VARIoT IoT vulnerabilities database

HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version

A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. Through an integrated remote management port, Monitor and maintain the running status of the server, remotely manage and control the server, etc. An attacker could exploit this vulnerability to execute code

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. Linux Kernel is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Linux kernel 4.9 and later are vulnerable. 7) - aarch64, noarch, ppc64le 3. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-5391) Space precludes documenting all of the security fixes in this advisory. 1623067 - CVE-2018-9363 kernel: Buffer overflow in hidp_process_report 1629636 - CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2776-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2776 Issue date: 2018-09-25 CVE Names: CVE-2018-5390 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64 3. Security Fix(es): * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting this issue. Bug Fix(es): * Previously, making the total buffer size bigger than the memory size for early allocation through the trace_buf_size boot option, made the system become unresponsive at the boot stage. This update introduces a change in the early memory allocation. As a result, the system no longer hangs in the above described scenario. (BZ#1588365) * When inserting objects with the same keys, made the rhlist implementation corrupt the chain pointers. As a consequence, elements were missing on removal and traversal. This patch updates the chain pointers correctly. As a result, there are no missing elements on removal and traversal in the above-described scenario. (BZ#1601008) * Previously, the kernel source code was missing support to report the Speculative Store Bypass Disable (SSBD) vulnerability status on IBM Power Systems and the little-endian variants of IBM Power Systems. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file incorrectly reported "Not affected" on both CPU architectures. This fix updates the kernel source code to properly report the SSBD status either as "Vulnerable" or "Mitigation: Kernel entry/exit barrier (TYPE)" where TYPE is one of "eieio", "hwsync", "fallback", or "unknown". (BZ#1612352) * Previously, the early microcode updater in the kernel was trying to perform a microcode update on virtualized guests. As a consequence, the virtualized guests sometimes mishandled the request to perform the microcode update and became unresponsive in the early boot stage. This update applies an upstream patch to avoid the early microcode update when running under a hypervisor. As a result, no kernel freezes appear in the described scenario. (BZ#1618389) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1601704 - CVE-2018-5390 kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack) 6. Package List: Red Hat Enterprise Linux ComputeNode EUS (v. 7.4): Source: kernel-3.10.0-693.39.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm kernel-doc-3.10.0-693.39.1.el7.noarch.rpm x86_64: kernel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm perf-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4): x86_64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux Server EUS (v. 7.4): Source: kernel-3.10.0-693.39.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-693.39.1.el7.noarch.rpm kernel-doc-3.10.0-693.39.1.el7.noarch.rpm ppc64: kernel-3.10.0-693.39.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm kernel-devel-3.10.0-693.39.1.el7.ppc64.rpm kernel-headers-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.ppc64.rpm perf-3.10.0-693.39.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm python-perf-3.10.0-693.39.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm ppc64le: kernel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm kernel-devel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-headers-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.39.1.el7.ppc64le.rpm perf-3.10.0-693.39.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm s390x: kernel-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-debug-devel-3.10.0-693.39.1.el7.s390x.rpm kernel-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.39.1.el7.s390x.rpm kernel-devel-3.10.0-693.39.1.el7.s390x.rpm kernel-headers-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.39.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.39.1.el7.s390x.rpm perf-3.10.0-693.39.1.el7.s390x.rpm perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm python-perf-3.10.0-693.39.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.s390x.rpm x86_64: kernel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-devel-3.10.0-693.39.1.el7.x86_64.rpm kernel-headers-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.39.1.el7.x86_64.rpm perf-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional EUS (v. 7.4): ppc64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64.rpm ppc64le: kernel-debug-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.ppc64le.rpm x86_64: kernel-debug-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.39.1.el7.x86_64.rpm perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.39.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-5390 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW6qe0NzjgjWX9erEAQifnQ//Yjt7BtzIu5kCLW7RctFFx62Ny8fJUuZ0 sLah6bMbzFmLPMvHLyrOY7W532MtFMuObhzumKzSlprP0eGYNmlz9XAxTrYD63bQ RRBHqyT0cjFYxRrtJx4S7oriE3x2jRmrcRFlmlN8Bl18XO+fieihrOH547AmXlrl eb/n0g//94pEfXiIbh9UWOqCw5jWTpk0R46Tl/i+ky4SrysGDDd1SzWP8+hnE+ps BSDZD6ubYM2T7qunnYZ0Ci7LbfMxFNtLedZvG9dO8Ywlqfif5RNNFXfXp7WvYRzb RBzcrSX+FdtY/XCn7ov3WkH32kadtx2Q7vvrA/eLdwYt+6BaGKMmU7yc+zOIsZpA 2uJUO7AYm3p9J4SW4hpxmuw3er4g+bSHGuXg8Nz6kWVyWrMzILAXQYDUDwI66rTy EZXbRaOJCFY3+vYSHKAcZRHnroSOsIq/EotegjqFN4fcSVMSNNlOeoRop7pr3kQq eWlpbaDcWiE7CA5camN4aO0doj25vIdIyT4E8B+QBP7AC5FcF94CpQkyb2htut5o 0usFXhzZSze2MxeECwIf74/1QrF+kcgcLbwBJw/k0COoJ0qLTnEOsAjMJNNR4+0N JrZ2SQAwYs/QbIGVJTGvyfVhNYnnr+EW5/nrBiZU6DokA3q6rEI/Tg4Q8OIx0wwX j4HjKybGYpU:wj -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 6.5) - x86_64 3. Bug Fix(es): * Previously, invalid headers in the sk_buff struct led to an indefinite loop in the tcp_collapse() function. (BZ#1619630) * After updating the system to prevent the L1 Terminal Fault (L1TF) vulnerability, only one thread was detected on systems that offer processing of two threads on a single processor core. With this update, the "__max_smt_threads()" function has been fixed. (BZ#1625333) * Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF) mitigation state on systems without Extended Page Tables (EPT) support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. (BZ#1629632) 4. ========================================================================= Ubuntu Security Notice USN-3741-2 August 14, 2018 linux-lts-xenial, linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker in a guest virtual machine could use this to expose sensitive information (memory from other guests or the host OS). (CVE-2018-3646) It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault (L1TF). A local attacker could use this to expose sensitive information (memory from the kernel or other processes). (CVE-2018-5391) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.4.0-1027-aws 4.4.0-1027.30 linux-image-4.4.0-133-generic 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-generic-lpae 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-lowlatency 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-e500mc 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc-smp 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-emb 4.4.0-133.159~14.04.1 linux-image-4.4.0-133-powerpc64-smp 4.4.0-133.159~14.04.1 linux-image-aws 4.4.0.1027.27 linux-image-generic-lpae-lts-xenial 4.4.0.133.113 linux-image-generic-lts-xenial 4.4.0.133.113 linux-image-lowlatency-lts-xenial 4.4.0.133.113 linux-image-powerpc-e500mc-lts-xenial 4.4.0.133.113 linux-image-powerpc-smp-lts-xenial 4.4.0.133.113 linux-image-powerpc64-emb-lts-xenial 4.4.0.133.113 linux-image-powerpc64-smp-lts-xenial 4.4.0.133.113 Please note that the recommended mitigation for CVE-2018-3646 involves updating processor microcode in addition to updating the kernel; however, the kernel includes a fallback for processors that have not received microcode updates. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. (CVE-2018-5391) * kernel: mm: use-after-free in do_get_mempolicy function allows local DoS or other unspecified impact (CVE-2018-10675) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Consequently, the node was not available. This update fixes an irq latency source in memory compaction. As a consequence, the VMs sometimes became unresponsive when booting. (BZ#1618388) 4

