понеделник, 5 октомври 2020 г.

Weekly Update: a new vulnerability is published on the National Vulnerability Database (45 items)



New vulnerabilities from the NVD: CVE-2020-11110

Grafana through 6.7.1 allows stored XSS.
Published at: July 27, 2020 at 04:15PM
View on website

July 27, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-1425

A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1457.
Published at: July 27, 2020 at 10:15PM
View on website

July 27, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10609

Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be read or allow modification to system settings by someone with access to the device.
Published at: July 27, 2020 at 10:15PM
View on website

July 27, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-12460

OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
Published at: July 28, 2020 at 02:15AM
View on website

July 28, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10643

An authenticated remote attacker could use specially crafted URLs to send a victim using PI Vision 2019 mobile to a vulnerable web page due to a known issue in a third-party component.
Published at: July 28, 2020 at 01:15AM
View on website

July 28, 2020 at 03:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-4731

IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.
Published at: July 28, 2020 at 03:15PM
View on website

July 28, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13915

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
Published at: July 28, 2020 at 06:15PM
View on website

July 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13914

webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
Published at: July 28, 2020 at 06:15PM
View on website

July 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-13913

An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute JavaScript code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
Published at: July 28, 2020 at 06:15PM
View on website

July 28, 2020 at 07:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10930

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of URLs. The issue results from the lack of proper routing of URLs. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-9618.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10929

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9768.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10928

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the web server. Was ZDI-CAN-9767.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10927

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the encryption of firmware update images. The issue results from the use of an inappropriate encryption algorithm. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9649.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10926

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10925

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9647.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10924

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10923

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000. A crafted UPnP message can be used to bypass authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-9642.
Published at: July 28, 2020 at 09:15PM
View on website

July 28, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10985

Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php.
Published at: July 29, 2020 at 12:15AM
View on website

July 29, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10984

Gambio GX before 4.0.1.0 allows admin/admin.php CSRF.
Published at: July 29, 2020 at 12:15AM
View on website

July 29, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10983

Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php.
Published at: July 29, 2020 at 12:15AM
View on website

July 29, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10982

Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php.
Published at: July 29, 2020 at 12:15AM
View on website

July 29, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2.
Published at: July 29, 2020 at 08:15PM
View on website

July 29, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-11933

cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices was run without restrictions on every boot, which a physical attacker could exploit by crafting cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. Fixed in snapd version 2.45.2, revision 8539 and core version 2.45.2, revision 9659.
Published at: July 29, 2020 at 08:15PM
View on website

July 29, 2020 at 09:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20033

On Aspire-derived NEC PBXes, including all versions of SV8100 devices, a set of documented, static login credentials may be used to access the DIM interface.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20032

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20031

NEC UM8000, UM4730 and prior non-InMail voicemail systems with all known software versions may permit an infinite number of login attempts in the telephone user interface (TUI), effectively allowing brute force attacks.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20030

An attacker with knowledge of the modem access number on a NEC UM8000 voicemail system may use SSH tunneling or standard Linux utilities to gain access to the system's LAN port. All versions are affected.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20029

An exploitable privilege escalation vulnerability exists in the WebPro functionality of Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices. A specially crafted HTTP POST can cause privilege escalation resulting in a higher privileged account, including an undocumented developer level of access.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20028

Aspire-derived NEC PBXes operating InMail software, including all versions of SV8100, SV9100, SL1100 and SL2100 devices allow unauthenticated read-only access to voicemails, greetings, and voice response system content through a system's WebPro administration interface.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20027

Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2100 with software releases 7.0 or higher contain the possibility if incorrectly configured to allow a blank username and password combination to be entered as a valid, successfully authenticating account.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20026

The WebPro interface in NEC SV9100 software releases 7.0 or higher allows unauthenticated remote attackers to reset all existing usernames and passwords to default values via a crafted request.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-20025

Certain builds of NEC SV9100 software could allow an unauthenticated, remote attacker to log into a device running an affected release with a hardcoded username and password, aka a Static Credential Vulnerability. The vulnerability is due to an undocumented user account with manufacturer privilege level. An attacker could exploit this vulnerability by using this account to remotely log into an affected device. A successful exploit could allow the attacker to log into the device with manufacturer level access. This vulnerability affects SV9100 PBXes that are running software release 6.0 or higher. This vulnerability does not affect SV9100 software releases prior to 6.0.
Published at: July 29, 2020 at 09:15PM
View on website

July 29, 2020 at 11:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-18923

beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
Published at: July 29, 2020 at 11:15PM
View on website

July 30, 2020 at 01:36AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10713

A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and tamper the GRUB verification process. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Published at: July 30, 2020 at 04:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14124

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14123

Possible buffer overflow and over read possible due to missing bounds checks for fixed limits if we consider widevine HLOS client as non-trustable in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14101

Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCM2150, QCN7605, QCS404, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14100

Register write via debugfs is disabled by default to prevent register writing via debugfs. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9206, MDM9207C, MDM9607, Nicobar, QCS405, SA6155P, SC8180X, SDX55, SM8150
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14099

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C, MDM9607, MSM8909W, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14093

Array out of bound access can occur in display module due to lack of bound check on input parcel received in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, QCM2150, QCS405, QCS605, QM215, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM636, SDM660, SDX20
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-14037

Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCN7606, QCS605, SC8180X, SDA660, SDA845, SDM439, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM8150, SXR1130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-10580

When kernel thread unregistered listener, Use after free issue happened as the listener client`s private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9607, MSM8909W, Nicobar, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDM429W, SDX55, SM8150, SM8250, SXR2130
Published at: July 30, 2020 at 03:15PM
View on website

July 30, 2020 at 05:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-10731

A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines.
Published at: July 31, 2020 at 04:15PM
View on website

July 31, 2020 at 06:36PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-11286

VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the service with a crafted set of credentials leading to remote code execution.
Published at: July 31, 2020 at 11:15PM
View on website

August 01, 2020 at 01:36AM

via National Vulnerability Database

 

Няма коментари:

Публикуване на коментар