VARIoT IoT vulnerabilities database

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a virtualization attack. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via compromised firmware. ECOS Secure Boot Stick ( alias SBS) Contains a cryptographic vulnerability.Information may be obtained and information may be altered. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys

Protection Mechanism Failure in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows a local attacker to duplicate an authentication factor via cloning. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOSSecureBootStick (aka SBS) is a security device for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications from ECOSTECHNOLOGY, Germany. There is a security vulnerability in the ECOSSBS version 5.6.5. An attacker could exploit the vulnerability to bypass security restrictions

Insufficient Verification of Data Authenticity vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to manipulate security relevant configurations and execute malicious code. ECOS Secure Boot Stick ( alias SBS) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. There is a security hole in ECOS SBS version 5.6.5, which is caused by the fact that the program does not fully verify the reliability of the data

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. ECOS Secure Boot Stick ( alias SBS) Contains an information disclosure vulnerability.Information may be obtained. ECOS Secure Boot Stick (also known as SBS) is a security device from German ECOS TECHNOLOGY for remote access to Citrix, Microsoft Terminal Server, VMware and other web applications. A security vulnerability exists in ECOS SBS version 5.6.5. An attacker could exploit this vulnerability to take control of authentication and encryption keys

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it. Cloud Media Popcorn A-200 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. There is a security vulnerability in ECOS SBS version 5.6.5, which is caused by an undocumented vendor backdoor in the program. An attacker could exploit this vulnerability by sending a specially crafted request to extract credential information

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. OPC Foundation Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. Huawei HG255s-10 Contains a path traversal vulnerability.Information may be obtained. HuaweiHG255s-10 is a wireless router product from China's Huawei company

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.). SamsungsmartViewer is Samsung's TV connection software. A cross-site scripting vulnerability exists in SamsungWebViewerforSamsungDVR that allows remote attackers to exploit exploits to inject arbitrary web scripts or HTML

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. Calendar Contains an authorization vulnerability.Information may be tampered with. Synology Calendar is a file protection program from Synology that runs on Synology NAS devices

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. Knowage ( Old SpagoBI) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site scripting vulnerability exists in Knowage 6.1.1. A remote attacker could use this vulnerability to inject arbitrary Web scripts or HTML by sending a name or description field to the 'Olap Schemas' Catalogue' directory

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. Knowage ( Old SpagoBI) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site request forgery vulnerability exists in Knowage 6.1.1. A remote attacker could use the form to exploit this vulnerability to send a request and perform an action without the user's knowledge

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. Knowage ( Old SpagoBI) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site scripting vulnerability exists in Knowage 6.1.1. A remote attacker could use this vulnerability to inject arbitrary Web scripts or HTML by sending a name field to the 'Business Model's Catalogue' directory

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IgniteRealtimeOpenfire (formerly Wildfire) is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support it. The number of tens of thousands of concurrent users

