VARIoT IoT vulnerabilities database

In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks

The product M2M ETHERNET (FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior) is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism. M2M ETHERNET Product (FW and ETH-FW) Contains an authentication vulnerability.Information may be tampered with. ABB M2M ETHERNET is a network analysis device of Swiss ABB company. ABB M2M ETHERNET FW 2.22 and earlier versions and ETH-FW 1.01 and earlier versions have authorization issue vulnerabilities. Attackers can use this vulnerability to upload malicious language files. An attacker can exploit this issue to bypass the authentication mechanism. Successful exploits may aid in launching further attacks

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root. RedHatWildfly is a JavaEE-based lightweight open source application server from RedHat. A race condition issue vulnerability exists in RedHatWildfly16.0.0.Final and prior versions. The vulnerability stems from the improper handling of concurrent access when the network system or product is running and concurrent code needs to access shared resources mutually exclusive. Redhat Wildfly is prone to a local denial of service vulnerability. An attacker can leverage this issue to cause a denial of service condition. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Installation instructions are available from the Fuse 7.4.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.4/ 4. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1628702 - CVE-2018-14642 undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1671096 - CVE-2018-12023 jackson-databind: improper polymorphic deserialization of types from Oracle JDBC driver 1671097 - CVE-2018-12022 jackson-databind: improper polymorphic deserialization of types from Jodd-db library 1677341 - CVE-2018-11307 jackson-databind: Potential information exfiltration with default typing, serialization gadget from MyBatis 1682108 - CVE-2019-3894 wildfly: wrong SecurityIdentity for EE concurrency threads that are reused 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-14861 - [GSS](7.2.z) Upgrade JBeret from 1.3.1.Final to 1.3.2.Final JBEAP-15392 - (7.2.z) Upgrade Apache CXF from 3.2.5 to 3.2.7 JBEAP-15477 - (7.2.z) Upgrade PicketLink bindings from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15478 - (7.2.z) Upgrade PicketLink from 2.5.5.SP12-redhat-2 to 2.5.5.SP12-redhat-4 JBEAP-15568 - [GSS](7.2.z) Upgrade ironjacamar from 1.4.11 Final to 1.4.15 Final JBEAP-15617 - (7.2.z) Upgrade WildFly Core from 6.0.11 to 6.0.12 JBEAP-15622 - [GSS](7.2.z) Upgrade jboss-el-api_spec from 1.0.12.Final to 1.0.13.Final JBEAP-15748 - [GSS](7.2.z) Upgrade jastow from 2.0.6.Final-redhat-00001 to 2.0.7.Final-redhat-00001 JBEAP-15805 - (7.2.z) Upgrade Hibernate ORM from 5.3.7 to 5.3.8 JBEAP-15851 - [ENG] (7.2.z) Upgrade Infinispan from 9.3.3.Final to 9.3.6.Final JBEAP-15869 - (7.2.z) Upgrade Undertow from 2.0.15 to 2.0.19 JBEAP-15876 - (7.2.z) Upgrade Artemis from 2.6.3.redhat-00014 to 2.6.3.redhat-00020 JBEAP-16025 - Upgrade yasson from 1.0.1 to 1.0.2 JBEAP-16037 - [GSS](7.2.z) Upgrade Narayana from 5.9.0.Final to 5.9.1.Final JBEAP-16086 - (7.2.z) Upgrade WildFly HTTP client from 1.0.12.Final to 1.0.13.Final JBEAP-16090 - [GSS](7.2.z) Upgrade jboss-ejb-client from 4.0.12 to 4.0.15 JBEAP-16091 - [GSS](7.2.z) Upgrade wildfly-transaction-client from 1.1.2.Final-redhat-1 to 1.1.3.Final-redhat-1 JBEAP-16112 - (7.2.z) Upgrade FasterXML Jackson from 2.9.5.redhat-2 to 2.9.8 JBEAP-16122 - [Runtimes] (7.2.z) Upgrade istack from 3.0.5.redhat-1 to 3.0.7.redhat-00001 JBEAP-16123 - [Runtimes] (7.2.x) Upgrade commons-digester from 1.8 to 1.8.1.redhat-4 JBEAP-16124 - [Runtimes] (7.2.x) Upgrade hornetq from 2.4.7.redhat-1 to 2.4.7.redhat-2 JBEAP-16125 - [Runtimes] (7.2.x) Upgrade org.jboss.genericjms from 2.0.1.Final-redhat-1 to 2.0.1.Final-redhat-00002 JBEAP-16137 - (7.2.z) (WFCORE) Upgrade FasterXML Jackson from 2.9.2 to 2.9.8 JBEAP-16146 - (7.2.z) Upgrade Elytron from 1.6.1.Final to 1.6.2.Final JBEAP-16147 - (7.2.z) Upgrade Elytron-Tool from 1.4.0 to 1.4.1.Final JBEAP-16234 - Tracker bug for the EAP 7.2.1 release for RHEL-7 JBEAP-16259 - (7.2.z) Upgrade legacy EJB Client from 3.0.2.Final-redhat-1 to 3.0.3.Final-redhat-1 JBEAP-16276 - (7.2.z) Upgrade elytron-web from 1.2.3.Final to 1.2.4.Final JBEAP-16321 - (7.2.z) HHH-13099 HHH-13283 Upgrade ByteBuddy from 1.8.17 to 1.9.5 JBEAP-16347 - (7.2.z) Upgrade jboss-logmanager from 2.1.5.Final-redhat-00001 to 2.1.7.Final JBEAP-16356 - (7.2.z) Upgrade RESTEasy from 3.6.1.SP2 to 3.6.1.SP3 JBEAP-16367 - (7.2.z) Upgrade commons-lang3 from 3.6.0-redhat-1 to 3.8-redhat-00001 JBEAP-16368 - (7.2.z) Upgrade cxf-xjc from 3.2.2.redhat-00001 to 3.2.3.redhat-00002 JBEAP-16369 - (7.2.z) Upgrade httpasyncclient from 4.1.3.redhat-2 to 4.1.4.redhat-00001 JBEAP-16381 - (7.2.z) Upgrade jboss-remoting-jmx from 3.0.0.Final to 3.0.1.Final JBEAP-16418 - (7.2.z) Upgrade Hibernate ORM from 5.3.8 to 5.3.9 JBEAP-9657 - (7.2.z) Upgrade jboss-negotiation from 3.0.4 to 3.0.5.Final-redhat-00001 7. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat Data Grid 7.3.3 security update Advisory ID: RHSA-2020:0727-01 Product: Red Hat JBoss Data Grid Advisory URL: https://access.redhat.com/errata/RHSA-2020:0727 Issue date: 2020-03-05 CVE Names: CVE-2018-14335 CVE-2019-3805 CVE-2019-3888 CVE-2019-9512 CVE-2019-9514 CVE-2019-9515 CVE-2019-9518 CVE-2019-10173 CVE-2019-10174 CVE-2019-10184 CVE-2019-10212 CVE-2019-14379 ==================================================================== 1. Summary: An update for Red Hat Data Grid is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.3 serves as a replacement for Red Hat Data Grid 7.3.2 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Security Fix(es): * HTTP/2: flood using PING frames results in unbounded memory growth (CVE-2019-9512) * HTTP/2: flood using HEADERS frames results in unbounded memory growth (CVE-2019-9514) * HTTP/2: flood using SETTINGS frames results in unbounded memory growth (CVE-2019-9515) * HTTP/2: flood using empty frames results in excessive resource consumption (CVE-2019-9518) * xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) (CVE-2019-10173) * infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods (CVE-2019-10174) * jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379) * h2: Information Exposure due to insecure handling of permissions in the backup (CVE-2018-14335) * wildfly: Race condition on PID file allows for termination of arbitrary processes by local users (CVE-2019-3805) * undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed (CVE-2019-3888) * undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files (CVE-2019-10212) * undertow: Information leak in requests for directories without trailing slashes (CVE-2019-10184) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: To install this update, do the following: 1. Download the Data Grid 7.3.3 server patch from the customer portal. 2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on. 3. Install the Data Grid 7.3.3 server patch. Refer to the 7.3 Release Notes for patching instructions. 4. Restart Data Grid to ensure the changes take effect. 4. Bugs fixed (https://bugzilla.redhat.com/): 1610877 - CVE-2018-14335 h2: Information Exposure due to insecure handling of permissions in the backup 1660263 - CVE-2019-3805 wildfly: Race condition on PID file allows for termination of arbitrary processes by local users 1693777 - CVE-2019-3888 undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed 1703469 - CVE-2019-10174 infinispan: invokeAccessibly method from ReflectionUtil class allows to invoke private methods 1713068 - CVE-2019-10184 undertow: Information leak in requests for directories without trailing slashes 1722971 - CVE-2019-10173 xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285) 1731984 - CVE-2019-10212 undertow: DEBUG log for io.undertow.request.security if enabled leaks credentials to log files 1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded memory growth 1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in unbounded memory growth 1735745 - CVE-2019-9515 HTTP/2: flood using SETTINGS frames results in unbounded memory growth 1735749 - CVE-2019-9518 HTTP/2: flood using empty frames results in excessive resource consumption 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 5. References: https://access.redhat.com/security/cve/CVE-2018-14335 https://access.redhat.com/security/cve/CVE-2019-3805 https://access.redhat.com/security/cve/CVE-2019-3888 https://access.redhat.com/security/cve/CVE-2019-9512 https://access.redhat.com/security/cve/CVE-2019-9514 https://access.redhat.com/security/cve/CVE-2019-9515 https://access.redhat.com/security/cve/CVE-2019-9518 https://access.redhat.com/security/cve/CVE-2019-10173 https://access.redhat.com/security/cve/CVE-2019-10174 https://access.redhat.com/security/cve/CVE-2019-10184 https://access.redhat.com/security/cve/CVE-2019-10212 https://access.redhat.com/security/cve/CVE-2019-14379 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product\xdata.grid&downloadType=patches&version=7.3 https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html-single/red_hat_data_grid_7.3_release_notes/index 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXmD2b9zjgjWX9erEAQhDqA/9G7uM0HlTt4M6Z9Zc23FSbbr+jj1k/o69 a5WWa+xS3Ko4IvlN5rt+wOHSFet+NTMAerNHzAsB2+viX1hr14Hwf3QnIom/yxbJ PaC1djdaZfcvSIODhbq/C5Ilae09x3rW1voQ39i1Q2bsEqVePLZdC75KjvNLsfqe QJCMvcO3jkccxn7k45baCfTGsFyOhHb17Y9DRarWsC7jO9kEjMxrUPN6qKP6BC9t RMuqDxo1aJnatMeCWb7NA0UpOz0+lFpuR+ZZYPV444nGmfTKrbc9c5TuQUCSP+LD sG1+fh2xMztuGxNiJfgSP3iqHmgXD9TBxh1kxn1kt59llCO5+Uqu/O5OsqeQQ0Ym I+a2VAzn2N776sTbWIZ3231IJex68oG+4/fIo6/FVVJpmtDIDgumgErTPD0kkNuT yyyn3u50RZohzSxEz37QdiQDJbiJcJhmtFR5fLRAbFa8Ys2Gw81PGFba95/kVooX K5uSukzOBm8nhxfBvwZDCY/gWuJwVLSAOJb4VoPZiR2WbZsx+9r+spQv6K9wYr5v s//DY88rsUSaMH4kGco//6Dqis8IwOISr/ZR+Edlnrz1rHv9Z4XerMw56VUKIHva mS7rdNmbLqHN0XfZImxewLca2i7sWIlxWrgKF2f4zEO3ermivdis7RdssZkJ9Zv9 S7B2VoNOQj4=zoia -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, including user credentials. 3S-Smart CODESYS Control for BeagleBone, etc. are all German 3S-Smart Software Solutions company's programming software for industrial control system development. The following products and versions are affected: 3S-Smart CODESYS Control for BeagleBone, CODESYS Control for emPC-A / iMX6, CODESYS Control for IOT2000, CODESYS Control for Linux, CODESYS Control for PFC100, CODESYS Control for PFC200, CODESYS Control for Raspberry Pi, CODESYS Control RTE V3, CODESYS Control RTE V3 (for Beckhoff CX), CODESYS Control Win V3 (part of CODESYS setup), CODESYS V3 Simulation Runtime (part of CODESYS Development System), CODESYS Control V3 Runtime System Toolkit, CODESYS HMI V3. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. Successful exploitation may aid in launching further attacks

