VARIoT IoT vulnerabilities database

TP-Link TL-WR940N is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the ipAddrDispose function. By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges. TP-Link TL-WR940N Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TP-Link TL-WR940N and the TP-Link TL-WR941ND are both wireless routers from China Unicom (TP-Link). A buffer overflow vulnerability exists in TP-LINK TL-WR940N and TL-WR941ND. This vulnerability is caused when the network system or product performs operations on memory and does not correctly verify the data boundary, resulting in an error being performed to other associated memory locations. Read and write operations that an attacker can exploit to cause a buffer overflow or heap overflow

In Eclipse Kura versions up to 4.0.0, the SkinServlet did not checked the path passed during servlet call, potentially allowing path traversal in get requests for a limited number of file types. Eclipse Kura Contains a path traversal vulnerability.Information may be obtained. Eclipse Kura is prone to the following vulnerabilities: 1. A directory traversal vulnerability 2. An information disclosure vulnerability 3. An XML External Entity injection information disclosure vulnerability Attackers can exploit these issues to obtain sensitive information that may aid in further attacks. Eclipse Kura through 4.0.0 are vulnerable

Under certain conditions the Monitoring Servlet of the SAP NetWeaver Process Integration (Messaging System), fixed in versions 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to see the names of database tables used by the application, leading to information disclosure. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". systemd Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Systemd is a Linux-based system and service manager for Lennart Poettering software developers in Germany. The product is compatible with SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A license and access control vulnerability exists in the systemdv242-rc4 release that stems from the lack of effective permissions and access control measures for network systems or products. An attacker could exploit this vulnerability to gain access to webmasters. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: systemd security, bug fix, and enhancement update Advisory ID: RHSA-2021:1611-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1611 Issue date: 2021-05-18 CVE Names: CVE-2019-3842 CVE-2020-13776 ==================================================================== 1. Summary: An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit. Security Fix(es): * systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" (CVE-2019-3842) * systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits (CVE-2020-13776) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1668521 - CVE-2019-3842 systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" 1740657 - [RFE] NUMA aware CPU affinity setting in systemd unit files 1755287 - localectl set-locale should issue an error message when trying to set a nonexistent locale 1764282 - systemd[XXXXX]: Failed to connect to API bus: Connection refused 1812972 - backport request: allow instantiated units to be enabled via presets 1819868 - systemd excessively reads mountinfo and udev is dense OpenShift environments 1845534 - CVE-2020-13776 systemd: Mishandles numerical usernames beginning with decimal digits or 0x followed by hexadecimal digits 1862714 - LIBSYSTEMD_VERSION value format change crashes systemd-python pip install 1865840 - systemd-tmpfiles request for backport 1868831 - FreezerState is incorrectly updated on system running cgroup v1 1868877 - Enabling the smack feature on the host may cause the container to fail to start 1870638 - RFE: Add an option to Socket units to clear the data before listening again 1871139 - [systemd] systemd-resolved.service:33: Unknown lvalue 'ProtectSystems' in section 'Service' 1880270 - "Failed to start user service, ignoring" when masking user@.service 1885553 - "systemd --user" can dump core upon session closing 1887181 - Backport PassPacketInfo= support into systemd of RHEL 8 1888912 - SELinux policy change not visible