VARIoT IoT vulnerabilities database
| VAR-202001-0288 | CVE-2019-17147 | TP-LINK TL-WR841N Classic buffer overflow vulnerability in router |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457. TP-LINK TL-WR841N The router contains a classic buffer overflow vulnerability. Zero Day Initiative Does not address this vulnerability ZDI-CAN-8457 Was numbered.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. TP-Link TL-WR841N is a wireless router from China TP-Link. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, causing incorrect read and write operations to be performed on other associated memory locations
| VAR-202001-1433 | CVE-2019-11745 | Firefox and Thunderbird Vulnerable to out-of-bounds writing |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Firefox and Thunderbird Contains an out-of-bounds write vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: nss, nss-softokn, nss-util security update
Advisory ID: RHSA-2019:4190-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2019:4190
Issue date: 2019-12-10
CVE Names: CVE-2019-11729 CVE-2019-11745
====================================================================
1. Summary:
An update for nss, nss-softokn, and nss-util is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
3. Description:
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
The nss-softokn package provides the Network Security Services Softoken
Cryptographic Module.
The nss-util packages provide utilities for use with the Network Security
Services (NSS) libraries.
Security Fix(es):
* nss: Out-of-bounds write when passing an output buffer smaller than the
block size to NSC_EncryptUpdate (CVE-2019-11745)
* nss: Empty or malformed p256-ECDH public keys may trigger a segmentation
fault (CVE-2019-11729)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1728437 - CVE-2019-11729 nss: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
1774831 - CVE-2019-11745 nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
6. Package List:
Red Hat Enterprise Linux Client (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
ppc64:
nss-3.44.0-7.el7_7.ppc.rpm
nss-3.44.0-7.el7_7.ppc64.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm
nss-devel-3.44.0-7.el7_7.ppc.rpm
nss-devel-3.44.0-7.el7_7.ppc64.rpm
nss-softokn-3.44.0-8.el7_7.ppc.rpm
nss-softokn-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64.rpm
nss-sysinit-3.44.0-7.el7_7.ppc64.rpm
nss-tools-3.44.0-7.el7_7.ppc64.rpm
nss-util-3.44.0-4.el7_7.ppc.rpm
nss-util-3.44.0-4.el7_7.ppc64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc64.rpm
nss-util-devel-3.44.0-4.el7_7.ppc.rpm
nss-util-devel-3.44.0-4.el7_7.ppc64.rpm
ppc64le:
nss-3.44.0-7.el7_7.ppc64le.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm
nss-devel-3.44.0-7.el7_7.ppc64le.rpm
nss-softokn-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-devel-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-freebl-3.44.0-8.el7_7.ppc64le.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.ppc64le.rpm
nss-sysinit-3.44.0-7.el7_7.ppc64le.rpm
nss-tools-3.44.0-7.el7_7.ppc64le.rpm
nss-util-3.44.0-4.el7_7.ppc64le.rpm
nss-util-debuginfo-3.44.0-4.el7_7.ppc64le.rpm
nss-util-devel-3.44.0-4.el7_7.ppc64le.rpm
s390x:
nss-3.44.0-7.el7_7.s390.rpm
nss-3.44.0-7.el7_7.s390x.rpm
nss-debuginfo-3.44.0-7.el7_7.s390.rpm
nss-debuginfo-3.44.0-7.el7_7.s390x.rpm
nss-devel-3.44.0-7.el7_7.s390.rpm
nss-devel-3.44.0-7.el7_7.s390x.rpm
nss-softokn-3.44.0-8.el7_7.s390.rpm
nss-softokn-3.44.0-8.el7_7.s390x.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.s390.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.s390x.rpm
nss-softokn-devel-3.44.0-8.el7_7.s390.rpm
nss-softokn-devel-3.44.0-8.el7_7.s390x.rpm
nss-softokn-freebl-3.44.0-8.el7_7.s390.rpm
nss-softokn-freebl-3.44.0-8.el7_7.s390x.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.s390.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.s390x.rpm
nss-sysinit-3.44.0-7.el7_7.s390x.rpm
nss-tools-3.44.0-7.el7_7.s390x.rpm
