VARIoT IoT vulnerabilities database

Under certain conditions SAP Gateway of ABAP Application Server (fixed in SAP_GWFND 7.5, 7.51, 7.52, 7.53; SAP_BASIS 7.5) allows an attacker to access information which would otherwise be restricted. An attacker can exploit this issue to gain sensitive information, that may aid in further attacks

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-1500 CPU Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1500 is a family of modular controllers. A denial of service vulnerability exists in the Siemens SIMATIC S7-1500 CPU. Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users

A vulnerability has been identified in SIMATIC S7-1500 CPU (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 CPU (All versions <= V1.8.5). Specially crafted network packets sent to port 80/tcp or 443/tcp could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/tcp or 443/tcp. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SIMATIC S7-1500 CPU Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. The Siemens SIMATIC S7-1500 is a family of modular controllers. A denial of service vulnerability exists in the Siemens SIMATIC S7-1500 CPU. Attackers can exploit these issues to crash the affected application or consume excess memory, denying service to legitimate users

Improper input validation in the proxy component of McAfee Web Gateway 7.8.2.0 and later allows remote attackers to cause a denial of service via a crafted HTTP request parameter. McAfee Web Gateway Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. McAfee Web Gateway is prone to a remote denial-of-service vulnerability. Successful exploits of this issue will allow attackers to cause a denial-of-service condition. The following versions are vulnerable: 7.8.2 versions prior to 7.8.2.5 8.0 versions prior to 8.0.2. The product provides features such as threat protection, application control, and data loss prevention. Proxy is one of the proxy components. The proxy component in McAfee MWG 7.8.2.0 and later versions has an input validation vulnerability

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka "ASP.NET Core Denial of Service Vulnerability." This affects ASP.NET Core 2.1. This CVE ID is unique from CVE-2019-0548. This vulnerability CVE-2019-0548 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. Successful exploits will attackers to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 ===================================================================== 1. Summary: Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: .NET Core is a managed software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Security Fix(es): * .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545) * .NET Core: ANCM WebSocket DOS (CVE-2019-0548) * .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For more information, please refer to the upstream docs in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a Denial-of-Service condition of the web server. The security vulnerability could be exploited by an attacker with network access to the affected systems on port 80/TCP or 443/TCP. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the web server. A system reboot is required to recover the web service of the device. At the time of advisory update, exploit code for this security vulnerability is public. SICAM A8000 CP-8000 , CP-802X , CP-8050 Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SIEMENS provides solutions to customers in the areas of power generation and transmission and distribution, infrastructure, industrial automation, drives and software with innovations in electrification, automation and digital. A denial of service vulnerability exists in the SIEMENS ICAM A8000 series. Remote attackers may exploit this issue to cause denial-of-service conditions. The following Siemens SICAM A8000 RTU versions are vulnerable: Siemens SICAM A8000 CP-8000 versions prior to 14 Siemens SICAM A8000 CP-802X versions prior to 14 Siemens SICAM A8000 CP-8050 versions prior to 2

An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7/4.7.1/4.7.2, .NET Core 2.1, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 2.2, Microsoft .NET Framework 4.7.2. plural Microsoft There is a vulnerability in the product that exposes information. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2019:0040-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0040 Issue date: 2019-01-09 CVE Names: CVE-2019-0545 CVE-2019-0548 CVE-2019-0564 ===================================================================== 1. Summary: Updates for rh-dotnet21-dotnet and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 2.1.5 and 2.2.1. Security Fix(es): * .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure (CVE-2019-0545) * .NET Core: ANCM WebSocket DOS (CVE-2019-0548) * .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) (CVE-2019-0564) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. For more information, please refer to the upstream docs in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1660632 - CVE-2019-0545 .NET Core: NCL - SocketsHttpHandler mishandling 1xx response as a final response leads to info disclosure 1660634 - CVE-2019-0564 .NET Core: Kestrel - WebSocket DoS via CancellationToken (CoreFX and ASP.NET) 1660636 - CVE-2019-0548 .NET Core: ANCM WebSocket DOS 6. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet21-2.1-6.el7.src.rpm rh-dotnet21-dotnet-2.1.503-1.el7.src.rpm x86_64: rh-dotnet21-dotnet-sdk-2.1-2.1.503-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-6.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet22-2.2-2.el7.src.rpm rh-dotnet22-dotnet-2.2.102-1.el7.src.rpm x86_64: rh-dotnet22-2.2-2.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.1-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.102-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.102-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-2.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-0545 https://access.redhat.com/security/cve/CVE-2019-0548 https://access.redhat.com/security/cve/CVE-2019-0564 https://access.redhat.com/security/updates/classification/#moderate https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0545 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0548 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0564 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXDW2sdzjgjWX9erEAQjnURAAoOOF+CAyd0GdKX4LT2eZ/ctDcYggUZkX 1uMSJxXYU64TTYyAmkWUad9GPHMl+7QPjLZGbsLoUv37jSHwfg6VLiPRPy/jGMEq DN1ECN44X2nbUvCO+aKSNSpkRx7oBgQeR3gcPDMS1bzzJgOzhldL8rHH4GnmsoLI DgBXda8QlnFQVXEK+64H9B5hmlD8PERkne9mmqH1M3tkYZeBdnsud7Zb+UTNmMDR ZCVdGr4UIjFZZWpQf5FhjLw4Y2Wv4+e0UBiRFj3GqiS4YYNy+0VxsuTYW3YvNO2R tgZ/UyXljxfgEoQrwg58sI1icuY9CDuyUbLXjEhmlh9E8lDHZ4C3OyK+M7D/KN43 +Hf3E1qgMyg+RDlIFsDsMNDvH7Y6oHv5OIeELIEG9A+oDeQwpoUE6FlQhwMBKZgV kLnwYXahwcbcpJWB2Fwp2htwACGwlWzisanA0+Qqnb0zsgL/UI/ZuHmcmXXW68U3 L7JuUVE61WCdZYPyANW/kkxIuqw875FVM39dInDlUOwcPyGbkiH7qsauiyLLadlR +GpenM0LLRftSh3FILuQyH+6EORUrduB8445BGtdVKOUChiSOc09qcFozzxKki5P Atkajiv2GssKgIFDg7NBMMPETWRjun6SIsxnZ+CcaxLdOjw1isYRzSxMHdNyU7bc eGIiHj6xieM= =m5dC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device. Practecol Guardzilla All-In-One Video Security System Contains a vulnerability in the use of hard-coded credentials.Information may be obtained. GuardzillaAll-In-OneVideoSecuritySystem is a home security platform that provides indoor video surveillance. There is a hard-coded credential vulnerability in the Guardzilla IoT camera. This vulnerability exists in Amazon Simple Storage Service (S3) credentials within the Guardzilla Security Camera firmware. Use embedded S3 credentials to unrestrictedly view and download any stored files and videos in the associated bucket. Once a password is obtained, any unauthenticated attacker can collect data from any affected system over the network. Cloud-based storage system is one of the cloud-based storage systems. An attacker could exploit this vulnerability to view all Guardzilla personal data

Malicious TA can tag QSEE kernel memory and map to EL0, there by corrupting the physical memory as well it can be used to corrupt the QSEE kernel and compromise the whole TEE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables and Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439 and Snapdragon_High_Med_2016. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. QualcommIPQ8074 and other are Qualcomm's central processing unit (CPU) products for different platforms. ContentProtection is one of the content protection components. There is an input validation vulnerability in ContentProtection in several Qualcomm products that can be exploited by remote attackers to cause kernel memory to be mapped to EL0. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-111092812, A-111093241 and A-117119136

There is potential for memory corruption in the RIL daemon due to de reference of memory outside the allocated array length in RIL in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in versions MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM630, SDM660, ZZ_QCS605. plural Snapdragon The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-111092812, A-111093241 and A-117119136. Qualcomm MDM9206, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in the RIL in several Qualcomm products. A remote attacker could exploit this vulnerability to cause memory corruption in the RIL daemon

