VARIoT IoT vulnerabilities database
| VAR-202007-0792 | CVE-2020-14599 | Oracle E-Business Suite of Oracle CRM Gateway for Mobile Devices In Setup of Mobile Applications Vulnerability |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The software provides functions such as customer relationship management, service management, and financial management. Attackers can use this vulnerability to access, create, delete or modify data without authorization, affecting the confidentiality and integrity of data
| VAR-202007-0428 | CVE-2020-14598 | Oracle E-Business Suite of Oracle CRM Gateway for Mobile Devices In Setup of Mobile Applications Vulnerability |
CVSS V2: 6.4 CVSS V3: 9.1 Severity: CRITICAL |
Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Gateway for Mobile Devices. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle CRM Gateway for Mobile Devices accessible data as well as unauthorized access to critical data or complete access to all Oracle CRM Gateway for Mobile Devices accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). The software provides functions such as customer relationship management, service management, and financial management. Attackers can use this vulnerability to access, create, delete or modify data without authorization, affecting the confidentiality and integrity of data
| VAR-202007-0042 | CVE-2020-10044 | plural SICAM Vulnerability regarding lack of authentication for critical features in the product |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device. SICAM MMU , SGU , T There is a vulnerability in the lack of authentication for critical features.Information may be tampered with. SICAM T is a digital measuring sensor that allows the measurement of electricity in non-electrical networks in a single unit. ICAM-MMU (Measurement and Monitoring Unit) is a power monitoring device that allows the measurement of electricity in the power grid in a unit. SICAM SGU (discontinued) is a smart grid remote terminal device with the communication capabilities of power companies and utility companies.
Siemens SICAM MMU, SGU and T have security vulnerabilities
| VAR-202007-1285 | CVE-2020-5374 | Dell EMC OpenManage Integration for Microsoft System Center for SCCM and SCVMM Vulnerability in Using Hard Coded Credentials |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. A remote unauthenticated attacker may exploit this vulnerability to gain access to the appliance data for remotely managed devices
| VAR-202007-1284 | CVE-2020-5373 | Dell EMC OpenManage Integration for Microsoft System Center for SCCM and SCVMM Vulnerability regarding lack of authentication for critical features in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to retrieve the system inventory data of the managed device. The vulnerability is caused by the program not properly authenticating users
| VAR-202007-0396 | CVE-2020-14499 | Advantech iView Vulnerability regarding inadequate protection of credentials in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. Advantech iView Exists in an inadequate protection of credentials.Information may be obtained. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the UserServlet class
| VAR-202007-1133 | CVE-2020-6514 | Google Chrome Security hole |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream. Google Chrome is a web browser developed by Google (Google). WebRTC is one of the components that supports browsers for real-time voice or video conversations. A security vulnerability exists in WebRTC in versions prior to Google Chrome 84.0.4147.89. An attacker could exploit this vulnerability to bypass security restrictions. WebRTC: usrsctp is called with pointer as network address
When usrsctp is used with a custom transport, an address must be provided to usrsctp_conninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value. Unfortunately, this value is often transmitted to the peer, for example to validate signing of the cookie. This could allow an attacker access to the location in memory of the SctpTransport of a peer, bypassing ASLR.
To reproduce, place the following code on line 9529 of sctp_output.c. This will output the peer's address to the log:
struct sctp_state_cookie cookie2;
struct sctp_state_cookie* cookie3;
cookie3 = sctp_get_next_param(cookie, 4, &cookie2, sizeof(struct sctp_state_cookie));
LOGE(\"COOKIE INITACK ADDRESS %llx laddress %llx\", *((long long*)cookie3->address), *((long long*)cookie3->address));
Or, view the SCTP packets sent by WebRTC before they are sent to the encryption layer. They are full of pointers.
This bug is subject to a 90 day disclosure deadline. After 90 days elapse,
the bug report will become visible to the public. The scheduled disclosure
date is 2020-Jul-28. Disclosure at an earlier date is possible if
agreed upon by all parties.
Related CVE Numbers: CVE-2020-6514.
Found by: deadbeef@chromium.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202007-64
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Mozilla Thunderbird: Multiple vulnerabilities
Date: July 31, 2020
Bugs: #734978
ID: 202007-64
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in Mozilla Thunderbird, the
worst of which could result in the arbitrary execution of code.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 mail-client/thunderbird < 68.11.0 >= 68.11.0
2 mail-client/thunderbird-bin
< 68.11.0 >= 68.11.0
-------------------------------------------------------------------
2 affected packages
Description
==========
Multiple vulnerabilities have been discovered in Mozilla Thunderbird.
Please review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-68.11.0"
All Mozilla Thunderbird binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-68.11.0"
References
=========
[ 1 ] CVE-2020-15652
https://nvd.nist.gov/vuln/detail/CVE-2020-15652
[ 2 ] CVE-2020-15659
https://nvd.nist.gov/vuln/detail/CVE-2020-15659
[ 3 ] CVE-2020-6463
https://nvd.nist.gov/vuln/detail/CVE-2020-6463
[ 4 ] CVE-2020-6514
https://nvd.nist.gov/vuln/detail/CVE-2020-6514
[ 5 ] MFSA-2020-35
https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202007-64
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. 8) - aarch64, ppc64le, x86_64
3. 8.1) - ppc64le, x86_64
3. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: thunderbird security update
Advisory ID: RHSA-2020:3345-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3345
Issue date: 2020-08-06
CVE Names: CVE-2020-6463 CVE-2020-6514 CVE-2020-15652
CVE-2020-15659
====================================================================
1. Summary:
An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64
Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64
3. Description:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 68.11.0.
Security Fix(es):
* chromium-browser: Use after free in ANGLE (CVE-2020-6463)
* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)
* Mozilla: Potential leak of redirect targets when loading scripts in a
worker (CVE-2020-15652)
* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
(CVE-2020-15659)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to
take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1840893 - CVE-2020-6463 chromium-browser: Use after free in ANGLE
1857349 - CVE-2020-6514 chromium-browser: Inappropriate implementation in WebRTC
1861570 - CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker
1861572 - CVE-2020-15659 Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11
6. Package List:
Red Hat Enterprise Linux Desktop (v. 6):
Source:
thunderbird-68.11.0-1.el6_10.src.rpm
i386:
thunderbird-68.11.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.11.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 6):
Source:
thunderbird-68.11.0-1.el6_10.src.rpm
i386:
thunderbird-68.11.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm
ppc64:
thunderbird-68.11.0-1.el6_10.ppc64.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.ppc64.rpm
s390x:
thunderbird-68.11.0-1.el6_10.s390x.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.s390x.rpm
x86_64:
thunderbird-68.11.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 6):
Source:
thunderbird-68.11.0-1.el6_10.src.rpm
i386:
thunderbird-68.11.0-1.el6_10.i686.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.i686.rpm
x86_64:
thunderbird-68.11.0-1.el6_10.x86_64.rpm
thunderbird-debuginfo-68.11.0-1.el6_10.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2020-6463
https://access.redhat.com/security/cve/CVE-2020-6514
https://access.redhat.com/security/cve/CVE-2020-15652
https://access.redhat.com/security/cve/CVE-2020-15659
https://access.redhat.com/security/updates/classification/#important
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXyvRqdzjgjWX9erEAQi6yBAAmpPI3ei7YVCzkppVmO6lhuEQ7ekkZd9D
HW86ZmanNw9NgzWiQdXyEKBIexRybfGmAR+hVuPAc/HyHyGP73Mrl9I9ueT6Mn0D
su5Q7k4rWE955brUN+SkRv4sTSw7atPXz/M+hhMkFuonnzcrBE2VjH6Bu2wtub/w
VAlGKQlGktLyEUtpKq+NPDH5FV33vTwaprrhzBwCTHx35TNVt71YsmS0UP+w/ERU
V2VIsbLiqfX29tbUr9PqLD86kwrv9oiKFAAlkpIEyulMk0B9G04+/mI0B9zrS2Il
NV/jFU3t+gizbwCkRXg46Vo+3PWiBSe95iROULfDUw+F88fPJMDN3ZHpPyGNGLjo
Bg592YWct3IC8U4Pk86/Njy3oZGz+dxPTibwLn6OXY0d2D2nGKl+Joo5gvvNIAfy
c65OPXKM+b5DF2vLq24348G4oFKv3z0EWNEnHhpNx0u7WCDsPAevapmQQBRe7PMF
OZUHgQptH/ONpE7/V+CoX/oT9Q9EpyBcaDultXklzf8Jzbwi0ak19RydEzv88Zbf
Y2JTNW01LvqmfQsQM0WNUcMXjcSU3dzPgRJekCuW6vzXWEqekYTc0rSJlRglbXoE
BZ7sJrDwuGlI4QbzvBpsGRv/9ltFA059MQhrWj+feMnEWhWWAhAIcIpDZ/AitROb
UOB9OxPc8jQ=Zj/d
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. 8.0) - aarch64, ppc64le, s390x, x86_64
3. Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability
| VAR-202007-1472 | No CVE | UFIDA Network Technology Co., Ltd. UFIDA NC Cloud has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
NC Cloud is a new generation of cloud ERP products developed by UFIDA's IoT, big data, artificial intelligence and other technologies.