to systemd until daemon-reexec 1889996 - backport vconsole-setup: downgrade log message when setting font fails on dummy console 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: systemd-239-45.el8.src.rpm aarch64: systemd-239-45.el8.aarch64.rpm systemd-container-239-45.el8.aarch64.rpm systemd-container-debuginfo-239-45.el8.aarch64.rpm systemd-debuginfo-239-45.el8.aarch64.rpm systemd-debugsource-239-45.el8.aarch64.rpm systemd-devel-239-45.el8.aarch64.rpm systemd-journal-remote-239-45.el8.aarch64.rpm systemd-journal-remote-debuginfo-239-45.el8.aarch64.rpm systemd-libs-239-45.el8.aarch64.rpm systemd-libs-debuginfo-239-45.el8.aarch64.rpm systemd-pam-239-45.el8.aarch64.rpm systemd-pam-debuginfo-239-45.el8.aarch64.rpm systemd-tests-239-45.el8.aarch64.rpm systemd-tests-debuginfo-239-45.el8.aarch64.rpm systemd-udev-239-45.el8.aarch64.rpm systemd-udev-debuginfo-239-45.el8.aarch64.rpm ppc64le: systemd-239-45.el8.ppc64le.rpm systemd-container-239-45.el8.ppc64le.rpm systemd-container-debuginfo-239-45.el8.ppc64le.rpm systemd-debuginfo-239-45.el8.ppc64le.rpm systemd-debugsource-239-45.el8.ppc64le.rpm systemd-devel-239-45.el8.ppc64le.rpm systemd-journal-remote-239-45.el8.ppc64le.rpm systemd-journal-remote-debuginfo-239-45.el8.ppc64le.rpm systemd-libs-239-45.el8.ppc64le.rpm systemd-libs-debuginfo-239-45.el8.ppc64le.rpm systemd-pam-239-45.el8.ppc64le.rpm systemd-pam-debuginfo-239-45.el8.ppc64le.rpm systemd-tests-239-45.el8.ppc64le.rpm systemd-tests-debuginfo-239-45.el8.ppc64le.rpm systemd-udev-239-45.el8.ppc64le.rpm systemd-udev-debuginfo-239-45.el8.ppc64le.rpm s390x: systemd-239-45.el8.s390x.rpm systemd-container-239-45.el8.s390x.rpm systemd-container-debuginfo-239-45.el8.s390x.rpm systemd-debuginfo-239-45.el8.s390x.rpm systemd-debugsource-239-45.el8.s390x.rpm systemd-devel-239-45.el8.s390x.rpm systemd-journal-remote-239-45.el8.s390x.rpm systemd-journal-remote-debuginfo-239-45.el8.s390x.rpm systemd-libs-239-45.el8.s390x.rpm systemd-libs-debuginfo-239-45.el8.s390x.rpm systemd-pam-239-45.el8.s390x.rpm systemd-pam-debuginfo-239-45.el8.s390x.rpm systemd-tests-239-45.el8.s390x.rpm systemd-tests-debuginfo-239-45.el8.s390x.rpm systemd-udev-239-45.el8.s390x.rpm systemd-udev-debuginfo-239-45.el8.s390x.rpm x86_64: systemd-239-45.el8.i686.rpm systemd-239-45.el8.x86_64.rpm systemd-container-239-45.el8.i686.rpm systemd-container-239-45.el8.x86_64.rpm systemd-container-debuginfo-239-45.el8.i686.rpm systemd-container-debuginfo-239-45.el8.x86_64.rpm systemd-debuginfo-239-45.el8.i686.rpm systemd-debuginfo-239-45.el8.x86_64.rpm systemd-debugsource-239-45.el8.i686.rpm systemd-debugsource-239-45.el8.x86_64.rpm systemd-devel-239-45.el8.i686.rpm systemd-devel-239-45.el8.x86_64.rpm systemd-journal-remote-239-45.el8.x86_64.rpm systemd-journal-remote-debuginfo-239-45.el8.i686.rpm systemd-journal-remote-debuginfo-239-45.el8.x86_64.rpm systemd-libs-239-45.el8.i686.rpm systemd-libs-239-45.el8.x86_64.rpm systemd-libs-debuginfo-239-45.el8.i686.rpm systemd-libs-debuginfo-239-45.el8.x86_64.rpm systemd-pam-239-45.el8.x86_64.rpm systemd-pam-debuginfo-239-45.el8.i686.rpm systemd-pam-debuginfo-239-45.el8.x86_64.rpm systemd-tests-239-45.el8.x86_64.rpm systemd-tests-debuginfo-239-45.el8.i686.rpm systemd-tests-debuginfo-239-45.el8.x86_64.rpm systemd-udev-239-45.el8.x86_64.rpm systemd-udev-debuginfo-239-45.el8.i686.rpm systemd-udev-debuginfo-239-45.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-3842 https://access.redhat.com/security/cve/CVE-2020-13776 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPtN9zjgjWX9erEAQh1fw/9G0b1Nor53kXGEjIF5mkaTXpmJWYf1e+f 7fs7L0GIw5ecxzTx0dltY8yR2tLsGoGcCxHFQlTIBULu57RsHbR+cHsTG4iAMCW5 tFC1/CCNftao0Gr8LQu3a/XoIDQX3mKEvjly1Ry0g2nw/C126e0YYJwqPGRn7eIJ K98tUTD+wYd+UT+DKNBXmbc51+nZ4L+Bt2goBtc0NPxBI8IkpNExUmZV6e9UAxl6 dznK/EIjmCQucrfpEeg1c0DnxZIGU3zIfIM8C+s9vyeyKSfY0tdY++FcOQBMz5ms 8MG3CykDZWxnBJ4w9ta052BV7yYeJFHxpkMKR1q9JkAJj1zhnoDhm3v0l6qkrhrG oJfwkgZEbZkCXeixa2R7VO7aHhmdcpurv3RaBebRX5OvPdjppjkeKtxW/mp8BeSB XQPhIUpxPR2KZnjwY9P9AnUFq549BsPs9wHSSxagQaY+GRu7nLs2R0I4QD/KGsvB CG/Nm0xBCq9brFYTPFyTa9bPpqCMwWDqJlAFuO9+5fhvIiVQLHaovzMlOJOyKBUm /JMZ2s3azB6pLD/fiG+tmc4dNJ/bhC37n9++9zWG3USy3f33f/m7ELVGG2eVZ2mh W+vmCuFPoHokguaVkorCXEc5tT6tEKpsYqvPfa80GAEBadEQAjqFyg4AtBL5z4jx gSR+956dHOo=K4AI -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 5. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. Description: Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release: https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/ Security fixes: * redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309) * console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092) * console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918) Bug fixes: * RHACM 2.2.4 images (BZ# 1957254) * Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832) * ACM Operator should support using the default route TLS (BZ# 1955270) * The scrolling bar for search filter does not work properly (BZ# 1956852) * Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426) * The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181) * Unable to make SSH connection to a Bitbucket server (BZ# 1966513) * Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890) 3. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message 5. Bugs fixed (https://bugzilla.redhat.com/): 1937901 - CVE-2021-27918 golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader 1958341 - CVE-2021-31525 golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header 1965503 - CVE-2021-33196 golang: archive/zip: Malformed archive may cause panic or memory exhaustion 1971445 - Release of OpenShift Serverless Serving 1.16.0 1971448 - Release of OpenShift Serverless Eventing 1.16.0 5. Description: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release: https://access.redhat.com/errata/RHSA-2021:2122 Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html This update fixes the following bug among others: * Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238) Security Fix(es): * gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121) You may download the oc tool and use it to inspect release image metadata as follows: (For x86_64 architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64 The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4 (For s390x architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd (For ppc64le architecture) $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36 All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor 3. Solution: For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update: https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing 5. ========================================================================== Ubuntu Security Notice USN-3938-1 April 08, 2019 systemd vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.10 - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: The systemd PAM module could be used to gain additional PolicyKit privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10: libpam-systemd 239-7ubuntu10.12 Ubuntu 18.04 LTS: libpam-systemd 237-3ubuntu10.19 Ubuntu 16.04 LTS: libpam-systemd 229-4ubuntu21.21 Ubuntu 14.04 LTS: libpam-systemd 204-5ubuntu20.31 In general, a standard system update will make all the necessary changes. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console. For the stable distribution (stretch), this problem has been fixed in version 232-25+deb9u11. We recommend that you upgrade your systemd packages. For the detailed security status of systemd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/systemd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlyrsfpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S19A//eYZPzdFbJILUh0RBa2uZAxRHrOBIb/UsDKVPu4wZrMJdPGHSZoL+R2RQ Tm1xLhFU+dgMLjfx1n70NIvg5hjPRrhD+6A8QVeU5IcsrMm7cSEFAgj3H5Cok+SN OndAGXQ/EoRrSTDUjnNA7x4H3oxlsnH8nnY4vMqLezlPimMve+hsUSmB/ggDfB9M FoZX35xUsSb/VvxdLqdVM7SFpti63XzAyYOueshaseGNR76rXkaPbXBSpzmcOhaz 9f08i1XG0IeojM0iHzBvOR8skicAPIwFXVLTCt1QE3nqzYeRhZAcq5yifAVm0A6G qzVihq36Sw1roz5uI95x/jBd+odLbSZBG3a7py7jMDsWi8lRkD3kftQVsF9OmUgE FaJtVKCydcWDRA9zWDLMG/6XqRIpDviK8DY/9dq6VkG6VHswobMs87LsrKrdb1tC SqIV2n0mvsUs+BeMI1DDZbJuoXKjHi+3hS+wLFrZ/TM+riAuUq4KbfbSR9JLQdVS D9Vq4J+hECgquS7c/YjmwNm2IdK4R8oSYs410AOmaWB/1xPzn5u5j4HMe3D6DJ6h 8H20PL1O6npyJOWGNimfZDGoxTR87Qfv72v5s59FtJzSVxGLaynsgIv0+ZO0SGH7 80/FYzsd0O4AtrZhjF0jxhwcCmCDMfNO1rEm/whQkmPhdLNxgTM=flwI -----END PGP SIGNATURE-----