Unauthorized access may be allowed by the SCP11 Crypto Services TA will processing commands from other TA in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SD 835, SD 8CX, SDM439, Snapdragon_High_Med_2016. plural Snapdragon The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm Closed-Source Components are prone to multiple unspecified vulnerabilities. An attacker can exploit these issues to perform unauthorized actions. This may aid in further attacks. These issues are being tracked by Android Bug IDs A-111092812, A-111093241 and A-117119136. Qualcomm MDM9607, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) for different platforms. Cyrpto Services is one of the encryption service components. Permission and access control vulnerabilities exist in Cyrpto Services in several Qualcomm products. The following products are affected: Qualcomm MDM9607; MDM9650; MDM9655; MSM8996AU; SD 210; SD 212; SD 205; SD 615/16; SD 415; SD 625; SD 632; SD 650/52; SD 820; SD 820A; SD 835; SD 8CX; SDM439; Snapdragon_High_Med_2016

Apache Thrift Java client library versions 0.5.0 through 0.11.0 can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. Apache Thrift Contains an input validation vulnerability.Information may be tampered with. Apache Thrift is prone to a security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Apache Thrift versions 0.5.0 through 0.11.0 are vulnerable. The Java client library is one of the client libraries. Attackers can exploit this vulnerability to bypass security detection. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Fuse 7.4.0 security update Advisory ID: RHSA-2019:2413-01 Product: Red Hat JBoss Fuse Advisory URL: https://access.redhat.com/errata/RHSA-2019:2413 Issue date: 2019-08-08 CVE Names: CVE-2016-10750 CVE-2018-1258 CVE-2018-1320 CVE-2018-8088 CVE-2018-10899 CVE-2018-15758 CVE-2019-0192 CVE-2019-3805 ==================================================================== 1. Summary: A minor version update (from 7.3 to 7.4) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: This release of Red Hat Fuse 7.4.0 serves as a replacement for Red Hat Fuse 7.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * hazelcast: java deserialization in join cluster procedure leading to remote code execution (CVE-2016-10750) * slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution (CVE-2018-8088) * jolokia: system-wide CSRF that could lead to Remote Code Execution (CVE-2018-10899) * spring-security-oauth: Privilege escalation by manipulating saved authorization request (CVE-2018-15758) * solr: remote code execution due to unsafe deserialization (CVE-2019-0192) * thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class (CVE-2018-1320) * spring-security-core: Unauthorized Access with Spring Security Method Security (CVE-2018-1258) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 4. Bugs fixed (https://bugzilla.redhat.com/): 1548909 - CVE-2018-8088 slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution 1578582 - CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security 1601037 - CVE-2018-10899 jolokia: system-wide CSRF that could lead to Remote Code Execution 1643048 - CVE-2018-15758 spring-security-oauth: Privilege escalation by manipulating saved authorization request 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1667204 - CVE-2018-1320 thrift: SASL negotiation isComplete validation bypass in the org.apache.thrift.transport.TSaslTransport class 1692345 - CVE-2019-0192 solr: remote code execution due to unsafe deserialization 1713215 - CVE-2016-10750 hazelcast: java deserialization in join cluster procedure leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2016-10750 https://access.redhat.com/security/cve/CVE-2018-1258 https://access.redhat.com/security/cve/CVE-2018-1320 https://access.redhat.com/security/cve/CVE-2018-8088 https://access.redhat.com/security/cve/CVE-2018-10899 https://access.redhat.com/security/cve/CVE-2018-15758 https://access.redhat.com/security/cve/CVE-2019-0192 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=jboss.fuse&version=7.4.0 https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXUv0xNzjgjWX9erEAQhCzRAAjdpuIeE+WhWxaZpzsfh333p6RXGKoB8g 4BGVD7yZjSNoPmRzkSuaNUTT0wYZdRLSNeYK1FvxqZlTBesHbe3IV80gDNiV2vad VzwNYukUoa6s8hdzKY/zCKwhuZ5cWkk+FLjFAPEfZt2Typ3kyYPnK/RxNnzfeSgc 90xh60LImUIJK/hGyOL40z8pGFbG404TJbdezYnQt0/l0NBGxPqBGOHnIgpZhAgw gNMEglpIrxap4UzwSEzA5tmjRUDHeUBpsUpKsez5XL2ECssqrRyK8Hj/KeacnARF Mnvf4U/lIOamD6Tles8IAFo/kexW+OxKiHbivOFutraLdEXysgkK8Uf5EQqYKW9+ 7OgEuyMxUi5Pbj4kL666iBp5oV95gEHm2zcQEbn65BFJ3nomb5nReHh5t7G0AqHy GYj9dlx84+UG0Fr717Vi586KwtCu6rgdZJS25+0kSCeZk/cowYLW09G+j/+Jk3yg N/uUfoxqmC/A+SyupFh1A9XZg7oZhkB+Qwo6D2+BejiwXsD8Jv4uzrI7U7+Lg/YK UFa2oqArMKNrF0zf9152lqCEpOL8dCO3X8RcB8LmQcapmr1MYGB+18oNT4o3JcY3 Aa1hoi5+2gGgR7HHuqTsxnDXYPtgqR9CMylc5gmYsMFK5W3sNX8Z/qazoH3fIVtu NNAto03aZgE=rpUB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. Vtiger CRM Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There are security vulnerabilities in the actions/CompanyDetailsSave.php file, actions/UpdateCompanyLogo.php file, and models/CompanyDetails.php file in versions prior to Vtiger CRM 7.1.0 Hotfix2

Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter. VIVOTEKNetworkCameraSeries is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the event_script.js file in the VIVOTEKNetworkCamera family of products from 0x06x to 0x08x

Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware before XXXXXX-VVTK-0X09a allows remote attackers to enable arbitrary system services via a URL parameter. VIVOTEK Network Camera Series is a series of network camera products of VIVOTEK Corporation in China

Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header. VIVOTEKNetworkCameraSeries is a series of network camera products from China VIVOTEK

WebUploader is a simple modern file uploading component developed by Baidu WebFE (FEX) team. It is mainly based on HTML5 and supplemented by FLASH. A file upload vulnerability exists in the Baidu WebUploader component. This vulnerability is caused by the WebUploader component upload page's lax filtering of file types or file extensions. Attackers can use the vulnerability to upload directly or simply bypass the upload upload script file, execute system commands, and obtain website server permissions.

LJ1680 Home Edition is a black and white laser printer with a black and white print speed of 16ppm and a maximum resolution of 1200x1200dpi. Lenovo LJ1680 Home Edition (Win7 64bit) has a memory corruption vulnerability. The vulnerability is due to the SSPORT.sys driver failing to properly check input parameters when processing IO request 0x9C402408. An attacker could exploit the vulnerability to cause memory write corruption and cause the operating system to crash.

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. Technicolor MediaAccess TG789vac v2 HP The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. TechnicolorMediaAccessTG789vacv2HP is a gateway device of the French Technicolor group. A cross-site scripting vulnerability exists in the adminweb interface of the TechnicolorMediaAccess TG789vacv2HP device using firmware version 16.3.7190-2761005-20161004084353. A remote attacker can exploit this vulnerability to inject JavaScript code into the Logviewer interface with a specially crafted HTTPReferer header

The web application on Xerox AltaLink B80xx before 100.008.028.05200, C8030/C8035 before 100.001.028.05200, C8045/C8055 before 100.002.028.05200, and C8070 before 100.003.028.05200 allows unauthenticated command injection. plural Xerox AltaLink The product contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. FujiXeroxAltaLinkB80xx and others are all multi-function printer devices from Fuji Xerox. There are currently no detailed details of the vulnerability provided