VARIoT IoT vulnerabilities database
| VAR-202007-1429 | CVE-2020-11994 | Camel Injection vulnerabilities in template components |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Server-Side Template Injection and arbitrary file disclosure on Camel templating components. Pillow is a Python-based image processing library.
There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Tomcat is a lightweight web application server developed by the Apache Software Foundation. The program implements support for Servlet and JavaServer Page (JSP). A security vulnerability exists in Apache Tomcat. An attacker could exploit this vulnerability to access or modify information associated with the web application. The following products and versions are affected: Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, 7.0.0 to Version 7.0.75.
The purpose of this text-only errata is to inform you about the security
issues fixed in this release.
Security Fix(es):
* libquartz: XXE attacks via job description (CVE-2019-13990)
* jetty: double release of resource can lead to information disclosure
(CVE-2019-17638)
* keycloak: Lack of checks in ObjectInputStream leading to Remote Code
Execution (CVE-2020-1714)
* springframework: RFD attack via Content-Disposition Header sourced from
request input by Spring MVC or Spring WebFlux Application (CVE-2020-5398)
* wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
(CVE-2020-10740)
* camel: RabbitMQ enables Java deserialization by default which could leed
to remote code execution (CVE-2020-11972)
* camel: Netty enables Java deserialization by default which could leed to
remote code execution (CVE-2020-11973)
* shiro: spring dynamic controllers, a specially crafted request may cause
an authentication bypass (CVE-2020-11989)
* camel: server-side template injection and arbitrary file disclosure on
templating components (CVE-2020-11994)
* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
(CVE-2020-13692)
* shiro: specially crafted HTTP request may cause an authentication bypass
(CVE-2020-13933)
* RESTEasy: Caching routes in RootNode may result in DoS (CVE-2020-14326)
* jackson-modules-java8: DoS due to an Improper Input Validation
(CVE-2018-1000873)
* thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* thrift: Out-of-bounds read related to TJSONProtocol or
TSimpleJSONProtocol (CVE-2019-0210)
* mysql-connector-java: privilege escalation in MySQL connector
(CVE-2019-2692)
* spring-ws: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3773)
* spring-batch: XML External Entity Injection (XXE) when receiving XML data
from untrusted sources (CVE-2019-3774)
* codehaus: incomplete fix for unsafe deserialization in jackson-databind
vulnerabilities (CVE-2019-10202)
* hibernate-validator: safeHTML validator allows XSS (CVE-2019-10219)
* org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT
library (CVE-2019-11777)
* cxf: does not restrict the number of message attachments (CVE-2019-12406)
* cxf: OpenId Connect token service does not properly validate the clientId
(CVE-2019-12423)
* hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)
* batik: SSRF via "xlink:href" (CVE-2019-17566)
* Undertow: Memory Leak in Undertow HttpOpenListener due to holding
remoting connections indefinitely (CVE-2019-19343)
* Wildfly: EJBContext principal is not popped back after invoking another
EJB using a different Security Domain (CVE-2020-1719)
* apache-flink: JMX information disclosure vulnerability (CVE-2020-1960)
* cryptacular: excessive memory allocation during a decode operation
(CVE-2020-7226)
* tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's
Parsers (CVE-2020-9489)
* dom4j: XML External Entity vulnerability in default SAX parser
(CVE-2020-10683)
* netty: compression/decompression codecs don't enforce limits on buffer
allocation sizes (CVE-2020-11612)
* camel: DNS Rebinding in JMX Connector could result in remote command
execution (CVE-2020-11971)
* karaf: A remote client could create MBeans from arbitrary URLs
(CVE-2020-11980)
* tika: excessive memory usage in PSDParser (CVE-2020-1950)
* log4j: improper validation of certificate with host mismatch in SMTP
appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):
1665601 - CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
1666499 - CVE-2019-14900 hibernate: SQL injection issue in Hibernate ORM
1670593 - CVE-2019-3773 spring-ws: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1670597 - CVE-2019-3774 spring-batch: XML External Entity Injection (XXE) when receiving XML data from untrusted sources
1694235 - CVE-2020-10683 dom4j: XML External Entity vulnerability in default SAX parser
1703402 - CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector
1705975 - CVE-2020-1714 keycloak: Lack of checks in ObjectInputStream leading to Remote Code Execution
1731271 - CVE-2019-10202 codehaus: incomplete fix for unsafe deserialization in jackson-databind vulnerabilities
1738673 - CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
1764607 - CVE-2019-0210 thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol
1764612 - CVE-2019-0205 thrift: Endless loop when feed with specific input data
1780445 - CVE-2019-19343 Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
1796617 - CVE-2020-1719 Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
1797006 - CVE-2019-12423 cxf: OpenId Connect token service does not properly validate the clientId
1799475 - CVE-2020-5398 springframework: RFD attack via Content-Disposition Header sourced from request input by Spring MVC or Spring WebFlux Application
1801149 - CVE-2019-13990 libquartz: XXE attacks via job description
1801380 - CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation
1816170 - CVE-2019-12406 cxf: does not restrict the number of message attachments
1816216 - CVE-2020-11612 netty: compression/decompression codecs don't enforce limits on buffer allocation sizes
1822759 - CVE-2020-1950 tika: excessive memory usage in PSDParser
1831139 - CVE-2020-9488 log4j: improper validation of certificate with host mismatch in SMTP appender
1834512 - CVE-2020-10740 wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
1848126 - CVE-2020-1960 apache-flink: JMX information disclosure vulnerability
1848433 - CVE-2020-11971 camel: DNS Rebinding in JMX Connector could result in remote command execution
1848464 - CVE-2020-11972 camel: RabbitMQ enables Java deserialization by default which could leed to remote code execution
1848465 - CVE-2020-11973 camel: Netty enables Java deserialization by default which could leed to remote code execution
1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
1850042 - CVE-2020-9489 tika-core: Denial of Service Vulnerabilities in Some of Apache Tika's Parsers
1850069 - CVE-2020-11989 shiro: spring dynamic controllers, a specially crafted request may cause an authentication bypass
1850450 - CVE-2020-11980 karaf: A remote client could create MBeans from arbitrary URLs
1852985 - CVE-2020-13692 postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML
1855786 - CVE-2020-11994 camel: server-side template injection and arbitrary file disclosure on templating components
1855826 - CVE-2020-14326 RESTEasy: Caching routes in RootNode may result in DoS
1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure
1869860 - CVE-2020-13933 shiro: specially crafted HTTP request may cause an authentication bypass
1879743 - CVE-2019-11777 org.eclipse.paho.client.mqttv3: Improper hostname validation in the MQTT library
5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Fuse/A-MQ 6.3 R17 security and bug fix update
Advisory ID: RHSA-2020:3587-01
Product: Red Hat JBoss Fuse
Advisory URL: https://access.redhat.com/errata/RHSA-2020:3587
Issue date: 2020-09-01
CVE Names: CVE-2019-9827 CVE-2019-10086 CVE-2020-11994
====================================================================
1. Summary:
An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss
A-MQ 6.3.
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
2. Description:
Red Hat Fuse provides a small-footprint, flexible, open source enterprise
service bus and integration platform. Red Hat A-MQ is a standards compliant
messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It
includes bug fixes, which are documented in the patch notes accompanying
the package on the download page. See the download link given in the
references section below.
Security fix(es):
* commons-beanutils: apache-commons-beanutils: does not suppresses the
class property in PropertyUtilsBean by default (CVE-2019-10086)
* Camel: server-side template injection and arbitrary file disclosure on
templating components (CVE-2020-11994)
* hawtio: server side request forgery via initial /proxy/ substring of a
URI (CVE-2019-9827)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
3. Solution:
Before applying the update, back up your existing installation, including
all applications, configuration files, databases and database settings, and
so on.
Installation instructions are located in the download section of the
customer portal.
The References section of this erratum contains a download link (you must
log in to download the update).