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. Harmonic NSG 9000 The device contains an information disclosure vulnerability.Information may be obtained

Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by "POST /PY/EMULATION_GET_FILE" or "POST /PY/EMULATION_EXPORT" with FileName=../../../passwd in the POST data. Harmonic NSG 9000 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Harmonic NSG 9000 is a general-purpose edge QAM modulator device produced by Harmonic Corporation of the United States. A security vulnerability exists in the Harmonic NSG 9000. A remote attacker could exploit this vulnerability to perform directory traversal attacks

Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. Harmonic NSG 9000 The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The NSG ™ 9000-6G high-density universal edgeQAM system is a highly integrated digital video solution for multiplexing on-demand video content over IP networks. NSG 9000-6G has a weak password vulnerability. An attacker can use this vulnerability to log in to a website and obtain sensitive information on the website. Harmonic NSG 9000 is a general-purpose edge QAM modulator device produced by Harmonic Corporation of the United States. An attacker could exploit this vulnerability to gain access to the device

Tenda D152 ADSL routers allow XSS via a crafted SSID. Tenda D152 ADSL The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. There is a security hole in Tenda D152 ADSL. Remote attackers can use the specially crafted SSID to exploit this vulnerability to inject arbitrary Web scripts or HTML

Wenzhou Dongkun Technology Co., Ltd. is a high-tech enterprise integrating design, research and development, production, Internet of Things, and wireless communication products and technologies for home LANs. R & D. Wenzhou Dongkun Technology Co., Ltd. panel wireless router OOK-AP121 has an unauthorized access vulnerability. An attacker can use the vulnerability to execute arbitrary commands with root privileges.