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. An attacker could exploit this vulnerability to obtain values about other processes stored in a number register. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. ========================================================================== Ubuntu Security Notice USN-3696-2 July 02, 2018 linux-lts-xenial, linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.4.0-1024-aws 4.4.0-1024.25 linux-image-4.4.0-130-generic 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-generic-lpae 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-lowlatency 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-e500mc 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-smp 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-emb 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-smp 4.4.0-130.156~14.04.1 linux-image-aws 4.4.0.1024.24 linux-image-generic-lpae-lts-xenial 4.4.0.130.110 linux-image-generic-lts-xenial 4.4.0.130.110 linux-image-lowlatency-lts-xenial 4.4.0.130.110 linux-image-powerpc-e500mc-lts-xenial 4.4.0.130.110 linux-image-powerpc-smp-lts-xenial 4.4.0.130.110 linux-image-powerpc64-emb-lts-xenial 4.4.0.130.110 linux-image-powerpc64-smp-lts-xenial 4.4.0.130.110 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. (CVE-2017-12154) Fan Wu, Haoran Qiu, and Shixiong Zhao discovered that the associative array implementation in the Linux kernel sometimes did not properly handle adding a new entry. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2019-11091) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939) * kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068) * kernel: Use-after-free due to race condition in AF_PACKET implementation (CVE-2018-18559) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913) * kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message (CVE-2017-11600) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * update the MRG 2.5.z 3.10 kernel-rt sources (BZ#1692711) 4. Bugs fixed (https://bugzilla.redhat.com/): 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver 1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation 1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) 1692711 - update the MRG 2.5.z 3.10 kernel-rt sources 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07.lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Category: core Module: kernel Announced: 2018-06-21 Credits: Julian Stecklina from Amazon Germany Thomas Prescher from Cyberus Technology GmbH Zdenek Sojka from SYSGO AG Colin Percival Affects: All supported version of FreeBSD. Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE) 2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3) 2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11) CVE Name: CVE-2018-3665 Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background Modern CPUs have a floating point unit (FPU) which needs to maintain state per thread. One technique is to only save and to only restore the FPU state for a thread when a thread attempts to utilize the FPU. II. III. Impact Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. IV. Workaround No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. V. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch.asc # gpg --verify lazyfpu-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r335169 releng/11.2/ r335196 releng/11.1/ r335465 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. (CVE-2018-3665) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-124.148 | 40.6 | lowlatency, generic | | 4.4.0-124.148~14.04.1 | 40.6 | generic, lowlatency | | 4.4.0-127.153 | 40.6 | lowlatency, generic | | 4.4.0-127.153~14.04.1 | 40.6 | lowlatency, generic | | 4.4.0-128.154 | 40.6 | generic, lowlatency | | 4.4.0-128.154~14.04.1 | 40.6 | generic, lowlatency | | 4.15.0-20.21 | 40.7 | generic, lowlatency | | 4.15.0-22.24 | 40.7 | lowlatency, generic | | 4.15.0-23.25 | 40.7 | lowlatency, generic | References: CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: kernel security update Advisory ID: RHSA-2018:1852-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:1852 Issue date: 2018-06-14 CVE Names: CVE-2018-3665 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting this issue. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64: kernel-3.10.0-862.3.3.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.3.3.el7.ppc64.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64.rpm perf-3.10.0-862.3.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm python-perf-3.10.0-862.3.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64le.rpm perf-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.3.3.el7.s390x.rpm kernel-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-headers-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.3.3.el7.s390x.rpm perf-3.10.0-862.3.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm python-perf-3.10.0-862.3.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64le: kernel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-headers-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.3.3.el7.ppc64le.rpm perf-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm s390x: kernel-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debug-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.3.3.el7.s390x.rpm kernel-devel-3.10.0-862.3.3.el7.s390x.rpm kernel-headers-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.3.3.