VARIoT IoT vulnerabilities database

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. procps-ng Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Procps-ng Procps is prone to the following security vulnerabilities: 1. A local security-bypass vulnerability 2. A local privilege-escalation vulnerability 3. A local denial-of-service vulnerability 4. Multiple local integer-overflow vulnerabilities 5. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: procps: Multiple vulnerabilities Date: May 30, 2018 Bugs: #656022 ID: 201805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in procps, the worst of which could result in the execution of arbitrary code. Background ========== A bunch of small useful utilities that give information about processes using the /proc filesystem. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-process/procps < 3.3.15-r1 >= 3.3.15-r1 Description =========== Multiple vulnerabilities have been discovered in procps. Please review the CVE identifiers referenced below for details. Impact ====== A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All procps users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-process/procps-3.3.15-r1" References ========== [ 1 ] CVE-2018-1120 https://nvd.nist.gov/vuln/detail/CVE-2018-1120 [ 2 ] CVE-2018-1121 https://nvd.nist.gov/vuln/detail/CVE-2018-1121 [ 3 ] CVE-2018-1122 https://nvd.nist.gov/vuln/detail/CVE-2018-1122 [ 4 ] CVE-2018-1123 https://nvd.nist.gov/vuln/detail/CVE-2018-1123 [ 5 ] CVE-2018-1124 https://nvd.nist.gov/vuln/detail/CVE-2018-1124 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. Delta Electronics Automation TPEditor Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Delta Industrial Automation TPEditor is a programming software for Delta Electronics' Delta Text Panel running on Windows. Failed attempts will likely result in denial-of-service conditions

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable. plural GE The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. PACSystems RX3i CPE305/310, RX3i CPE330, RX3i CPE 400 are all GE programmable programmable controller products. GE PACSystems are prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause the device to reboot and change its state, denying service to legitimate users. GE PACSystems RX3i CPE305, etc. A security vulnerability exists in several GE products due to the program not properly validating input

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 allow reading the configuration file by an unauthenticated user. plural Phoenix Contact FL SWITCH The product contains an information disclosure vulnerability.Information may be obtained. PhoenixContact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications such as communications, critical manufacturing and information technology. PhoenixContactmanagedFLSWITCH has an information disclosure vulnerability that allows unauthenticated attackers to read the device's profile content. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728). plural Phoenix Contact FL SWITCH The product contains a buffer error vulnerability. This vulnerability CVE-2018-10728 Is a different vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PHOENIXCONTACTFLSWITCH3xxx, 4xxx and 48xxxSeries are all different series of switch devices from the Phoenix Contact group in Germany. A stack buffer overflow vulnerability exists in PHOENIXCONTACTFLSWITCH3xxx, 4xxx, and 48xxxSeries products using firmware versions 1.0 through 1.32. A remote attacker could exploit the vulnerability to gain unauthorized access to the switch operating system files and to inject executable code into the operating system. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to OS command injection. PhoenixContact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications such as communications, critical manufacturing and information technology. PhoenixContactmanagedFLSWITCH has a command injection vulnerability. If the configuration file can be transferred to the switch or transferred from the switch, the attacker can upgrade the firmware to execute any OSshell command. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows (a different vulnerability than CVE-2018-10731). plural Phoenix Contact FL SWITCH The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhoenixContact is a German provider of industrial automation, connectivity and interface solutions for critical infrastructure applications such as communications, critical manufacturing and information technology. PhoenixContactmanagedFLSWITCH has a buffer overflow vulnerability that allows an attacker to insert a specially crafted cookie into a GET request to cause a buffer overflow, thereby triggering a denial of service attack and executing arbitrary code. An OS command-execution vulnerability 2. An information-disclosure vulnerability 3. Multiple stack-based buffer-overflow vulnerabilities Attackers can exploit these issues to execute arbitrary code, execute arbitrary OS commands, obtain sensitive information, and perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest. The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N'Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N'Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI

PrinterOn Enterprise 4.1.3 stores the Active Directory bind credentials using base64 encoding, which allows local users to obtain credentials for a domain user by reading the cps_config.xml file. PrinterOn Contains information disclosure vulnerabilities and certificate / password management vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers. There is an information disclosure vulnerability in PrinterOn Enterprise 4.1.3, which stems from the fact that the program uses base64 encoding to store credentials

PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest. PrinterOn Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. PrinterOn Enterprise is a set of secure cloud printing solutions from PrinterOn Canada. The solution supports printing from laptops, desktops, and mobile devices to connected printers

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. procps-ng Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Procps-ng Procps is prone to the following security vulnerabilities: 1. A local security-bypass vulnerability 2. A local privilege-escalation vulnerability 3. A local denial-of-service vulnerability 4. Multiple local integer-overflow vulnerabilities 5. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors. A security vulnerability exists in the AppFirewall feature in Citrix NetScaler ADC and NetScaler Gateway. A remote attacker could exploit this vulnerability to execute arbitrary code

A Host Header Redirection vulnerability in Fortinet FortiOS all versions below 6.0.5 under SSL VPN web portal allows a remote attacker to potentially poison HTTP cache and subsequently redirect SSL VPN web portal users to arbitrary web domains. Fortinet FortiOS Contains an open redirect vulnerability.Information may be obtained and information may be altered. Fortinet FortiOS is prone to a host header-injection vulnerability because it fails to properly validate an HTTP request header. A successful attack may allow attackers to insert a crafted host header to navigate the victim to the attacker's domain. Versions prior to FortiOS 6.0.5 are vulnerable. Fortinet FortiOS is a set of security operating system dedicated to the FortiGate network security platform developed by Fortinet. The system provides users with various security functions such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam. Attackers can exploit this vulnerability by sending specially crafted HTTP requests to redirect users to their specified websites

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/menuaccess.php chbKey1 parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source free network monitoring tool that can effectively monitor the status of Windows, Linux and Unix hosts, network devices such as switches, routers, printers, etc. Remote attackers can use this vulnerability to execute arbitrary SQL commands

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter. