VARIoT IoT vulnerabilities database

Data Protection Central versions 1.0, 1.0.1, 18.1, 18.2, and 19.1 contains an Improper Certificate Chain of Trust Vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by obtaining a CA signed certificate from Data Protection Central to impersonate a valid system to compromise the integrity of data. The product offers features such as single sign-on, dashboard, and system monitoring

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. An out-of-bounds read overflow can be exploited when a valid user opens a specially crafted, malicious input file due to the lack of validation. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of Giffile information within DPB files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of Administrator. Delta Electronics CNCSoft ScreenEditor is a set of CNC machine tool simulation system software of Taiwan Delta Electronics (Delta Electronics) company

Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. Delta Industrial Automation CNCSoft ScreenEditor Is vulnerable to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of GifName information in DPB files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Delta Electronics CNCSoft ScreenEditor is a set of CNC machine tool simulation system software of Taiwan Delta Electronics (Delta Electronics) company. There is a buffer overflow vulnerability in Delta Electronics CNCSoft ScreenEditor 1.00.96 and previous versions, which can be exploited by an attacker to cause a stack buffer overflow

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2020:0816-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0816 Issue date: 2020-03-16 CVE Names: CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * Mozilla: Use-after-free when removing data about origins (CVE-2020-6805) * Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion (CVE-2020-6806) * Mozilla: Use-after-free in cubeb during stream destruction (CVE-2020-6807) * Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 (CVE-2020-6814) * Mozilla: Out of bounds reads in sctp_load_addresses_from_init (CVE-2019-20503) * Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection (CVE-2020-6811) * Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission (CVE-2020-6812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1812199 - CVE-2020-6805 Mozilla: Use-after-free when removing data about origins 1812200 - CVE-2020-6806 Mozilla: BodyStream::OnInputStreamReady was missing protections against state confusion 1812201 - CVE-2020-6807 Mozilla: Use-after-free in cubeb during stream destruction 1812202 - CVE-2020-6811 Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection 1812203 - CVE-2019-20503 Mozilla: Out of bounds reads in sctp_load_addresses_from_init 1812204 - CVE-2020-6812 Mozilla: The names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission 1812205 - CVE-2020-6814 Mozilla: Memory safety bugs fixed in Firefox 74 and Firefox ESR 68.6 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm ppc64: firefox-68.6.0-1.el6_10.ppc64.rpm firefox-debuginfo-68.6.0-1.el6_10.ppc64.rpm s390x: firefox-68.6.0-1.el6_10.s390x.rpm firefox-debuginfo-68.6.0-1.el6_10.s390x.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: firefox-68.6.0-1.el6_10.src.rpm i386: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm x86_64: firefox-68.6.0-1.el6_10.x86_64.rpm firefox-debuginfo-68.6.0-1.el6_10.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): x86_64: firefox-68.6.0-1.el6_10.i686.rpm firefox-debuginfo-68.6.0-1.el6_10.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-20503 https://access.redhat.com/security/cve/CVE-2020-6805 https://access.redhat.com/security/cve/CVE-2020-6806 https://access.redhat.com/security/cve/CVE-2020-6807 https://access.redhat.com/security/cve/CVE-2020-6811 https://access.redhat.com/security/cve/CVE-2020-6812 https://access.redhat.com/security/cve/CVE-2020-6814 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXm9LGtzjgjWX9erEAQgnMxAAjP5+D/J2CdW/5qP/DkFY840VQzO19ZnK 91SNP1WIbKnN4xemphuc6nDG5dGXUawr1CYYthOg2VGTakPiGlfKzwDMuWwNaCVO yHZlybSZhnRa6BErvOkHn+pBHV9G8nR8C2Vi9fOaXmiJRbm8AcMs76gPWO/9Eory f1GrEx+8GEPSUPFEhpZOvdExR16fJbHuUpfFkUo23VVj28evL+nOccAibRmnYT0P RxXzXSm4MPuHoMBUJeIeBrYk5xlo/1sZITq0I40FLpejUWZoun76IPTIc371xtE/ tV6BN3Zrd5hDTXh9Df9wYGSDvwB1g2G1UEbG7FdRmeitC7NhoXLDSDyrOR75PbJe YvDgjT75UeJvfu2RykzKvy2Ygqguc6Tsz/upO0vSWIUf7VXk3d/o+HEYn1T8YENU 9t97UOIkLFS49lGXyOilXrsYKQUmh/b1lJWfrs5T/AYjCPziiY0n70px4TX5Zzsd 5ERjQZUC/Sd8CNFXYybIpOKVkUGRFt+VDyRmJYd05g43Wflm01DpRVcZiXLjCwHQ 6zGss1xvIBkCeqds/BSX4AHzU2T0kcMQhSyzOsmggF0gArm2lcrXt52TZB1e9vQC yGTam7ecr0QeSQWMyuPbSBhs9xAzONH9AwVJQOEadKpLw35VB/Y7/XyQm3JQHr2v 0ITEstr9Sac=GeLY -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: Mozilla Thunderbird is a standalone mail and newsgroup client. ========================================================================== Ubuntu Security Notice USN-4335-1 April 21, 2020 thunderbird vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting (XSS) attacks, or execute arbitrary code. (CVE-2019-11757, CVE-2019-11758, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11762, CVE-2019-11763, CVE-2019-11764, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-11745) It was discovered that a specially crafted S/MIME message with an inner encryption layer could be displayed as having a valid signature in some circumstances, even if the signer had no access to the encrypted message. An attacker could potentially exploit this to spoof the message author. (CVE-2019-11755) A heap overflow was discovered in the expat library in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. (CVE-2019-15903) It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.16.04.2 After a standard system update you need to restart Thunderbird to make all the necessary changes. 8.0) - aarch64, ppc64le, s390x, x86_64 3. 8) - ppc64le, x86_64 3

Null Pointer Dereference vulnerability in TCP function included in the firmware of Mitsubishi Electric MELQIC IU1 series IU1-1M20-D firmware version 1.0.7 and earlier allows remote attackers to stop the network functions or execute malware via a specially crafted packet. (DoS) It may be put into a state. Mitsubishi Electric MELQIC IU1 is a IU1 series data collection analyzer of Mitsubishi Electric Corporation of Japan

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection. Code42 Exists in a privilege management vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Code42 Software On-premises Code42 server is a locally deployed version of Code42 data protection server from Code42 Software in the United States. A remote attacker can use this vulnerability to execute code

Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames in DHCP requests, causing XSS. Swisscom Centro Grande Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. Swisscom Centro Grande is a router of Swisscom. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code

Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injection. Swisscom Centro Grande There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Swisscom Centro Grande is a router of Swisscom. The vulnerability stems from the fact that the network system or product fails to properly filter the special characters and commands in the process of user input, construction and execution of commands. A remote attacker can use the vulnerability to execute arbitrary commands by injecting commands

Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform DNS spoofing against the web interface via crafted hostnames in DHCP requests

Intelligent meter collection management system is an industrial control management system that controls and manages some data of the energy industry. Qingdao Automation Instrumentation Co., Ltd.'s intelligent instrument cluster management system has a SQL injection vulnerability, which can be used by attackers to obtain sensitive database information.

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the LPD service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) in the LPD service and potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan

Ricoh SP C250DN 1.05 devices have a fixed password. FTP service credential were found to be hardcoded within the printer firmware. This would allow to an attacker to access and read information stored on the shared FTP folders. plural Ricoh SP C250DN A device contains a vulnerability in the use of hard-coded credentials.Information may be obtained. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05

Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). Unauthenticated crafted packets to the IPP service will cause a vulnerable device to crash. A memory corruption has been identified in the way of how the embedded device parsed the IPP packets. plural Ricoh SP C250DN A buffer error vulnerability exists in the device.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the okhtmlfile and failhtmlfile parameters of several functionalities of the web application that would allow an unauthenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. Kyocera ECOSYS M5526cdw 2R7_2000.001.701 version of the web application part of the function of ‘okhtmlfile’ and ‘failhtmlfile’ parameters has a buffer overflow vulnerability

The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Basic Authentication over cleartext HTTP. NETGEAR CG3700b Custom firmware contains a vulnerability regarding improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by an integer overflow vulnerability in the arg3 parameter of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera The printer is vulnerable to integer overflow.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan

The web application of some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) was vulnerable to path traversal, allowing an unauthenticated user to retrieve arbitrary files, or check if files or folders existed within the file system. plural Kyocera A past traversal vulnerability exists in the printer.Information may be obtained. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan. Kyocera ECOSYS M5526CDW 2R7_2000.001.701 version of the web application has a path traversal vulnerability, the vulnerability stems from the network system or product fails to correctly filter the special elements in the resource or file path, the attacker can use the vulnerability to access the restricted directory Outside location

Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable to Brute Force Attacks. Some Ricoh printers did not implement account lockout. Therefore, it was possible to obtain the local account credentials by brute force. plural Ricoh SP C250DN Devices contain vulnerabilities in insufficient protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. RICOH SP C250DN is a printer from RICOH Corporation of Japan. There is a security vulnerability in Ricoh SP C250DN version 1.05, which originated from the device's failure to lock accounts

Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service (DoS) and potentially execute arbitrary code on the device. (DoS) It may be put into a state. Fuji Xerox Corporation is the world's largest manufacturer of digital and information technology products and a global top 500 company. Fuji Xerox series printer products can meet various business needs. All kinds of black and white color digital printers have high performance and high quality

Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) were affected by a buffer overflow vulnerability in the arg4 and arg9 parameters of several functionalities of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the device, or potentially execute arbitrary code on the device. plural Kyocera A classic buffer overflow vulnerability exists in the printer.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Kyocera ECOSYS M5526CDW is a multi-function printer of Kyocera Corporation of Japan