4. References:
https://access.redhat.com/security/cve/CVE-2019-9827
https://access.redhat.com/security/cve/CVE-2019-10086
https://access.redhat.com/security/cve/CVE-2020-11994
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.broker&downloadType=securityPatches&version=6.3.0
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse&downloadType=securityPatches&version=6.3
6. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBX05eBtzjgjWX9erEAQhHQxAApQ4OX0s4px/8hoxBldKrHA1TdRdI3wYD
WNGBzCh6b07BjRIlLz25fNlLFehgiTDA8cHejO5krVafGjhHn184dB7h+1okhujw
XFet7NgMV0M2d5xiIgthsLM08Hu+x/3+VzOqgh/VxHOils+ud6wcLFIIUWX6C8mI
LFUfdxeLXl4RKqVQmK0GPCMjhGH/34wcKW9/L/L1cOpsMVGP5gQU41NFsl//siII
Lt2sfWUAGUJn/bxW/MISU+tMTdhk2qao4dqAziiqUzhnGP64jDUhU3Sk7vVtHPvk
7OS9aDY+rDbaHZuyFe+doqmC2s87cr74oK4U7E3Gfd642U+W7UuEJt22VUcPiBjP
78h0RRPuifdTPd5R+rwHRuOZL9JWNm71KvOBPyTaD+Pi8IRMtu12wQgqVVcPKDQa
v6TbUrK/ChQYrj1Wb3B02Rn1Qz2S1nKo8cCdyd0ZaMydr5bxHfLrIZb261w5m04/
Y4CrUo4WiAKtKXZ1RC0RrF+G2OBBudhl/heBd/2IV+XVpcKAwmg0GuwXaLZg+HN1
OKS4HaOQdaUSzY/Qbd9GaMA+to/yv25SFlxl6S5m52z465fI74DNhMbw1nIzN6Rc
36fjSM3lXLvyIQVFrcuwaMdwGKXRrUIvRFATLqBntTWJIsx4DJlA2CtUZNLD8066
uLY75tdZ+6k=K8Z1
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
| VAR-202007-1457 | CVE-2019-18177 | Citrix ADC and Citrix Gateway Vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update. Citrix Application Delivery Controller is an application delivery controller. The product has features such as application delivery control and load balancing. Citrix Systems Gateway is a secure remote access solution. The product provides administrators with application-level and data-level control functions to enable users to remotely access applications and data from any location. This vulnerability stems from configuration errors in network systems or products during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components
| VAR-202007-0049 | CVE-2020-10922 | C-MORE HMI EA9 Input verification vulnerability in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of proper input validation prior to further processing user requests. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-10527. C-MORE HMI EA9 There is an input verification vulnerability in the firmware. Zero Day Initiative To this vulnerability ZDI-CAN-10527 Was numbered.Service operation interruption (DoS) It may be put into a state
| VAR-202007-0045 | CVE-2020-10918 | C-MORE HMI EA9 Authentication vulnerabilities in firmware |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient authentication on post-authentication requests. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from unauthenticated users. Was ZDI-CAN-10182. Zero Day Initiative To this vulnerability ZDI-CAN-10182 Was numbered.Information may be obtained. C-More HMI EA9 is a human-machine interface touch panel
| VAR-202007-0047 | CVE-2020-10920 | C-More HMI EA9 access control error vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the control service, which listens on TCP port 9999 by default. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-10493. Zero Day Initiative To this vulnerability ZDI-CAN-10493 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. C-More HMI EA9 is a human-machine interface touch panel
| VAR-202007-0048 | CVE-2020-10921 | C-MORE HMI EA9 Vulnerability in lack of authentication for critical features in firmware |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EA-HTTP.exe process. The issue results from the lack of authentication prior to allowing alterations to the system configuration. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. Was ZDI-CAN-10482. Zero Day Initiative To this vulnerability ZDI-CAN-10482 Was numbered.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. C-More HMI EA9 is a human-machine interface touch panel.
The EA-HTTP.exe process in C-More HMI EA9 has an access control error vulnerability
| VAR-202007-0644 | CVE-2020-15350 | RIOT Classic buffer overflow vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow. RIOT Exists in a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RIOT RIOT-OS is a set of operating systems used in the field of Internet of Things. Remote attackers can use this vulnerability to execute arbitrary code on the system with the help of specially crafted parameters
| VAR-202007-0029 | CVE-2020-10605 | Grundfos CIM 500 access control error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: High |
Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There is an access control error vulnerability in versions prior to Grundfos CIM 500 v06.16.00
| VAR-202007-0032 | CVE-2020-10609 | Grundfos Made CIM 500 Multiple vulnerabilities in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: High |
Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device. Grundfos Provided by the company CIM 500 Is Grundfos This is an expansion module that enables data communication using Ethernet in the equipment manufactured by the manufacturer. CIM 500 The following multiple vulnerabilities exist in. * Lack of authentication for important features (CWE-306) - CVE-2020-10605 * Plaintext storage of authentication information (CWE-256) - CVE-2020-10609The expected impact depends on each vulnerability, but it may be affected as follows. * A remote third party accesses the file containing the password - CVE-2020-10605 * Since the authentication information is stored in plain text in the product, a third party who can access the product can steal sensitive information or change system settings. - CVE-2020-10609. Grundfos CIM 500 is an Ethernet module of Danish Grundfos company.