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user permissions, an attacker may access URLs that require special authorization. An attacker must have access to a low privileged account in order to exploit the vulnerability. SINEMA Remote Connect Server Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens is a leading global technology company that provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drive and software with innovation in electrification, automation and digital. Siemens SINEMA has an unauthorized access vulnerability that an attacker can use to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. An attacker could use the vulnerability to compromise confidentiality, integrity and availability of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. The platform supports efficient and secure remote access to machines and equipment distributed around the world, as well as secure management of VPN tunnels between control centers, service engineers and installed equipment. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known. Spectrum Power 4 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SiemensSpectrumPower is a system that provides the basic components for SCADA, communication and data modeling of control and monitoring systems

Insufficient path checking in the installation package for Intel(R) Graphics Performance Analyzer for Linux version 18.4 and before may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Graphics Performance Analyzer for Linux is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Graphics Performance Analyzer 2019 R1 are vulnerable. It only needs to provide functions such as graphics analysis and optimization. The vulnerability stems from the lack of effective permission and access control measures in network systems or products

Improper directory permissions in installer for Intel(R) Media SDK before 2018 R2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Intel Has released an update for each product.The expected impact depends on each vulnerability, but can be affected as follows: * Privilege escalation (CVE-2018-18094, CVE-2019-0158, CVE-2019-0162, CVE-2019-0163) * Information leak (CVE-2019-0162) * Service operation interruption (DoS) attack (CVE-2019-0162). Intel Media SDK is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges. Versions prior to Media SDK 2018 R2.1 are vulnerable. This product is mainly used for video encoding, decoding and processing in Windows and embedded Linux applications. The vulnerability stems from the lack of effective permissions and access control measures in network systems or products

An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6.7 and below allows attacker to reveals serial number of FortiGate via hostname field defined in connection control setup packets of PPTP protocol. Fortinet FortiOS Contains an information disclosure vulnerability.Information may be obtained. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. The vulnerability stems from the failure of the network system or product to properly validate the input data

A vulnerability was found in Samba from version (including) 4.9 to versions before 4.9.6 and 4.10.2. During the creation of a new Samba AD DC, files are created in a private subdirectory of the install location. This directory is typically mode 0700, that is owner (root) only access. However in some upgraded installations it will have other permissions, such as 0755, because this was the default before Samba 4.8. Within this directory, files are created with mode 0666, which is world-writable, including a sample krb5.conf, and the list of DNS names and servicePrincipalName values to update. Samba Contains a permission vulnerability.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. A local attacker can exploit this issue by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks. Samba is a set of free software developed by the Samba team that enables the UNIX series of operating systems to connect with the SMB/CIFS network protocol of the Microsoft Windows operating system. The software supports sharing printers, transferring data files and so on. There is a security vulnerability in Samba, which originates from the fact that the program creates files in the private/ directory as globally writable. An attacker could exploit this vulnerability to elevate privileges

On Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W devices through 1.0.227, an authenticated admin can use the "TestEmail" functionality to inject and run OS commands as root, as demonstrated by shell metacharacters in the addr1 field. plural Reolink The product includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Reolink Digital Technology RLC-410W is an IP camera produced by Reolink Digital Technology Company in Hong Kong, China. There are security vulnerabilities in several Reolink products. Attackers use the 'TestEmail' function to exploit this vulnerability to inject and execute operating system commands with root privileges. The following products and versions are affected: Reolink RLC-410W 1.0.227 and earlier; C1 Pro 1.0.227 and earlier; C2 Pro 1.0.227 and earlier; RLC-422W 1.0.227 and earlier; RLC-511W 1.0 .227 and earlier versions

Check Point IKEv2 IPsec VPN up to R80.30, in some less common conditions, may allow an attacker with knowledge of the internal configuration and setup to successfully connect to a site-to-site VPN server. Check Point IKEv2 IPsec VPN Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain unauthorized physical access to a vehicle. This issue affects AutoMobility MyCar versions prior to 3.4.24 on iOS and versions prior to 4.1.2 on Android. This issue has additionally been fixed in Carlink, Link, Visions MyCar, and MyCar Kia. AutoMobility Distribution Inc Smartphone app " MyCar Controls Is a hard-coded management authentication information that can be used as an alternative to the username and password when the user communicates to the server endpoint (CWE-798) Exists.A remote unauthorized third party may send commands to or obtain data from the product. AutoMobility Distribution MyCar Controls is prone to a security-bypass vulnerability. Attackers can exploit this issue to gain unauthorized access to the affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

FANUC CNC products are the core components of CNC machine tools. FANUC CNC has a denial of service vulnerability. An attacker can use this vulnerability to launch a denial of service attack.

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. An unrestricted file upload vulnerability in the Front Circle Controller glytoolcgi/settingfile_upload.cgi allows attackers to upload supplied data. This can be used to place attacker controlled code on the filesystem that can be executed and can lead to a reverse root shell. Glory RBW-100 The device firmware contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory Global RBW-100 is a banknote collection device from Glory Global

An issue was discovered on Glory RBW-100 devices with firmware ISP-K05-02 7.0.0. A hard-coded username and password were identified that allow a remote attacker to gain admin access to the Front Circle Controller web interface. Glory RBW-100 Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Glory Global RBW-100 is a banknote collection device from Glory Global

When processing project files, the application (Omron CX-Programmer v9.70 and prior and Common Components January 2019 and prior) fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One CX-Programmer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of CXP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. Omron CX-Programmer is prone to an arbitrary code-execution vulnerability. Failed attempts will likely cause a denial-of-service condition. Omron CX-Programmer version 9.70 and prior are vulnerable; other versions may also be vulnerable. Both Omron CX-Programmer and Omron Common Components are products of Omron Corporation of Japan. Omron CX-Programmer is a PLC (Programmable Logic Controller) programming software. Omron Common Components is a PLC common component. This product includes PLC tools such as I/O table, PLC memory, PLC system setup, data trace/time graph monitoring, PLC error log, file memory, PLC clock, routing table and data link table. A resource management error vulnerability exists in Omron CX-Programmer 9.70 and earlier and Common Components 2019-1 and earlier. This vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products