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. NUUO NVRmini Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NUUO NVRmini Products are prone to an remote command-injection vulnerability. An attacker may exploit this issue to inject and execute arbitrary commands within the context of the affected application; this may aid in further attacks. NUUO NVRmini is a video storage management device produced by American NUUO company. There is a security vulnerability in the upgrade_handle.php file in NUUO NVRmini

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname. 3CX is an IP phone device from 3CX Corporation of the United States. The vulnerability stems from a program that failed to handle errors correctly in stack trace. An attacker could exploit the vulnerability to reveal information about the server

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter. 3CX Web server Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters. 3CX Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. 3CX is an IP phone device from 3CX Corporation of the United States. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. SonicWall Global Management System (GMS) Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SonicWall Global Management System (GMS) is a global management system. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A security vulnerability exists in SonicWall GMS due to the program's failure to validate user-submitted parameters for XML-RPC calls. A remote attacker could exploit this vulnerability to execute arbitrary code

Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. Attackers can exploit this issue to gain access to sensitive information or cause denial-of-service condition. IDPA is a disk-based backup and recovery solution. Link to remedies: Registered Dell EMC Online Support customers can download the required patch from support.emc.com at https://support.emc.com/downloads/829_Data-Protection-Advisor Severity Rating For an explanation of Severity Ratings, refer to Dell EMC Knowledgebase article 468307 (https://support.emc.com/kb/468307). Dell EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. Legal Information Read and use the information in this Dell EMC Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact Dell EMC Technical Support (https://support.emc.com/servicecenter/contactEMC/). Dell EMC distributes Dell EMC Security Advisories, in order to bring to the attention of users of the affected Dell EMC products, important security information. Dell EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. Dell EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall Dell EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of bus iness profits or special damages, even if Dell EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell EMC Product Security Response Center security_alert@emc.com http://www.emc.com/products/security/product-security-response-center.htm -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEazKDH3UU9DEtTDc5dty75+wTzVkFAltkbtEACgkQdty75+wT zVlSnQf/fxxkDXpPGn1XdyIT6siN8ZPj1HGcZv0FqyUw4wMuXBXs4OdnohlZiSmV Q0j4QWsIWaxYWvHMQJzqq7YuEvv9FHRWXwYA2rf3PzleS9fmGPupKL34Vm3O6WFu UlXkHZE0BWmpL3Zh/9iHMyYKzlgdAPOGsbjUOa6cQGuoZgUXIgKtiTdspbgEKCeF ++fuXupNPmH1pnwiXLjGNpjqXOtMS7qxKZBJ0XCX58x2SFr1qkvw5JGd/kJYrVwB O5xxPWLDZgzvAcijHGToNJ1+WiBRbYNXI1/mAlLjxIPxQCk0R675stl75f9HfElH KBidkYD/PxIKweHKlwLUil74NAkiRA== =xhE9 -----END PGP SIGNATURE-----

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. MikroTik RouterOS Contains an authentication vulnerability.Information may be obtained. MikroTik RouterOS is prone to a authentication-bypass vulnerability. An attacker can exploit this issue to bypass authentication mechanism and perform unauthorized actions. This may lead to further attacks. MikroTik RouterOS version 6.42 and prior versions are vulnerable. MikroTik RouterOS is a routing operating system. Winbox for MikroTik RouterOS is an application for managing MikroTik RouterOS system

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going to be installed and thus allows for flashing any signed firmware into any MCU. Since the device contains different and incompatible MCUs, flashing one firmware to the wrong MCU will result in a permanent brick condition. To trigger this vulnerability, an attacker needs to impersonate the remote server "cache.insteon.com" and serve a signed firmware image. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01e7d4 the value for the s_vol key is copied using strcpy to the buffer at 0xa0001700. This buffer is maximum 12 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. Insteon Hub The firmware contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. A buffer overflow vulnerability exists in InsteonHub using version 1012 firmware. Insteon Hub is an Insteon central controller product of Insteon Company in the United States

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c224 the value for the s_vol_play key is copied using strcpy to the buffer at 0xa0000418. This buffer is maximum 8 bytes large (this is the maximum size it could be, it is possible other global variables are stored between this variable and the next one that we could identify), sending anything longer will cause a buffer overflow. Insteon Hub Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. InsteonHub is an Insteon central controller from Insteon, USA. This product can remotely control light bulbs, wall switches, air conditioners, etc. in the home. A buffer overflow vulnerability exists in InsteonHub using version 1012 firmware. Insteon Hub is an Insteon central controller product of Insteon Company in the United States