Yonyou Network Technology Co., Ltd. Yonyou NC Cloud has an unauthorized access vulnerability, which can be exploited by attackers to cause data information leakage.
| VAR-202007-1495 | No CVE | Proficy Machine Edition has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Proficy Machine Edition is a PLC programming software developed by Emerson Trading (Shanghai) Co., Ltd.
Proficy Machine Edition has a denial of service vulnerability, which can be exploited by an attacker to cause a denial of service.
| VAR-202007-0063 | CVE-2020-10986 | Tenda AC15 AC1900 cross-site request forgery vulnerability |
CVSS V2: 7.1 CVSS V3: 6.5 Severity: MEDIUM |
A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. Tenda AC15 AC1900 Exists in a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
| VAR-202007-0064 | CVE-2020-10987 | Tenda AC15 AC1900 Injection vulnerabilities in |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. Tenda AC15 AC1900 There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
| VAR-202007-0066 | CVE-2020-10989 | Tenda AC15 AC1900 cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. Tenda AC15 AC1900 Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
| VAR-202007-0065 | CVE-2020-10988 | Tenda AC15 AC1900 trust management issue vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. Tenda AC15 AC1900 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Tenda AC15 AC1900 is a wireless router of China Tenda (Tenda) company
| VAR-202007-1512 | No CVE | LTE digital cellular mobile communication network MME equipment has a denial of service vulnerability |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
LTE digital cellular mobile communication network MME equipment is an important network element of the LTE core network and is responsible for processing signaling.
LTE digital cellular mobile communication network MME equipment has a denial of service vulnerability. An attacker can exploit the vulnerability to cause a denial of service attack.
| VAR-202007-1503 | No CVE | Delta ISPSoft isp project file has memory corruption vulnerability (CNVD-2020-33323) |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
ISPSoft is a new generation of Delta PLC programming software.
Delta ISPSoft has a memory corruption vulnerability when processing isp project files. An attacker can trick a user who installs ISPSoft to open a malicious isp file, thereby triggering a vulnerability and causing the program to deny service.
| VAR-202007-1476 | No CVE | Dahua network keyboard and face integrated host have information disclosure vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
DH-NHB5000 is a new generation full touch network keyboard independently designed and developed by Dahua.
Dahua network keyboard and face integrated host have information leakage vulnerability. Attackers can use vulnerabilities to bypass authentication and obtain sensitive information.
| VAR-202007-1488 | No CVE | TPEditor has a memory corruption vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
TPEditor is the programming software used by Delta Electronic Programmable Display Series in WINDOWS environment.
TPEditor has a memory corruption vulnerability. An attacker can trick a user who installs TPEditor to open a malicious tpe file, thereby triggering a vulnerability and causing the program to deny service.
| VAR-202007-0916 | CVE-2020-15504 | Sophos XG Firewall In SQL Injection vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A SQL injection vulnerability in the user and admin web interfaces of Sophos XG Firewall v18.0 MR1 and older potentially allows an attacker to run arbitrary code remotely. The fix is built into the re-release of XG Firewall v18 MR-1 (named MR-1-Build396) and the v17.5 MR13 release. All other versions >= 17.0 have received a hotfix. (DoS) It may be put into a state. Sophos XG Firewall is a next-generation endpoint protection and enterprise-class firewall product from Sophos, UK. A remote attacker could exploit this vulnerability to execute arbitrary code
| VAR-202007-0192 | CVE-2020-12025 | Rockwell Automation Made Logix Designer Studio 5000 To XML Improper restriction vulnerability in external entity reference |
CVSS V2: 4.3 CVSS V3: 3.3 Severity: LOW |
Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. Rockwell Automation Provides Logix Designer Studio 5000 Is management software for control systems for industrial equipment. For the product XML Improper restriction vulnerability in external entity reference (CWE-611) Exists.If an unauthenticated third party creates and loads a specially crafted file, the system host name and resources may be leaked from the product. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of AML files. An attacker can leverage this vulnerability to disclose information in the context of the current process. The vulnerability stems from the program not properly restricting references to XML external entities. Attackers can use the vulnerability to view host names or other resources
| VAR-202007-0756 | CVE-2020-15001 | Yubico YubiKey 5 NFC Information Disclosure Vulnerability |
CVSS V2: 2.9 CVSS V3: 5.3 Severity: MEDIUM |
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.). Yubico YubiKey 5 NFC is a multi-protocol secret key device supporting NFC (Near Field Communication) function from Yubico, Sweden