nss-util-3.44.0-4.el7_7.s390.rpm
nss-util-3.44.0-4.el7_7.s390x.rpm
nss-util-debuginfo-3.44.0-4.el7_7.s390.rpm
nss-util-debuginfo-3.44.0-4.el7_7.s390x.rpm
nss-util-devel-3.44.0-4.el7_7.s390.rpm
nss-util-devel-3.44.0-4.el7_7.s390x.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64:
nss-debuginfo-3.44.0-7.el7_7.ppc.rpm
nss-debuginfo-3.44.0-7.el7_7.ppc64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc64.rpm
ppc64le:
nss-debuginfo-3.44.0-7.el7_7.ppc64le.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.ppc64le.rpm
s390x:
nss-debuginfo-3.44.0-7.el7_7.s390.rpm
nss-debuginfo-3.44.0-7.el7_7.s390x.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.s390.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.s390x.rpm
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source:
nss-3.44.0-7.el7_7.src.rpm
nss-softokn-3.44.0-8.el7_7.src.rpm
nss-util-3.44.0-4.el7_7.src.rpm
x86_64:
nss-3.44.0-7.el7_7.i686.rpm
nss-3.44.0-7.el7_7.x86_64.rpm
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-devel-3.44.0-7.el7_7.i686.rpm
nss-devel-3.44.0-7.el7_7.x86_64.rpm
nss-softokn-3.44.0-8.el7_7.i686.rpm
nss-softokn-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.i686.rpm
nss-softokn-debuginfo-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-devel-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-3.44.0-8.el7_7.x86_64.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.i686.rpm
nss-softokn-freebl-devel-3.44.0-8.el7_7.x86_64.rpm
nss-sysinit-3.44.0-7.el7_7.x86_64.rpm
nss-tools-3.44.0-7.el7_7.x86_64.rpm
nss-util-3.44.0-4.el7_7.i686.rpm
nss-util-3.44.0-4.el7_7.x86_64.rpm
nss-util-debuginfo-3.44.0-4.el7_7.i686.rpm
nss-util-debuginfo-3.44.0-4.el7_7.x86_64.rpm
nss-util-devel-3.44.0-4.el7_7.i686.rpm
nss-util-devel-3.44.0-4.el7_7.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64:
nss-debuginfo-3.44.0-7.el7_7.i686.rpm
nss-debuginfo-3.44.0-7.el7_7.x86_64.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.i686.rpm
nss-pkcs11-devel-3.44.0-7.el7_7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11729
https://access.redhat.com/security/cve/CVE-2019-11745
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXe/GMNzjgjWX9erEAQjtKBAAk1TZvBRRA8ZC4B0U49uerK/eMM24Q4xR
PQWxuobDF/YzpJVZqDolO6CfRTBSnDHEuc/OkK0fC8Yskk0T9cp0DWAkHnUal0wB
Zmd61xW4IGSHtEH+g7K8Rv0q8Mto5AeC1hggOwT+0INvRAAa/Qm0c7m0+OSyLIZi
lgk9DLa+srY/6Z2wETS4b7DQiUA2nXegb7CbbnM0Mo2aooPeljsq6pkvyZy2Na0/
MMl/Xo8BWqU0lGrIBgVmrNRLMVkDJfVm7wSvBLaYk9EP758DfRLikm+GpGCowFUf
+60rIxp1iG4Hto7BqusUwmJmdw6fDGeoJSX/qQu3ZHFbpEsd9HCzzGKg9QFmF/yY
N4RWrM4KRMwqHG4qTpDYypKDn5QCGzh1dZuYQJ2gYLmHCBnTzrV0bDJtrzbUWwTx
eFX1YLv4Vw6oYwT1cAx3Ho2B3kpufVezAzfUhtw8uj20Ix1B0NHDcCszNAFWrE8T
QZ4BVVAzjl6xJoZSnjIQ+aBe3zVBW5P6yBhnqWUxS0VuGS3gbS6uPBMusr81sGK6
TjvPP+l8Ss6DQJic42+xruw8g8XqDqnUv3V12iTcOhqPtM7vmzExdMX5wXJ48lo9
Yl6UYkr6P4pM/vNQjgqD7UGud2ILthlwKzqdg9l4DZiA4pctAvAQtgEaL6783OK6
7R6thlrPkII=KHlQ
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 6) - i386, x86_64
3. ==========================================================================
Ubuntu Security Notice USN-4335-1
April 21, 2020
thunderbird vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
Multiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted website in a browsing context,
an attacker could potentially exploit these to cause a denial of service,
obtain sensitive information, bypass security restrictions, bypass
same-origin restrictions, conduct cross-site scripting (XSS) attacks, or
execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759,
CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763,
CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010,
CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017,
CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503,
CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807,
CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,
CVE-2020-6825)
It was discovered that NSS incorrectly handled certain memory operations.
A remote attacker could potentially exploit this to cause a denial of
service, or execute arbitrary code. (CVE-2019-11745)
It was discovered that a specially crafted S/MIME message with an inner
encryption layer could be displayed as having a valid signature in some
circumstances, even if the signer had no access to the encrypted message.
An attacker could potentially exploit this to spoof the message author.
(CVE-2019-11755)
A heap overflow was discovered in the expat library in Thunderbird. If a
user were tricked in to opening a specially crafted message, an attacker
could potentially exploit this to cause a denial of service, or execute
arbitrary code. (CVE-2019-15903)
It was discovered that Message ID calculation was based on uninitialized
data. An attacker could potentially exploit this to obtain sensitive
information. (CVE-2020-6792)
Mutiple security issues were discovered in Thunderbird. If a user were
tricked in to opening a specially crafted message, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)
It was discovered that if a user saved passwords before Thunderbird 60 and
then later set a master password, an unencrypted copy of these passwords
would still be accessible. A local user could exploit this to obtain
sensitive information. (CVE-2020-6794)
It was discovered that the Devtools’ ‘Copy as cURL’ feature did not
fully escape website-controlled data. If a user were tricked in to using
the ‘Copy as cURL’ feature to copy and paste a command with specially
crafted data in to a terminal, an attacker could potentially exploit this
to execute arbitrary commands via command injection. (CVE-2020-6811)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS:
thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2
After a standard system update you need to restart Thunderbird to make
all the necessary changes. 8) - aarch64, ppc64le, s390x, x86_64
3. 8.0) - ppc64le, x86_64
3.
For the stable distribution (buster), these problems have been fixed in
version 2:3.42.1-1+deb10u2.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8
TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj
sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl
Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq
jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH
UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0
hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o
DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F
8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co
TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz
Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5
yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=
=QZmZ
-----END PGP SIGNATURE-----
| VAR-201911-0299 | CVE-2019-6675 | BIG-IP Authentication vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the system. This issue only impacts specific engineering hotfixes using the aforementioned authentication configuration. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: Hotfix-BIGIP-14.1.0.3.0.79.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.97.6-ENG.iso, Hotfix-BIGIP-14.1.0.3.0.99.6-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.15.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.36.5-ENG.iso, Hotfix-BIGIP-14.1.0.5.0.40.5-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.11.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.14.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.68.9-ENG.iso, Hotfix-BIGIP-14.1.0.6.0.70.9-ENG.iso, Hotfix-BIGIP-14.1.2.0.11.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.18.37-ENG.iso, Hotfix-BIGIP-14.1.2.0.32.37-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.46.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.14.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.16.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.34.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.97.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.99.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.105.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.111.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.115.4-ENG.iso, Hotfix-BIGIP-14.1.2.1.0.122.4-ENG.iso, Hotfix-BIGIP-15.0.1.0.33.11-ENG.iso, Hotfix-BIGIP-15.0.1.0.48.11-ENG.iso. BIG-IP Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. F5 BIG-IP is an application delivery platform integrated with network traffic management, application security management, load balancing and other functions of the US company F5. A security vulnerability exists in the F5 BIG-IP. An attacker could exploit this vulnerability to bypass authentication. The following products and versions are affected: F5 BIG-IP 15.0.1.0.33.11-ENG Hotfix version, 15.0.1.0.48.11-ENG Hotfix version, 14.1.0.3.0.79.6-ENG Hotfix version, 14.1.0.3.0.97.6 -ENG Hotfix Version, 14.1.0.3.0.99.6-ENG Hotfix Version, 14.1.0.5.0.15.5-ENG Hotfix Version, 14.1.0.5.0.36.5-ENG Hotfix Version, 14.1.0.5.0.40.5-ENG Hotfix version, 14.1.0.6.0.11.9-ENG Hotfix version, 14.1.0.6.0.14.9-ENG Hotfix version, 14.1.0.6.0.68.9-ENG Hotfix version, 14.1.0.6.0.70.9-ENG Hotfix version , 14.1.2.0.11.37-ENG Hotfix Version, 14.1.2.0.18.37-ENG Hotfix Version, 14.1.2.0.32.37-ENG Hotfix Version, 14.1.2.1.0.46.4-ENG Hotfix Version, 14.1.2.1.0.14.4 -ENG Hotfix Version, 14.1.2.1.0.16.4-ENG Hotfix Version, 14.1.2.1.0.34.4-ENG Hotfix Version, 14.1.2.1.0.97.4-ENG Hotfix Version, 14.1.2.1.0.99.4-ENG Hotfix version, 14.1.2.1.0.105.4-ENG Hotfix version, 14.1.2.1.0.111.4-ENG Hotfix version, 14.1.2.1.0.115.4-ENG Hotfix version, 14.1.2.1.0.122.4-ENG Hotfix version
| VAR-201911-0938 | CVE-2019-16242 | TCL Communication Alcatel Cingular Flip 2 B9HUAH1 operating system command injection vulnerability |
CVSS V2: 7.2 CVSS V3: 6.8 Severity: MEDIUM |
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an engineering application named omamock that is vulnerable to OS command injection. An attacker with physical access to the device can abuse this vulnerability to execute arbitrary OS commands as the root user via the application's UI. TCL Communication Alcatel Cingular Flip 2 B9HUAH1 is a mobile phone of China TCL Communication (TCL Communication) company. omamock is one of the components. The vulnerability stems from the fact that external input data constructs executable commands for the operating system, and the network system or product does not properly filter special characters and commands. Attackers can use this vulnerability to execute illegal operating system commands
| VAR-201911-0937 | CVE-2019-16241 | TCL Alcatel Cingular Flip 2 Unauthorized authentication vulnerabilities in devices |
CVSS V2: 4.6 CVSS V3: 6.8 Severity: MEDIUM |
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB. TCL Alcatel Cingular Flip 2 The device contains an incorrect authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TCL Communication Alcatel Cingular Flip 2 B9HUAH1 is a mobile phone of China TCL Communication (TCL Communication) company.
There is a security vulnerability in TCL Communication Alcatel Cingular Flip 2 B9HUAH1
| VAR-201911-1040 | CVE-2019-18253 | ABB Relion 670 Series path traversal vulnerability |
CVSS V2: 7.5 CVSS V3: 10.0 Severity: CRITICAL |
An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory. Relion 670 The series contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ABB Relion 670 Series is a transmission protection control device of Swiss ABB company
| VAR-201911-1084 | CVE-2019-12489 | Fastweb Askey RTV1907VW Device injection vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 devices. By using the usb_remove service through an HTTP request, it is possible to inject and execute a command between two & characters in the mount parameter. Fastweb Askey RTV1907VW The device contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fastweb Askey RTV1907VW is a router of Italian Fastweb company.
Fastweb Askey RTV1907VW 0.00.81_FW_200_Askey 2018-10-02 18:08:18 Vulnerability exists in the version
| VAR-201911-0925 | CVE-2019-16243 | TCL Alcatel Cingular Flip 2 Device injection vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, there is an undocumented web API that allows unprivileged JavaScript, including JavaScript running within the KaiOS browser, to view and edit the device's firmware over-the-air update settings. (This web API is normally used by the system application to trigger firmware updates via OmaService.js.). TCL Alcatel Cingular Flip 2 The device contains an injection vulnerability.Information may be obtained and information may be altered. TCL Communication Alcatel Cingular Flip 2 B9HUAH1 is a mobile phone of China TCL Communication (TCL Communication) company. Attackers can use this vulnerability to view and modify the wireless update settings of device firmware
| VAR-201911-1038 | CVE-2019-18247 | Relion 650 and 670 Input validation vulnerability in the series |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
An attacker may use a specially crafted message to force Relion 650 series (versions 1.3.0.5 and prior) or Relion 670 series (versions 1.2.3.18, 2.0.0.11, 2.1.0.1 and prior) to reboot, which could cause a denial of service. Relion 650 and 670 The series contains a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. ABB Relion 670 Series and ABB Relion 650 Series are transmission protection control equipment of ABB company in Switzerland
| VAR-201911-1166 | CVE-2019-18580 | Dell EMC Storage Monitoring and Reporting Vulnerable to unreliable data deserialization |
CVSS V2: 10.0 CVSS V3: 10.0 Severity: CRITICAL |
Dell EMC Storage Monitoring and Reporting version 4.3.1 contains a Java RMI Deserialization of Untrusted Data vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending a crafted RMI request to execute arbitrary code on the target host. Authentication is not required to exploit this vulnerability.The specific flaw exists within the Java RMI service, which listens on TCP port 52569 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. The software provides features such as storage performance monitoring and report generation
| VAR-201911-1957 | No CVE | H3C ER5200 router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
ER5200 is a high-performance Gigabit downlink router launched by H3C. It is mainly positioned in the SMB market of Ethernet / fiber / ADSL access and network environments such as government, enterprise organizations, and Internet cafes.