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.3.3.el7.s390x.rpm perf-3.10.0-862.3.3.el7.s390x.rpm perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm python-perf-3.10.0-862.3.3.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.3.3.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.3.3.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.3.3.el7.noarch.rpm kernel-doc-3.10.0-862.3.3.el7.noarch.rpm x86_64: kernel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-devel-3.10.0-862.3.3.el7.x86_64.rpm kernel-headers-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.3.3.el7.x86_64.rpm perf-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.3.3.el7.x86_64.rpm perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.3.3.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3665 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/solutions/3485131 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBWyLMGNzjgjWX9erEAQgpYA/9Hvz73em4/tW/TzM8kN/cCUwrOo83OQGU t6j7YpDHKYm6u3chj6nlBSXW7UV+aY/63QMRTnzMWsGF1facAikYVqjyVZG4C//9 6DpBILs3bNgOS2XuKo8QfNfA+0FahOKScaeczXnPjIJZMj+v+2ykh2uTYENC4eLd nnUymlRLm7MXcdmi3XSTmfBoBgcx4Beu+cLrZsdhxK0cFjw646KbiKqhbLbfVFK/ R+s49rsRJNWBw9DWaXskgAYOsznZA8EWNr5ncAwQ73ovIXy2k9qPvUJA/RNEOVZd 83LDx4IUs1VQ1xts38E0/tdnNV63bJ+oiv8j4P/tAXF3Ze/E46IvTdFu5U8bVCCD ka1Ix+8YIvDHbvZCB62STZAA9N7vdCYZg/4o8NqsDnVE/7G18SbJsOhmKunMVybE f0VSC19vyY6lVSBOY3Iyi/agO7tH0pY0YgHQDOQV/uGaCfR8lxvSbx37WCdXfDwm OJ0iUeFO12PYewTtpdz5uayRbtRxLvroEADLalyaJAfatCn5hPIhGVUCPkUEqzSu pRQov4JT1WgB2i5w50OAfFsMbnri5+CoaHOeBIZpQP36EqGGkji4Qaf9hyVLxwl4 N9cBzCJlC8Ssx/QVGFq1cqDt6iKgO/cxHskK3fCa8f/S4r7WR2ZLB5KaaJFk6Q9F m88/SMEZ3SU= =W4TZ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team APFS Available for: macOS High Sierra 10.13.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative ATS Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: macOS High Sierra 10.13.5 Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher CoreCrypto Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4269: Abraham Masri (@cheesecakeufo) CUPS Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera Entry added October 30, 2018 DesktopServices Available for: macOS Sierra 10.12.6 Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2018-4178: Arjen Hendrikse IOGraphics Available for: macOS High Sierra 10.13.5 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An information disclosure issue was addressed with FP/SIMD register state sanitization. CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival Kernel Available for: macOS High Sierra 10.13.5 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Entry added October 30, 2018 libxpc Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter CVE-2018-6913: GwanYeong Kim Entry added October 30, 2018 Ruby Available for: macOS High Sierra 10.13.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Entry added October 30, 2018 Additional recognition App Store We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith and and Max BA(c)langer of Dropbox for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance. Installation note: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EgwhAA rut4Qepkh88tcd23FV/Fz6uEdqa2MDPRPhVs6rM5iM7912vhtVZHz1sDUpSwNFe+ Hfdx0qsZaxY1sKjqMejq5mpanjFWhCCWb7MxifGm1HTJRMibuTAW7zVwD51jsG7z GpQtZ8ASaW9NErn+3IPB0O//CCvAKR/qyqn+KyEhYw+xtz2j+dzneB6lpwFkiqG2 0Iz5DQ2Hwms/88byzoXLWljAApvgSeant1YAiShq9bvQ3iWSkLSoo1dEa9jhhGJV jKyc+XloM7AfAHl6sjR6t3Cgdmfpy7s4osx17tqa4B5CYUloBGcZ0SZrL6iJDDvV 5OTsXHCQ9NLwZrdAwIgfcVcs01Y8hVkpjhCmm2InGwREJUtpYefCQ/kIlDa1YOym 3ua/SEO5+UYSVspG45vTdRB6SNSzeWzcQvJohrXavSllttcGyNx9RxMSr9CGxNSE Vjmo30J8D2Oow2hMtK1PWXxI+t4UadO33rL1H2u8ivl9J1BI9sEL0linFTUpEnIS iIRYUdrr+ZduSsC21NBLhMOak61GWYQRSN+p3nbL7fDqZCFdBSwvye4q2MmZG1Op aDePXQWSPgzlXzfi2C6KiR+lSyZlgCwtwhPGlzDFH5MGxr5Tleov98GB4uml91lj PVSMCsvYvRarIh6enmy+SR/6X7gVgrpx4m/fdraBwTw= =e0YF -----END PGP SIGNATURE-----

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. RAPIDLab and RAPIDPoint Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RAPIDLab 1200 system is a cartridge-based blood gas, electrolyte and metabolite analyzer designed for medium to large capacity clinical laboratories. The RAPIDPoint 400/405/500 system is a cassette analyzer based on blood gases, electrolytes and metabolites designed for use in a care setting environment. SIEMENS RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers have elevated permissions vulnerabilities. Siemens RAPIDLab 1200 systems is an intensive care solution with blood and respiratory monitoring functions. RAPIDPoint 400 systems and RAPIDPoint 500 systems are different series of solutions for the clinical analysis of blood electrolytes, glucose, hematocrit and neonatal bilirubin

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. SIEMENSSCALANCEM875 has a cross-site request forgery vulnerability. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a command injection vulnerability in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens