VAR-202001-1293 | CVE-2014-6448 | Juniper Junos OS Vulnerabilities in permissions management |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before 13.3R3 allow local users to bypass intended restrictions and execute arbitrary Python code via vectors involving shell access. Juniper Junos OS Contains a privilege management vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. A security vulnerability exists in Juniper Networks Juniper Junos OS. The following products and versions are affected: Juniper Junos OS 13.2 prior to 13.2R5, 13.2X51, 13.2X52, 13.3 prior to 13.3R3
| VAR-202001-0530 | CVE-2019-19411 | USG9500 Information Disclosure Vulnerability |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, V500R005C00SPC100, V500R005C00SPC200 have an information leakage vulnerability. Due to improper processing of the initialization vector used in a specific encryption algorithm, an attacker who gains access to this cryptographic primitive may exploit this vulnerability to cause the value of the confidentiality associated with its use to be diminished. USG9500 Contains an information disclosure vulnerability.Information may be obtained
| VAR-202001-0123 | CVE-2020-0603 | ASP.NET Core Remote code execution vulnerability in software |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka 'ASP.NET Core Remote Code Execution Vulnerability'. Microsoft ASP.NET Core is a cross-platform open source framework from Microsoft Corporation in the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. The vulnerability stems from a program's inability to handle memory objects. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Critical: .NET Core on Red Hat Enterprise Linux security and bug fix update
Advisory ID: RHSA-2020:0134-01
Product: .NET Core on Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0134
Issue date: 2020-01-16
CVE Names: CVE-2020-0602 CVE-2020-0603
====================================================================
1. Summary:
An update for rh-dotnet30-dotnet and rh-dotnet31-dotnet is now available
for .NET Core on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64
.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
3. Description:
.NET Core is a managed-software framework. It implements a subset of the
.NET framework APIs and several new APIs, and it includes a CLR
implementation.
New versions of .NET Core that address security vulnerabilities are now
available. The updated versions are .NET Core SDK 3.0.102, .NET Core
Runtime 3.0.2, .NET Core SDK 3.1.101 and .NET Core Runtime 3.1.1.
Security Fixes:
* dotnet: Memory Corruption in SignalR (CVE-2020-0603)
* dotnet: SignalR Denial of Service via backpressure issue (CVE-2020-0602)
Users must rebuild their applications to pick up the fixes.
Default inclusions for applications built with .NET Core have been updated
to reference the newest versions and their security fixes.
For more details about the security issues, including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
pages listed in the References section.
4. Solution:
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1787151 - Update .NET Core 3.0 to Runtime 3.0.2 and SDK 3.0.102
1787174 - Update .NET Core 3.1 to Runtime 3.1.1 and SDK 3.1.101
1789623 - CVE-2020-0602 dotnet: Denial of service via backpressure issue
1789624 - CVE-2020-0603 dotnet: Memory Corruption in SignalR
6. Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet30-dotnet-3.0.102-3.el7.src.rpm
x86_64:
rh-dotnet30-aspnetcore-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-aspnetcore-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-apphost-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-debuginfo-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-host-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-hostfxr-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-runtime-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-sdk-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-dotnet-targeting-pack-3.0-3.0.2-3.el7.x86_64.rpm
rh-dotnet30-dotnet-templates-3.0-3.0.102-3.el7.x86_64.rpm
rh-dotnet30-netstandard-targeting-pack-2.1-3.0.102-3.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source:
rh-dotnet31-dotnet-3.1.101-4.el7.src.rpm
x86_64:
rh-dotnet31-aspnetcore-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-aspnetcore-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-apphost-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-debuginfo-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-host-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-hostfxr-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-runtime-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-sdk-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-dotnet-targeting-pack-3.1-3.1.1-4.el7.x86_64.rpm
rh-dotnet31-dotnet-templates-3.1-3.1.101-4.el7.x86_64.rpm
rh-dotnet31-netstandard-targeting-pack-2.1-3.1.101-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-0602
https://access.redhat.com/security/cve/CVE-2020-0603
https://access.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXiCQQ9zjgjWX9erEAQiA5g//U9AGfQhzgzrIja7zNdstcP61hqUbWM+j
F2E4FpcJCJgjV3uDli4HsH6sIuzuKV5pVLhvNdbrAMSDJgOaWNJ+Otvmve0yPvY6
KjhAPMQnBjsJE5eUia6ZEIzhvjcHVwVbHQJrqIwLjvBrwHeo6fVWd/IHentdmM+3
FIh6uqClbh434gyq4Oi2MpTJ6G6z0+/siaA/tq4qubWJCtEWLfEXXhWsUL4ye59B
edz+0qB0MYi2ZpgJtk0A8RRxtwcVN6KD+SnV2g25XjqwDNBhAfO3AlB1x0Mzo7HQ
2tcWLTpJPtYm8sZFZLOKAGm1hvTJhFnu4Vc5oL7b6paJYsU2Ud9URbakwiiiwzV+
XXLdMmvL63JVeP+cFWkqgI/UR8sdbaXrKFjJcnxNiUklPrrUIx3rq/E1yzCgqwMI
M3RakcXDqCsaojoOAy/AMkPH1J2r8vyz08JTLC6Ik54m4Dz7/wGILwuVKXLuR1bM
L6oLLZNrc5oxK4VM7Zb0IHaAeK/cOvxQWhglOPkDV4Got721TputjBeIEj8xiHc1
2s5zmndzaUfXm+PoqnFsfGggRErFLXaqwSpRWT2vn2MOXbrEbpPjmJs55tLXABhw
8DI+gmgFRHhE6A4yqvJMzaJGZCsCtUWWXowQEhiCNaymG9Kgx4BkRLNj2Mc15mOK
EuYGFNW4Ux4\xadZz
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce