VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-201909-1663 No CVE Logical flaw in security certification of a model of Dahua webcam CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Zhejiang Dahua Technology Co., Ltd. is a smart IoT solution provider and operator based on video. There is a logic flaw in the security authentication of a certain Dahua webcam. Attackers can forge data packets and call interfaces to execute arbitrary commands.
VAR-201909-1526 CVE-2019-14816 Red Hat Security Advisory 2020-1266-01 CVSS V2: 7.2
CVSS V3: 7.8
Severity: HIGH
There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. Bug Fix(es): * Slow console output with ast (Aspeed) graphics driver (BZ#1780145) * core: backports from upstream (BZ#1794373) * System Crash on vport creation (NPIV on FCoE) (BZ#1796362) * [GSS] Can't access the mount point due to possible blocking of i/o on rbd (BZ#1796432) 4. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/linux-4.4.199/*: Upgraded. These updates fix various bugs and security issues. Be sure to upgrade your initrd after upgrading the kernel packages. If you use lilo to boot your machine, be sure lilo.conf points to the correct kernel and initrd and run lilo as root to update the bootloader. If you use elilo to boot your machine, you should run eliloconfig to copy the kernel and initrd to the EFI System Partition. For more information, see: Fixed in 4.4.191: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15118 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10906 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10905 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10638 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15117 Fixed in 4.4.193: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14835 Fixed in 4.4.194: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15505 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821 Fixed in 4.4.195: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17052 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17056 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17055 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17054 Fixed in 4.4.196: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2215 Fixed in 4.4.197: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16746 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20976 Fixed in 4.4.198: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17075 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17133 Fixed in 4.4.199: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15098 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. Updated packages for Slackware 14.2: ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-generic-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199_smp-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-huge-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-i586-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-modules-smp-4.4.199_smp-i686-1.txz ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199_smp-noarch-1.txz Updated packages for Slackware x86_64 14.2: ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-generic-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-headers-4.4.199-x86-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-huge-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-modules-4.4.199-x86_64-1.txz ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.199/kernel-source-4.4.199-noarch-1.txz MD5 signatures: +-------------+ Slackware 14.2 packages: 0e523f42e759ecc2399f36e37672f110 kernel-generic-4.4.199-i586-1.txz ee6451f5362008b46fee2e08e3077b21 kernel-generic-smp-4.4.199_smp-i686-1.txz a8338ef88f2e3ea9c74d564c36ccd420 kernel-headers-4.4.199_smp-x86-1.txz cd9e9c241e4eec2fba1dae658a28870e kernel-huge-4.4.199-i586-1.txz 842030890a424023817d42a83a86a7f4 kernel-huge-smp-4.4.199_smp-i686-1.txz 257db024bb4501548ac9118dbd2d9ae6 kernel-modules-4.4.199-i586-1.txz 96377cbaf7bca55aaca70358c63151a7 kernel-modules-smp-4.4.199_smp-i686-1.txz 0673e86466f9e624964d95107cf6712f kernel-source-4.4.199_smp-noarch-1.txz Slackware x86_64 14.2 packages: 6d1ff428e7cad6caa8860acc402447a1 kernel-generic-4.4.199-x86_64-1.txz dadc091dc725b8227e0d1e35098d6416 kernel-headers-4.4.199-x86-1.txz f5f4c034203f44dd1513ad3504c42515 kernel-huge-4.4.199-x86_64-1.txz a5337cd8b2ca80d4d93b9e9688e42b03 kernel-modules-4.4.199-x86_64-1.txz 5dd6e46c04f37b97062dc9e52cc38add kernel-source-4.4.199-noarch-1.txz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kernel-*.txz If you are using an initrd, you'll need to rebuild it. For a 32-bit SMP machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199-smp | bash For a 64-bit machine, or a 32-bit uniprocessor machine, use this command (substitute the appropriate kernel version if you are not running Slackware 14.2): # /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.199 | bash Please note that "uniprocessor" has to do with the kernel you are running, not with the CPU. Most systems should run the SMP kernel (if they can) regardless of the number of cores the CPU has. If you aren't sure which kernel you are running, run "uname -a". If you see SMP there, you are running the SMP kernel and should use the 4.4.199-smp version when running mkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit systems should always use 4.4.199 as the version. If you are using lilo or elilo to boot the machine, you'll need to ensure that the machine is properly prepared before rebooting. If using LILO: By default, lilo.conf contains an image= line that references a symlink that always points to the correct kernel. No editing should be required unless your machine uses a custom lilo.conf. If that is the case, be sure that the image= line references the correct kernel file. Either way, you'll need to run "lilo" as root to reinstall the boot loader. If using elilo: Ensure that the /boot/vmlinuz symlink is pointing to the kernel you wish to use, and then run eliloconfig to update the EFI System Partition. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. Please note that the RDS protocol is blacklisted in Ubuntu by default. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Bug Fix(es): * [Azure][8.1] Include patch "PCI: hv: Avoid use of hv_pci_dev->pci_slot after freeing it" (BZ#1764635) * block layer: update to v5.3 (BZ#1777766) * backport xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT (BZ#1778692) * Backport important bugfixes from upstream post 5.3 (BZ#1778693) * LUN path recovery issue with Emulex LPe32002 HBA in RHEL 8.0 Server during storage side cable pull testing (BZ#1781108) * cifs tasks enter D state and error out with "CIFS VFS: SMB signature verification returned error = -5" (BZ#1781110) * Update CIFS to linux 5.3 (except RDMA and conflicts) (BZ#1781113) * RHEL8.0 - Regression to RHEL7.6 by changing force_latency found during RHEL8.0 validation for SAP HANA on POWER (BZ#1781114) * blk-mq: overwirte performance drops on real MQ device (BZ#1782181) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2020:0653-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:0653 Issue date: 2020-03-03 CVE Names: CVE-2019-14816 CVE-2019-14895 CVE-2019-17133 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.3) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.3) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.3) - noarch, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Bug Fix(es): * RHEL7.5 - kernel crashed at xfs_reclaim_inodes_count+0x70/0xa0 (BZ#1795578) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Package List: Red Hat Enterprise Linux Server AUS (v. 7.3): Source: kernel-3.10.0-514.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.73.1.el7.noarch.rpm kernel-doc-3.10.0-514.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-headers-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.73.1.el7.x86_64.rpm perf-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.3): Source: kernel-3.10.0-514.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.73.1.el7.noarch.rpm kernel-doc-3.10.0-514.73.1.el7.noarch.rpm ppc64le: kernel-3.10.0-514.73.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debug-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.73.1.el7.ppc64le.rpm kernel-devel-3.10.0-514.73.1.el7.ppc64le.rpm kernel-headers-3.10.0-514.73.1.el7.ppc64le.rpm kernel-tools-3.10.0-514.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-514.73.1.el7.ppc64le.rpm perf-3.10.0-514.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm python-perf-3.10.0-514.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm x86_64: kernel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-headers-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.73.1.el7.x86_64.rpm perf-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.3): Source: kernel-3.10.0-514.73.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-514.73.1.el7.noarch.rpm kernel-doc-3.10.0-514.73.1.el7.noarch.rpm x86_64: kernel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-devel-3.10.0-514.73.1.el7.x86_64.rpm kernel-headers-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-514.73.1.el7.x86_64.rpm perf-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.3): ppc64le: kernel-debug-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-514.73.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-514.73.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.3): x86_64: kernel-debug-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-514.73.1.el7.x86_64.rpm perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-514.73.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-14816 https://access.redhat.com/security/cve/CVE-2019-14895 https://access.redhat.com/security/cve/CVE-2019-17133 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXl4XNNzjgjWX9erEAQhJBQ/8CyjpUUDSLTHaCEJFYJjkjeW/gZrQihQo n+YWSdQeMHaRyVnBmZEcBrbXju8a+z0jFrGF4Ur+UhzFSZWZhHsVo5RQiXOIy8/t gytN5rJb4254w7RF5EjnyfLCX1fC8kNdlBZfujwUG+dQXwnjCTt6JpTfDhXSoVBS iVlrjWdvoyNUa2rzjr6B2pp7oglZWosWiXW5IpH+WG8dnIG9zuV9uVoOMaeEDvbk c0mEYi3RvRZ1VhrG6nPcmdPURsSlUUxRFdWTuteYaQ5KRflwuNVTLuqvzQYN8gei E14TW4xLQ6Vxzyo/ri56hL7HvtjRXQMYIIKlM0d3noDwCCR0Tem8WbZeAvijQKpl hvRXI3yZ9v0B+oHm9rxf3uKGTSOofe4+7Bz0X07aV4JUWdkgkCsFsKITXbqd8RN4 ZHld8Si0ozhogFjUzM7sUwERX4U5+gYulIB8VeRlXizJD8BWt50vdkY2KvMsQHXf gMn/FvUZXZvMLmVZLmkga+vsQ3zmxCoUI09IV+rZJfECak+tnHfjnFqg/5rG2+UU gK313MUCsiEmqzryGDiz9UQnAwOwhWTw5FGpXcfSl+i0XMi4bgg7sk5z5yS8bTvJ yANM4DSxkKqK9ALhlFQbKmOzfpD41Spnb137Bak+yHPLDZyK70CHkYJyMX1GD+7n 0FdO1ZoO0uc=rEim -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * patchset for x86/atomic: Fix smp_mb__{before,after}_atomic() [kernel-rt] (BZ#1772522) * kernel-rt: update to the RHEL7.7.z batch#4 source tree (BZ#1780322) * kvm nx_huge_pages_recovery_ratio=0 is needed to meet KVM-RT low latency requirement (BZ#1781157) * kernel-rt: hard lockup panic in during execution of CFS bandwidth period timer (BZ#1788057) 4. ========================================================================= Ubuntu Security Notice USN-4163-1 October 22, 2019 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2016-10906) It was discovered that a race condition existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel when handling certain error conditions. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18232) It was discovered that the RSI 91x Wi-Fi driver in the Linux kernel did not did not handle detach operations correctly, leading to a use-after-free vulnerability. (CVE-2019-14814, CVE-2019-14816) Matt Delco discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform bounds checking when handling coalesced MMIO write operations. A local attacker with write access to /dev/kvm could use this to cause a denial of service (system crash). (CVE-2019-14821) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Technisat DVB-S/S2 USB device driver in the Linux kernel contained a buffer overread. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2019-15505) Brad Spengler discovered that a Spectre mitigation was improperly implemented in the ptrace susbsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information. (CVE-2019-15902) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: linux-image-4.4.0-1060-kvm 4.4.0-1060.67 linux-image-4.4.0-1096-aws 4.4.0-1096.107 linux-image-4.4.0-1124-raspi2 4.4.0-1124.133 linux-image-4.4.0-1128-snapdragon 4.4.0-1128.136 linux-image-4.4.0-166-generic 4.4.0-166.195 linux-image-4.4.0-166-generic-lpae 4.4.0-166.195 linux-image-4.4.0-166-lowlatency 4.4.0-166.195 linux-image-4.4.0-166-powerpc-e500mc 4.4.0-166.195 linux-image-4.4.0-166-powerpc-smp 4.4.0-166.195 linux-image-4.4.0-166-powerpc64-emb 4.4.0-166.195 linux-image-4.4.0-166-powerpc64-smp 4.4.0-166.195 linux-image-aws 4.4.0.1096.100 linux-image-generic 4.4.0.166.174 linux-image-generic-lpae 4.4.0.166.174 linux-image-kvm 4.4.0.1060.60 linux-image-lowlatency 4.4.0.166.174 linux-image-powerpc-e500mc 4.4.0.166.174 linux-image-powerpc-smp 4.4.0.166.174 linux-image-powerpc64-emb 4.4.0.166.174 linux-image-powerpc64-smp 4.4.0.166.174 linux-image-raspi2 4.4.0.1124.124 linux-image-snapdragon 4.4.0.1128.120 linux-image-virtual 4.4.0.166.174 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 7.6) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * [PATCH] perf: Fix a race between ring_buffer_detach() and ring_buffer_wakeup() (BZ#1772826) * core: backports from upstream (BZ#1780031) * Race between tty_open() and flush_to_ldisc() using the tty_struct->driver_data field. (BZ#1780160) * [Hyper-V][RHEL7.6]Hyper-V guest waiting indefinitely for RCU callback when removing a mem cgroup (BZ#1783176) Enhancement(s): * Selective backport: perf: Sync with upstream v4.16 (BZ#1782752) 4
VAR-201909-0757 CVE-2019-16649 plural Supermicro Vulnerabilities related to the use of hard-coded credentials in products CVSS V2: 5.0
CVSS V3: 10.0
Severity: CRITICAL
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the server managed by the BMC. plural Supermicro The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SuperMicro Supermicro X10 and so on are all server motherboards of American SuperMicro company. A security vulnerability exists in the virtual media service in several Supermicro products. The following products and versions are affected: SuperMicro Supermicro H11; Supermicro H12; Supermicro M11; Supermicro X9; Supermicro X10; Supermicro X11
VAR-201909-0725 CVE-2019-16650 Supermicro Vulnerability in Permission Management CVSS V2: 7.5
CVSS V3: 10.0
Severity: CRITICAL
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the server managed by the BMC. Supermicro Contains a privilege management vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SuperMicro Supermicro X10 and Supermicro X11 are both server motherboards of SuperMicro Corporation in the United States. A security vulnerability exists in SuperMicro Supermicro X10 and Supermicro X11
VAR-201909-0756 CVE-2019-16645 Embedthis GoAhead  Injection vulnerability in CVSS V2: 5.0
CVSS V3: 8.6
Severity: HIGH
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack. Embedthis GoAhead There is an injection vulnerability in.Information may be tampered with. Embedthis Software GoAhead is an embedded Web server of American Embedthis Software company. A security vulnerability exists in Embedthis Software GoAhead version 2.5.0
VAR-201909-0723 CVE-2019-16533 DrayTek Vigor2925 Cross-site scripting vulnerability in device firmware CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
On DrayTek Vigor2925 devices with firmware 3.8.4.3, Incorrect Access Control exists in loginset.htm, and can be used to trigger XSS. NOTE: this is an end-of-life product. DrayTek Vigor2925 The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DrayTek Vigor2925 is a wireless firewall router produced by DrayTek, Taiwan. The vulnerability is caused by the lack of correct verification of client data in the WEB application. Attackers can use this vulnerability to execute client code
VAR-201909-0724 CVE-2019-16534 DrayTek Vigor2925 Cross-Site Scripting Vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
On DrayTek Vigor2925 devices with firmware 3.8.4.3, XSS exists via a crafted WAN name on the General Setup screen. NOTE: this is an end-of-life product. DrayTek Vigor2925 The device firmware contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DrayTek Vigor2925 is a wireless firewall router from DrayTek, Taiwan. A cross-site scripting vulnerability exists in DrayTek Vigor 2925 with firmware version 3.8.4.3 that could allow an attacker to execute client-side code. The vulnerability stems from the lack of correct validation of client data in WEB applications
VAR-201909-1376 CVE-2019-11327 Topcon Positioning Net-G5 GNSS Receiver Path traversal vulnerability in device firmware CVSS V2: 4.0
CVSS V3: 4.9
Severity: MEDIUM
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. Topcon Positioning Net-G5 GNSS Receiver is a multi-frequency GNSS (Global Navigation Satellite System) receiver from Topcon, Japan
VAR-201909-1668 No CVE Command execution vulnerability exists in sweeping robot of Shenzhen Shanchuan Robot Co., Ltd. CVSS V2: 7.6
CVSS V3: -
Severity: HIGH
Shenzhen Shanchuan Robot Co., Ltd. is a high-tech enterprise focusing on the research and development, production and sales of sweeping robots. There is a command execution vulnerability in the sweeping robot of Shenzhen Shanchuan Robot Co., Ltd. An attacker can use this vulnerability to interact with the server to execute commands remotely, posing information leakage and operational security risks.
VAR-201909-0994 CVE-2019-13528 Niagara AX and Niagara Authentication vulnerability CVSS V2: 2.1
CVSS V3: 4.4
Severity: MEDIUM
A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-8000), Niagara 4.4u3 (JACE 3e, JACE 6e, JACE 7, JACE-8000), and Niagara 4.7u1 (JACE-8000, Edge 10). Niagara AX and Niagara Contains an authentication vulnerability.Information may be obtained
VAR-201909-0076 CVE-2019-6649 plural F5 BIG-IP Information disclosure vulnerability in products CVSS V2: 5.8
CVSS V3: 9.1
Severity: CRITICAL
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings. plural F5 BIG-IP The product contains an information disclosure vulnerability.Information may be obtained and information may be altered. Both F5 BIG-IP and F5 Enterprise Manager are products of the US company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 Enterprise Manager is a tool that provides visibility into the entire BIG-IP application delivery infrastructure and optimizes application performance. Security vulnerabilities exist in F5 BIG-IP and F5 Enterprise Manager. An attacker could exploit this vulnerability to disclose sensitive information and modify system configurations. The following products and versions are affected: F5 BIG-IP version 15.0.0, version 14.1.0 to version 14.1.0.6, version 14.0.0 to version 14.0.0.5, version 13.0.0 to version 13.1.1.5, version 12.1.0 to version 12.1.4.1, version 11.6.0 to version 11.6.4, version 11.5.1 to version 11.5.9; Enterprise Manager version 3.1.1
VAR-201909-1375 CVE-2019-11326 Topcon Positioning Net-G5 GNSS Receiver Vulnerability related to privilege management in device firmware CVSS V2: 6.5
CVSS V3: 8.8
Severity: HIGH
An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product is protected by a login. A guest is allowed to login. Once logged in as a guest, an attacker can browse a URL to read the password of the administrative user. The same procedure allows a regular user to gain administrative privileges. The guest login is possible in the default configuration. Topcon Positioning Net-G5 GNSS Receiver There is a privilege management vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Topcon Positioning Net-G5 GNSS Receiver is a multi-frequency GNSS (Global Navigation Satellite System) receiver from Japan's Topcon
VAR-201909-0077 CVE-2019-6650 F5 BIG-IP ASM Vulnerable to information disclosure CVSS V2: 5.8
CVSS V3: 9.1
Severity: CRITICAL
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings. F5 BIG-IP ASM is a Web Application Firewall (WAF) of F5 Corporation in the United States, which provides secure remote access, protects emails, simplifies Web access control, and enhances network and application performance. A security vulnerability exists in F5 BIG-IP ASM. An attacker could exploit this vulnerability to disclose sensitive information and modify system configurations. The following products and versions are affected: F5 BIG-IP ASM version 15.0.0, version 14.1.0 to version 14.1.0.6, version 14.0.0 to version 14.0.0.5, version 13.0.0 to version 13.1.1.5, version 12.1.0 Version to version 12.1.4.1, version 11.6.0 to version 11.6.4, version 11.5.1 to version 11.5.9
VAR-201909-0744 CVE-2019-16398 Keeper K5 Input validation vulnerability CVSS V2: 7.2
CVSS V3: 6.8
Severity: MEDIUM
On Keeper K5 20.1.0.25 and 20.1.0.63 devices, remote code execution can occur by inserting an SD card containing a file named zskj_script_run.sh that executes a reverse shell. Keeper K5 Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Keeper K5 is a 2MP Wifi Bluetooth IP camera. The vulnerability stems from the failure of the network system or product to properly validate the input data
VAR-201909-0750 CVE-2019-16412 Tenda N301 Wireless router input validation vulnerability CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.). Tenda N301 Wireless routers contain a vulnerability related to input validation.Service operation interruption (DoS) There is a possibility of being put into a state. Tenda N301 is an 11N wireless broadband router. A denial of service vulnerability exists in goform / setSysTools in Tenda N301. The vulnerability stems from the failure of the network system or product to properly validate the input data
VAR-201909-1509 CVE-2019-1975 Cisco HyperFlex Software cross-site scripting vulnerability CVSS V2: 4.3
CVSS V3: 6.1
Severity: MEDIUM
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. Cisco HyperFlex The software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Cisco HyperFlex Software is a set of scalable distributed file systems from Cisco. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services. A security vulnerability exists in Cisco HyperFlex Software 3.5.2f and earlier, and 4.0.1b and earlier, due to the program not adequately protecting HTML iframes
VAR-201909-0197 CVE-2019-12620 Cisco HyperFlex Vulnerability related to insufficient verification of data reliability in software CVSS V2: 5.0
CVSS V3: 5.3
Severity: MEDIUM
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. Cisco HyperFlex The software is vulnerable to insufficient validation of data reliability.Information may be tampered with. Cisco HyperFlex Software is a set of scalable distributed file systems from Cisco. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services
VAR-201909-1018 CVE-2019-14458 VIVOTEK IP Camera Vulnerability related to input validation in device firmware CVSS V2: 7.8
CVSS V3: 7.5
Severity: HIGH
VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of service via a crafted HTTP header. VIVOTEK IP Camera There is an input validation vulnerability in the device firmware.Service operation interruption (DoS) There is a possibility of being put into a state. Vivotek VIVOTEK IP Camera is an IP camera produced by Taiwan Vivotek Corporation. Vivotek VIVOTEK IP Cameras with firmware versions earlier than 0x20x have a security vulnerability
VAR-201909-1085 CVE-2019-15843 Xiaomi Millet Vulnerability related to unlimited uploading of dangerous types of files on mobile phones CVSS V2: 5.8
CVSS V3: 7.4
Severity: HIGH
A malicious file upload vulnerability was discovered in Xiaomi Millet mobile phones 1-6.3.9.3. A particular condition involving a man-in-the-middle attack may lead to partial data leakage or malicious file writing. Xiaomi mobile phone is a smartphone produced by Xiaomi Information Technology Co., Ltd. An attacker can exploit this vulnerability to write files or read privileged data. There are code issue vulnerabilities in several Xiaomi phones
VAR-201909-0745 CVE-2019-16399 Western Digital WD My Book World II Authentication vulnerability CVSS V2: 7.5
CVSS V3: 9.8
Severity: CRITICAL
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me. An attacker could exploit this vulnerability to gain access to the /admin/ directory without credentials