There was a security vulnerability in Grundfos CIM 500 v06.16.00 before version, which was caused by the program storing credentials in clear text. Attackers can use this vulnerability to read sensitive information or modify system configuration
| VAR-202007-1226 | CVE-2020-5598 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and earlier versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have an access control error vulnerability. Attackers can use this vulnerability to access sensitive resources, causing denial of service and device crashes
| VAR-202007-1228 | CVE-2020-5600 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a resource management error vulnerability. Attackers can use this vulnerability to obtain sensitive information
| VAR-202007-1224 | CVE-2020-5596 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have authorization issue vulnerabilities. Attackers can use this vulnerability to cause TCP connection failure
| VAR-202007-1225 | CVE-2020-5597 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions of Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a null pointer reference vulnerability. Attackers can use this vulnerability to cause denial of service and device crash
| VAR-202007-1227 | CVE-2020-5599 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series graphical operation terminal of Japan's Mitsubishi Electric.
CoreOS Y and previous versions in Mitsubishi Electric GT27, GT25 and GT23 (GOT2000 series) have an injection vulnerability, which can be exploited by attackers to cause a denial of service
| VAR-202007-1223 | CVE-2020-5595 | Made by Mitsubishi Electric GOT2000 Of the series TCP/IP Multiple vulnerabilities in functionality |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. Mitsubishi Electric GT27, etc. are all a GOT2000 series of graphic operation terminals from Mitsubishi Electric of Japan.
CoreOS Y and earlier versions in Mitsubishi Electric GT27, GT25, and GT23 (GOT2000 series) have a buffer overflow vulnerability. Attackers can use this vulnerability to cause the device to crash and execute code
| VAR-202007-0046 | CVE-2020-10919 | C-MORE HMI EA9 In firmware Vulnerability in using weak password encryption |
CVSS V2: 4.3 CVSS V3: 5.9 Severity: MEDIUM |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. When transmitting passwords, the process encrypts them in a recoverable format. An attacker can leverage this vulnerability to disclose credentials, leading to further compromise. Was ZDI-CAN-10185. C-MORE HMI EA9 There is a vulnerability in the firmware regarding the use of weak password encryption. Zero Day Initiative To this vulnerability ZDI-CAN-10185 Was numbered.Information may be obtained. C-More HMI EA9 is a human-machine interface touch panel
| VAR-202007-0920 | CVE-2020-15509 | Nordic Semiconductor Android BLE Library and DFU Library Vulnerability regarding lack of encryption of critical data in |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library through 1.10.4 for Android (as used by nRF Connect and other applications) can engage in unencrypted communication while showing the user that the communication is purportedly encrypted. The problem is in bond creation (e.g., internalCreateBond in BleManagerHandler)
| VAR-202007-0879 | CVE-2020-15582 | Samsung mobile Classic buffer overflow vulnerability in device |
CVSS V2: 4.3 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020). Samsung mobile A classic buffer overflow vulnerability exists on the device. This vulnerability is Samsung ID: SVE-2020-16870 It is published as.Service operation interruption (DoS) It may be put into a state
| VAR-202007-1471 | No CVE | Centreon XSS vulnerability |
CVSS V2: 4.6 CVSS V3: - Severity: MEDIUM |
Centreon (Merethis Centreon) is a set of open source system monitoring tools from Centreon, France.
An XSS vulnerability exists in Centreon, which can be exploited by attackers to obtain information disclosure such as cook.
| VAR-202007-1477 | No CVE | Xiaomi Mi 6 has a denial of service vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Xiaomi Mi 6 is a flagship device officially released by Xiaomi on April 19, 2017.
There is a denial of service vulnerability in Xiaomi Mi 6 mobile phone, which can be exploited by an attacker to cause the device to crash.