There is a weak password vulnerability in Huasan ER5200 router. An attacker can use this vulnerability to log in to the management background directly.
| VAR-201911-1334 | CVE-2019-17406 | Nokia IMPACT Path Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Nokia IMPACT < 18A has path traversal that may lead to RCE if chained with CVE-2019-1743. Nokia IMPACT is a set of intelligent management platform for the Internet of Things of Nokia (Finland). The vulnerability stems from a network system or product's failure to properly filter special elements in a resource or file path. An attacker could use this vulnerability to access locations outside the restricted directory
| VAR-201911-1333 | CVE-2019-17405 | Nokia IMPACT Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Nokia IMPACT < 18A: has Reflected self XSS. Nokia IMPACT Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Nokia IMPACT is a set of intelligent management platform for the Internet of Things of Nokia (Finland). The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code
| VAR-201911-1332 | CVE-2019-17404 | Nokia IMPACT Path traversal vulnerability |
CVSS V2: 4.0 CVSS V3: 4.3 Severity: MEDIUM |
Nokia IMPACT < 18A: allows full path disclosure. Nokia IMPACT is a set of intelligent management platform for the Internet of Things of Nokia (Finland). An attacker could use this vulnerability to reveal the full path
| VAR-201911-1331 | CVE-2019-17403 | Nokia IMPACT Vulnerable to unlimited upload of dangerous types of files |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
Nokia IMPACT < 18A: An unrestricted File Upload vulnerability was found that may lead to Remote Code Execution. Nokia IMPACT Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nokia IMPACT is a set of intelligent management platform for the Internet of Things of Nokia (Finland). An attacker could use this vulnerability to execute code
| VAR-201911-1958 | No CVE | Command Execution Vulnerabilities in Multiple D-Link Routers |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
D-Link DIR-855L A1, DAP-1533 A1, DIR-862L A1, DIR-835 A1, DIR-615 I3, DIR-825 C1 are all wireless router products of D-Link.
There are command execution vulnerabilities in several D-Link routers. An attacker could exploit this vulnerability to gain administrator privileges.
| VAR-201911-1358 | CVE-2019-19240 | Embedthis GoAhead Buffer error vulnerability |
CVSS V2: 5.0 CVSS V3: 5.3 Severity: MEDIUM |
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak uninitialized data in a response. Embedthis GoAhead Contains a buffer error vulnerability.Information may be obtained. Embedthis Software GoAhead is an embedded Web server of American Embedthis Software company. A buffer error vulnerability exists in Embedthis Software GoAhead versions prior to 5.0.1. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc
| VAR-201911-1947 | No CVE | Unknown vulnerabilities in Sony Playstation 4 (PS4) |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Sony Playstation 4 is a home console.
There are unexplained vulnerabilities in Sony Playstation 4 (PS4). An attacker could exploit the vulnerability to use a malicious program to obtain quarantined private data.
| VAR-201911-0418 | CVE-2019-9536 | Apple iPhone 3GS Vulnerability in Permission Management |
CVSS V2: 6.9 CVSS V3: 6.8 Severity: MEDIUM |
Apple iPhone 3GS bootrom malloc implementation returns a non-NULL pointer when unable to allocate memory, aka 'alloc8'. An attacker with physical access to the device can install arbitrary firmware. Apple iPhone 3GS Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Apple iPhone 3GS is a smart phone from Apple Inc. of the United States.
There are security holes in Apple iPhone 3GS (old bootrom and new bootrom)
| VAR-201911-0441 | CVE-2019-15652 | NSSLGlobal Technologies SatLink VSAT Modem Unit Cross-Site Scripting Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code. NSSLGlobal SatLink VSAT Modem Unit (VMU) The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NSSLGlobal Technologies SatLink VSAT Modem Unit (VMU) is a Very Small Aperture Terminal (VSAT) modem from NSSLGlobal Technologies.
Cross-site scripting vulnerability exists in the web interface in NSSLGlobal Technologies SatLink VMU versions prior to 18.1.0. The vulnerability stems from the lack of proper validation of client data by web applications. An attacker could use this vulnerability to execute client code