An Improper Check for Unusual or Exceptional Conditions vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where an unauthenticated user can send a specially crafted XML data via a POST request to cause the web server to become unavailable. plural Schneider Electric The product contains an exceptional condition check vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state

An Information Exposure through Discrepancy vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 where the web server sends different responses in a way that exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not. plural Schneider Electric The product contains an information disclosure vulnerability.Information may be obtained. SchneiderElectricModiconM340 and others are programmable logic controller products from Schneider Electric of France

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi) chip to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. Samsung Galaxy S6 SM-G920F Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-11785 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. An attacker could exploit the vulnerability to cause device drivers to access invalid memory

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. Samsung Galaxy S6 Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-11785 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. An attacker could exploit the vulnerability to cause device drivers to access invalid memory

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device driver to perform invalid memory accesses. The Samsung ID is SVE-2018-11785. Samsung Galaxy S6 SM-G920F Contains a buffer error vulnerability. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-11785 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. An attacker could exploit the vulnerability to cause device drivers to access invalid memory

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause the device to reboot. The Samsung ID is SVE-2018-11783. Samsung Galaxy S6 SM-G920F Is NULL A vulnerability related to pointer dereference exists. Vendors have confirmed this vulnerability Samsung ID: SVE-2018-11783 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. An attacker could exploit the vulnerability to cause a device reboot

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware. Samsung Galaxy S6 SM-G920F Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SamsungGalaxyS6 is a smartphone released by South Korea's Samsung. Bcmdhd4358 Wi-Fidriver is one of the Wi-Fi drivers. A security vulnerability exists in the 'dhd_rx_frame' function of the drivers/net/wireless/bcmdhd4358/dhd_linux.c file of the bcmdhd4358 Wi-Fi driver in the SamsungGalaxyS6 (SM-G920F) with firmware G920FXXU5EQH7. The vulnerability program failed to verify Wi- correctly. The index of the web interface provided by the Fi chip firmware. An attacker could exploit the vulnerability to prevent users from accessing operating system memory

A stack-based buffer overflow in the LAN UPnP service running on UDP port 1900 of Swisscom Internet-Box (2, Standard, and Plus) prior to v09.04.00 and Internet-Box light prior to v08.05.02 allows remote code execution. No authentication is required to exploit this vulnerability. Sending a simple UDP packet to port 1900 allows an attacker to execute code on a remote device. However, this is only possible if the attacker is inside the LAN. Because of ASLR, the success rate is not 100% and leads instead to a DoS of the UPnP service. The remaining functionality of the Internet Box is not affected. A reboot of the Internet Box is necessary to attempt the exploit again. plural Swisscom The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Swisscom Internet-Box is a router of Swisscom company in Switzerland

Subsonic is a media file hosting platform. A request forgery vulnerability exists on the Subsonic server. The vulnerability is located in the "internetRadioSettings.view" module and the "streamUrl" parameter of the localhost path URL. Allows remote attackers to hijack Internet wireless current authentication.

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface. plural Bosch IP camera The product firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BoschIPCamera is a network camera product from BoschSicherheissysteme, Germany. A buffer overflow vulnerability exists in the Web server in BoschIPCamera using firmware version 6.32 and later

atbox.htm on D-Link DSL-2770L devices allows remote unauthenticated attackers to discover admin credentials. D-Link DSL-2770L The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-2770L is a wireless router from D-Link. A security vulnerability exists in the atbox.htm file in the D-LinkDSL-2770LME_1.01, ME_1.02, and AU_1.06 versions. D-Link DSL-2770L Router is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. D-Link DSL-2770L ME 1.01, ME 1.02, and AU1.06 are vulnerable

spaces.htm on multiple D-Link devices (DSL, DIR, DWR) allows remote unauthenticated attackers to discover admin credentials. plural D-Link device (DSL , DIR , DWR) Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. D-LinkDSL-2770L and others are all wireless router products of D-Link. There are security holes in the spaces.htm file in several D-Link devices. A remote attacker can exploit this vulnerability to divulge admin credentials. Multiple D-Link Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The following products and versions are vulnerable: D-Link DSL-2770L ME 1.01, ME 1.02, AU 1.06 D-Link DIR-140L, and DIR-640L versions 1.00, 1.01RU, 1.02 D-Link DWR-116, DWR-512, DWR-555, and DWR-921 versions 1.03, 1.05, 2.01, 2.02. The following products and versions are affected: D-Link DSL-2770L Version ME_1.01, Version ME_1.02, Version AU_1.06; DIR-140L Version 1.00, Version 1.01RU, Version 1.02; DIR-640L Version 1.00, Version 1.01RU , Version 1.02; DWR-116 Version 1.03, Version 1.05, Version 2.01, Version 2.02; DWR-512 Version 1.03, Version 1.05, Version 2.01, Version 2.02; DWR-555 Version 1.03, Version 1.05, Version 2.01, Version 2.02; -921 Version 1.03, Version 1.05, Version 2.01, Version 2.02

dirary0.js on D-Link DIR-140L, DIR-640L devices allows remote unauthenticated attackers to discover admin credentials. D-Link DIR-140L and DIR-640L The device contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The D-Link DIR-140L and DIR-640L are both D-Link wireless router products. An information disclosure vulnerability exists in the dirty0.js file in the D-LinkDIR-140L1.02 and DIR-640L1.01RU versions. D-Link DIR-140L and DIR-640L Routers are prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. The following versions are vulnerable: DIR-140L 1.02 DIR-640L 1.01RU

A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.). BlinkForHome ( alias Blink For Home) Sync module Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ImmediaSemiconductorBlinkForHomeSyncModule is a synchronization module used in home security camera systems by ImmediaSemiconductor. A denial of service vulnerability exists in ImmediaSemiconductorBlinkForHomeSyncModule2.10.4 and earlier, which could be exploited by an attacker to cause a denial of service

Improper file permissions in the installer for Intel VTune Amplifier 2018 Update 3 and before may allow unprivileged user to potentially gain privileged access via local access. Intel VTune Amplifier Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Intel VTune Amplifier is a set of performance analysis tools of Intel Corporation of the United States. This product is mainly used for performance analysis of high-performance computing, IoT embedded applications, device drivers and game engines. The installer in Intel VTune Amplifier 2018 Update 3 and earlier has a security vulnerability. A local attacker could use this vulnerability to elevate privileges

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC