VARIoT IoT vulnerabilities database
| VAR-202004-0682 | CVE-2019-1866 | Cisco Webex Business Suite Vulnerability in inadequate validation of data reliability in |
CVSS V2: 4.3 CVSS V3: 3.7 Severity: LOW |
Cisco Webex Business Suite before 39.1.0 contains a vulnerability that could allow an unauthenticated, remote attacker to affect the integrity of the application. The vulnerability is due to improper validation of host header values. An attacker with a privileged network position, either a man-in-the-middle or by intercepting wireless network traffic, could exploit this vulnerability to manipulate header values sent by a client to the affected application. The attacker could cause the application to use input from the header to redirect a user from the Cisco Webex Meetings Online site to an arbitrary site of the attacker's choosing. Cisco Webex Business Suite Exists in an inadequate validation of data reliability vulnerabilities.Information may be tampered with. Cisco Webex Business Suite is a set of video conferencing solutions of Cisco (Cisco)
| VAR-202004-0234 | CVE-2020-11724 | OpenResty In HTTP Request Smagling Vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_subrequest.c allows HTTP request smuggling, as demonstrated by the ngx.location.capture API. OpenResty is a web application server based on Nginx and Lua from China Ou Rui Software Development (OpenResty).
The ngx_http_lua_subrequest.c file in versions prior to OpenResty 1.15.8.4 has an environmental problem vulnerability. The vulnerability stems from the unreasonable environmental factors of the network system or product. There is currently no detailed vulnerability details provided. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-4750-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
August 26, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : nginx
CVE ID : CVE-2020-11724
Debian Bug : 964950
It was reported that the Lua module for Nginx, a high-performance web
and reverse proxy server, is prone to a HTTP request smuggling
vulnerability.
For the stable distribution (buster), this problem has been fixed in
version 1.14.2-2+deb10u3.
We recommend that you upgrade your nginx packages.
For the detailed security status of nginx please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/nginx
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9GlAhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Q+QBAAlo31j8w4zpQNYaxVm7K/lH4TukFPbE79ZSBnuWvtiC59a7AwWbfqCWd5
kkMTicjMYsExEp+jgnFex5W0LEQ/weRE8DHnAaDIEs4V1eJHzj5NxPUB0ZpFJshJ
oLB8lMX5vJDTSynMmBzzY65UTZl8/5CVDxbku8yS1zVXtl3RHxCoHpmzxWrpfkhU
cl9fdNVF2Vn1GENen5PNz9AhOXLp/Px6Y/iSAYjwLPQJPTEHbYtdBnu/p113QUz9
OlvW1A7hVYtpg6JfX2/dQMzhBHetyOwqnLSnWMPPe/MOd0hA9m3//DHmR5mIb263
YsdOL27u3IVf6leSZ4T8KhK1IChHZF1/Kw6VCaIKr4LtWtPJYDM+QE7pXA7s9UIM
eulmVn4q2ppjSCgV9MqlQpEYs7xvkAgaEAakE93FwARliAhtvmo5JXtz29NamGfp
FjfC8wMNGinVL4Xt8Za3na4QFDuBFD936qOL38vyPS6MrOc0H6RoI2aDHDr0YJi/
YlrhIyAQ8anAVqFaueGrfz9AWcLDCWKWa6A7ShIZLRIUlPyUwZ4M0jnQNEw4epva
Y8LqLuDvrG2Zl9saVD0YmkAVh2A2o3xVuiQa1O4wTYQPvAW2WT87yjXsamjGila8
whAgsNA6L2BC2Y9jHCCeYV57e/dibmDrC2QFprEeqDNKZD2a8UE=
=QmrI
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-5371-2
April 28, 2022
nginx vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
Summary:
nginx could be made to redirect network traffic.
Software Description:
- nginx: small, powerful, scalable web/proxy server
Details:
USN-5371-1 fixed several vulnerabilities in nginx.
This update provides the fix for CVE-2021-3618 for Ubuntu 22.04 LTS.
Original advisory details:
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-11724)
It was discovered that nginx Lua module mishandled certain inputs.
An attacker could possibly use this issue to disclose sensitive
information. This issue only affects Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-36309)
It was discovered that nginx mishandled the use of
compatible certificates among multiple encryption protocols.
If a remote attacker were able to intercept the communication,
this issue could be used to redirect traffic between subdomains.
(CVE-2021-3618)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS:
nginx-core 1.18.0-6ubuntu14.1
nginx-extras 1.18.0-6ubuntu14.1
nginx-light 1.18.0-6ubuntu14.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5371-2
https://ubuntu.com/security/notices/USN-5371-1
CVE-2021-3618
Package Information:
https://launchpad.net/ubuntu/+source/nginx/1.18.0-6ubuntu14.1
| VAR-202004-0230 | CVE-2020-11714 | eten Technologies PSG-6528VM cross-site scripting vulnerability |
CVSS V2: 3.5 CVSS V3: 5.4 Severity: MEDIUM |
eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location. eten PSG-6528VM A cross-site scripting vulnerability exists in the device.Information may be obtained and tampered with. eten Technologies PSG-6528VM is a Gigabit PoE switch from Eten Technologies, Taiwan. The vulnerability stems from the lack of proper verification of client data by WEB applications. Attackers can use this vulnerability to execute client code
| VAR-202004-0227 | CVE-2020-11710 | docker-kong Vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered in docker-kong (for Kong) through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1) Inaccurate Bug Scope - The issue scope was on Kong's docker-compose template, and not Kong's docker image itself. In reality, this issue is not associated with any version of the Kong gateway. As such, the description stating ‘An issue was discovered in docker-kong (for Kong) through 2.0.3.’ is incorrect. This issue only occurs if a user decided to spin up Kong via docker-compose without following the security documentation. The docker-compose template is meant for users to quickly get started with Kong, and is meant for development purposes only. 2) Incorrect Patch Links - The CVE currently points to a documentation improvement as a “Patch” link: https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611.This link actually points to an improvement Kong Inc made for fool-proofing. However, instructions for how to protect the admin API were already well-documented here: https://docs.konghq.com/2.0.x/secure-admin-api/#network-layer-access-restrictions , which was first published back in 2017 (as shown in this commit: https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949) Lastly, the hyperlink to https://github.com/Kong/kong (an unrelated Github Repo to this issue) on the Hyperlink list does not include any meaningful information on this topic. docker-kong (for Kong) There is an unspecified vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. docker-kong is an API3 gateway product used in the Docker application container engine
| VAR-202004-2242 | No CVE | Unauthorized access vulnerability exists in Apsara video surveillance system |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Sichuan Apstar Digital Technology Co., Ltd. was established in 2006. Apstar is dedicated to the development and innovation of network high-definition digital video compression processing technology and is a new force in high-definition digital security.
There is an unauthorized access vulnerability in the Apsida video surveillance system, which can be exploited by attackers to obtain sensitive information.
| VAR-202004-2243 | No CVE | D-Link DGS-1250 Header injection vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
D-Link Dgs-1250 series is a new generation of intelligent 10g port Gigabit network switches.
The D-Link DGS-1250 product has a command injection vulnerability. Attackers can use this vulnerability to execute arbitrary commands.
| VAR-202004-2244 | No CVE | D-Link DIR-615 privilege elevation vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
D-Link DIR-615 is a wireless router from D-Link, Taiwan.
D-Link DIR-615 has a privilege escalation vulnerability. The vulnerability stems from the program's failure to complete verification and error detection of the file path. Attackers can use the REST API to upload malicious software to exploit this vulnerability to elevate permissions.
| VAR-202004-2224 | No CVE | Beijing Hollysys Automation Drive Technology Co., Ltd. and HollySys HT8000 have a memory corruption vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Founded in 1993, Hollysys is a leading supplier of automation and information technology solutions in China. HT8000CN configuration software is the company's HT series touch screen configuration screen development system.
Beijing HollySys Automation Drive Technology Co., Ltd. and HollySys HT8000 have a memory corruption vulnerability that an attacker can use to construct a malformed shm file that can cause the program to crash.
| VAR-202004-2223 | No CVE | Beijing HollySys Automation Drive Technology Co., Ltd. and HollySys HT8001 have a memory corruption vulnerability |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Beijing Hershey Automation Drive Technology Co., Ltd. is China's leading provider of automation and information technology solutions. HT8001CN configuration software is the company's HT series touch screen configuration screen development system. It is an integrated development environment. It is very rich and very Powerful development function.
Beijing Hollysys Automation Drive Technology Co., Ltd. and HollySys HT8001 have a memory corruption vulnerability, which can be exploited by an attacker to construct a malformed shm file that can cause the program to crash.
| VAR-202004-1879 | CVE-2020-5330 | plural Dell EMC Information leakage vulnerabilities in products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. Dell EMC Networking X-Series, etc. are products of the American Dell (Dell) company
| VAR-202004-1257 | CVE-2015-8546 | Samsung Out-of-bounds write vulnerabilities on mobile devices |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015). Samsung An out-of-bounds write vulnerability exists in mobile devices. This vulnerability is Samsung ID: SVE-2015-5123 It is published as.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Samsung Galaxy S6, etc. are all smartphones of South Korea's Samsung company
| VAR-202004-2039 | CVE-2020-6765 | D-Link DSL-GS225 J1 operating system command injection vulnerability |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd. The CLI is reachable by TELNET. D-Link DSL-GS225 J1 On the device OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. D-Link DSL-GS225 J1 is a wireless router from D-Link, Taiwan.
There is a security vulnerability in D-Link DSL-GS225 J1 AU_1.0.4 version
| VAR-202004-2333 | No CVE | Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
| VAR-202004-2332 | No CVE | Fuji Electric V-Server Lite VPR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric V-Server Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the parsing of VPR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
| VAR-202004-2241 | No CVE | Nanjing Yunen Communication Technology Co., Ltd.'s handheld housekeeping camera has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Nanjing Yunen Communication Technology Co., Ltd.'s handheld housekeeping users have reached 28 million by March 2018, and 3 million smart devices integrated with the Yunen SDK have been installed in more than 100 cooperative enterprises.
Nanjing Yunen Communication Technology Co., Ltd.'s handheld housekeeping camera has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202004-0058 | CVE-2020-10642 | Rockwell Automation Made RSLinx Classic Vulnerability in improper permission assignment for critical resources in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker could modify a registry key, which could lead to the execution of malicious code using system privileges when opening RSLinx Classic. Rockwell Automation Provided by the company RSLinx Classic Is software for managing industrial equipment. RSLinx Classic Inappropriate permission assignment for critical resources (CWE-732) Vulnerability exists. The program supports access to RockwellSoftware and Allen-Bradley applications through Allen-Bradley programmable controllers. A local attacker could exploit this vulnerability to execute malicious code with system privileges
| VAR-202004-1823 | CVE-2020-9499 | Dahua Classic buffer overflow vulnerability in the product |
CVSS V2: 6.5 CVSS V3: 7.2 Severity: HIGH |
Some Dahua products have buffer overflow vulnerabilities. After the successful login of the legal account, the attacker sends a specific DDNS test command, which may cause the device to go down. Dahua The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera
| VAR-202004-1824 | CVE-2020-9500 | Dahua Input verification vulnerability in |
CVSS V2: 4.0 CVSS V3: 4.9 Severity: MEDIUM |
Some products of Dahua have Denial of Service vulnerabilities. After the successful login of the legal account, the attacker sends a specific log query command, which may cause the device to go down. Dahua There is an input verification vulnerability in.Service operation interruption (DoS) It may be put into a state. Dahua SD6AL Series and others are products of China Dahua Company. SD6AL Series is a SD6AL series network camera. NVR 5x Series is a 5x series network video recorder. IPC-HX2XXX Series is an IPC-HX2XXX series network camera.
There are security holes in many Dahua products
| VAR-202004-0834 | CVE-2019-18375 | ASG and ProxySG management console Vulnerability in |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console. Broadcom Advanced Secure Gateway and ProxySG are both secure Web gateway devices from Broadcom Corporation
| VAR-202004-2178 | CVE-2020-1632 | Juniper Networks Junos OS and Junos OS Evolved Vulnerability in handling exceptional conditions on devices |
CVSS V2: 7.8 CVSS V3: 8.6 Severity: HIGH |
In a certain condition, receipt of a specific BGP UPDATE message might cause Juniper Networks Junos OS and Junos OS Evolved devices to advertise an invalid BGP UPDATE message to other peers, causing the other peers to terminate the established BGP session, creating a Denial of Service (DoS) condition. For example, Router A sends a specific BGP UPDATE to Router B, causing Router B to send an invalid BGP UPDATE message to Router C, resulting in termination of the BGP session between Router B and Router C. This issue might occur when there is at least a single BGP session established on the device that does not support 4 Byte AS extension (RFC 4893). Repeated receipt of the same BGP UPDATE can result in an extended DoS condition. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R2-S11, 17.1R3-S2; 17.2 versions prior to 17.2R1-S9, 17.2R2-S8, 17.2R3-S3; 17.2X75 versions prior to 17.2X75-D105, 17.2X75-D110, 17.2X75-D44; 17.3 versions prior to 17.3R2-S5, 17.3R3-S7; 17.4 versions prior to 17.4R2-S8, 17.4R3; 18.1 versions prior to 18.1R3-S8; 18.2 versions prior to 18.2R2-S6, 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D12, 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R1-S6, 18.3R2-S3, 18.3R3; 18.4 versions prior to 18.4R1-S5, 18.4R3; 18.4 version 18.4R2 and later versions; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS prior to 16.1R1. This issue affects Juniper Networks Junos OS Evolved prior to 19.2R2-EVO. The operating system provides a secure programming interface and Junos SDK. Junos OS Evolved is an upgraded version of Junos OS