VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions < V13 SP2 Update 2), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. SIMATIC STEP 7 and WinCC (TIA Portal ) Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Siemens SIMATIC STEP 7 (TIA Portal) is a set of programming software for SIMATIC controllers. The software provides PLC programming, design option packages and advanced drive technology. WinCC (TIA Portal) is an automated data acquisition and monitoring (SCADA) system. The system provides functions such as process monitoring and data acquisition. And resources that are executed by the user. Siemens SIMATIC STEP 7 and SIMATIC WinCC are prone to multiple insecure file-permissions vulnerabilities. A local attacker can exploit these issues by gaining access to a world-readable file and extracting sensitive information from it. Information obtained may aid in other attacks

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required. Automation License Manager Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Siemens Automation License Manager is a Siemens system from Germany that handles remote and local certificates in HMI, SCADA and industrial products. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks

A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device. The Siemens Automation License Manager is a Siemens system from Germany that handles remote and local certificates in HMI, SCADA and industrial products. An attacker can exploit these issues using directory-traversal characters ('../') to access or read arbitrary files that contain sensitive information or to access files outside of the restricted directory or obtain sensitive information and perform other attacks

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. An input validation error vulnerability exists in the Linux kernel version 4.9+. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. (BZ#1625330) 4. 7) - noarch, x86_64 3. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. (BZ#1594915) 4. 7.4) - ppc64, ppc64le, x86_64 3. Bug Fix(es): * Previously, making the total buffer size bigger than the memory size for early allocation through the trace_buf_size boot option, made the system become unresponsive at the boot stage. This update introduces a change in the early memory allocation. As a result, the system no longer hangs in the above described scenario. (BZ#1588365) * When inserting objects with the same keys, made the rhlist implementation corrupt the chain pointers. As a consequence, elements were missing on removal and traversal. This patch updates the chain pointers correctly. As a result, there are no missing elements on removal and traversal in the above-described scenario. (BZ#1601008) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1612352) * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618389) 4. ========================================================================== Ubuntu Security Notice USN-3742-3 August 21, 2018 linux-lts-trusty regressions ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 ESM Summary: USN-3742-2 introduced regressions in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty for Precise ESM Details: USN-3742-2 introduced mitigations in the Linux Hardware Enablement (HWE) kernel for Ubuntu 12.04 ESM to address L1 Terminal Fault (L1TF) vulnerabilities (CVE-2018-3620, CVE-2018-3646). Unfortunately, the update introduced regressions that caused kernel panics when booting in some environments as well as preventing Java applications from starting. We apologize for the inconvenience. Original advisory details: It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). (CVE-2018-3620) Andrey Konovalov discovered an out-of-bounds read in the POSIX timers subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. A remote attacker could use this to cause a denial of service. A remote attacker could use this to cause a denial of service. (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 ESM: linux-image-3.13.0-156-generic 3.13.0-156.206~precise1 linux-image-3.13.0-156-generic-lpae 3.13.0-156.206~precise1 linux-image-generic-lpae-lts-trusty 3.13.0.156.146 linux-image-generic-lts-trusty 3.13.0.156.146 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. 6.5) - x86_64 3. Bug Fix(es): * Previously, invalid headers in the sk_buff struct led to an indefinite loop in the tcp_collapse() function. As a consequence, the system became unresponsive. (BZ#1619630) * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1625333) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. (BZ#1629632) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2384-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2384 Issue date: 2018-08-14 CVE Names: CVE-2017-13215 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-5390 CVE-2018-7566 CVE-2018-10675 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - noarch, ppc64le 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: crypto: privilege escalation in skcipher_recvmsg function (CVE-2017-13215) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) * kernel: race condition in snd_seq_write() may lead to UAF or OOB access (CVE-2018-7566) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390. Bug Fix(es): These updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3527791 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1575065 - CVE-2018-10675 kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64: kernel-3.10.0-862.11.6.el7.ppc64.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64.rpm perf-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-headers-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-3.10.0-862.11.6.el7.ppc64le.rpm perf-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm s390x: kernel-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debug-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-862.11.6.el7.s390x.rpm kernel-devel-3.10.0-862.11.6.el7.s390x.rpm kernel-headers-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-862.11.6.el7.s390x.rpm kernel-kdump-devel-3.10.0-862.11.6.el7.s390x.rpm perf-3.10.0-862.11.6.el7.s390x.rpm perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm python-perf-3.10.0-862.11.6.el7.s390x.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.s390x.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7): noarch: kernel-doc-3.10.0-862.11.6.el7.noarch.rpm ppc64le: kernel-debug-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debug-devel-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.ppc64le.rpm perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.ppc64le.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-862.11.6.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-862.11.6.el7.noarch.rpm kernel-doc-3.10.0-862.11.6.el7.noarch.rpm x86_64: kernel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debug-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-devel-3.10.0-862.11.6.el7.x86_64.rpm kernel-headers-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-3.10.0-862.11.6.el7.x86_64.rpm perf-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: kernel-debug-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-862.11.6.el7.x86_64.rpm perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm python-perf-debuginfo-3.10.0-862.11.6.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-13215 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF https://access.redhat.com/articles/3527791 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3MjONzjgjWX9erEAQioYA/9Ge//K50oCrGaDEMuI2PHYLcztiZt9meh C578LP6sC/HT17VAbV8C+Tvy9QBCU80t4mGU4GOPu8Q5HzZQv45n0NtdRTGCC+yb A1bFcf0vhXIALNsuDEZN9g5SwUBapxkRoh43R+E7ITCQWp0XIPaSjYgGNqpTTuD/ lxRCzc10HhxW+pUY+ERFcK6c0poc14FtSqM3GqZe10FhkykdIlmngFjkthjzefXO dUkYDy53G+iAdTrVFI03h3Wt+UBMmNwKtu8ydqtAxZ0zDZIP5ijASOtM4mlf77ec VsNn7OWythkpTcpa+Sh5+dk6DK+lU2vziVsEocYNpzB+T/aHC9n/+I8ibfp3B4DC k4lYqZJQDFR2jVABjkOVS9dWFlOYKFmU2JBwsqdRvt3rgVFXEH3n5OQydHGFskmP NFwDbRAFlwo3zjd9KuiQzdFTOensc35+eSHykY8nxY2hGMH5gGccShFL4C7N2mtx s8JnzA/Zj00VHMg8qIHGfQ7RSd/xyEJ5vn87WZcTshTNli6x1/0VnzpTKG85Ga+K S2EJDXFP9LqCT98TL1RDJmCTtfDjU3I/gbgu5xFaofQZfV48qAUomUQ2E+MhQAOX eBr/OvlfFP8HEwVEJBDtXKxxs1LgmjTSqOtfP8AvS5zI9/Y6o56i0d7Ng1CcaGKP lZgWJhC3Yik=i4St -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. Harmonic NSG 9000 The device contains an information disclosure vulnerability.Information may be obtained

Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. Harmonic NSG 9000 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Harmonic NSG 9000 is a general-purpose edge QAM modulator device produced by Harmonic Corporation of the United States. A security vulnerability exists in the Harmonic NSG 9000. A remote attacker could exploit this vulnerability to perform directory traversal attacks

Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. Harmonic NSG 9000 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NSG ™ 9000-6G high-density universal edgeQAM system is a highly integrated digital video solution for multiplexing on-demand video content over IP networks. NSG 9000-6G has a weak password vulnerability. An attacker can use this vulnerability to log in to a website and obtain sensitive information on the website. Harmonic NSG 9000 is a general-purpose edge QAM modulator device produced by Harmonic Corporation of the United States. An attacker could exploit this vulnerability to gain access to the device

Tenda D152 ADSL routers allow XSS via a crafted SSID. Tenda D152 ADSL The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. There is a security hole in Tenda D152 ADSL. Remote attackers can use the specially crafted SSID to exploit this vulnerability to inject arbitrary Web scripts or HTML

Wenzhou Dongkun Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production, Internet of Things, and wireless communication products and technologies for home LANs. R & D. Wenzhou Dongkun Technology Co., Ltd. panel wireless router OOK-AP121 has an unauthorized access vulnerability. An attacker can use the vulnerability to execute arbitrary commands with root privileges.

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. NUUO NVRmini Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. NUUO NVRmini is a video storage management device produced by American NUUO company. There is a security vulnerability in the upgrade_handle.php file in NUUO NVRmini

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. 3CX is an IP phone device from 3CX Corporation of the United States. The vulnerability stems from a program that failed to handle errors correctly in stack trace. An attacker could exploit the vulnerability to reveal information about the server

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. 3CX Web server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. 3CX Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. SonicWall Global Management System (GMS) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall Global Management System (GMS) is a global management system. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A security vulnerability exists in SonicWall GMS due to the program's failure to validate user-submitted parameters for XML-RPC calls. A remote attacker could exploit this vulnerability to execute arbitrary code

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition. IDPA is a disk-based backup and recovery solution. Link to remedies: Registered Dell EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell EMC Product Security Response Center security_alert@emc.com http://www.emc.com/products/security/product-security-response-center.htm -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEazKDH3UU9DEtTDc5dty75+wTzVkFAltkbtEACgkQdty75+wT zVlSnQf/fxxkDXpPGn1XdyIT6siN8ZPj1HGcZv0FqyUw4wMuXBXs4OdnohlZiSmV Q0j4QWsIWaxYWvHMQJzqq7YuEvv9FHRWXwYA2rf3PzleS9fmGPupKL34Vm3O6WFu UlXkHZE0BWmpL3Zh/9iHMyYKzlgdAPOGsbjUOa6cQGuoZgUXIgKtiTdspbgEKCeF ++fuXupNPmH1pnwiXLjGNpjqXOtMS7qxKZBJ0XCX58x2SFr1qkvw5JGd/kJYrVwB O5xxPWLDZgzvAcijHGToNJ1+WiBRbYNXI1/mAlLjxIPxQCk0R675stl75f9HfElH KBidkYD/PxIKweHKlwLUil74NAkiRA== =xhE9 -----END PGP SIGNATURE-----

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system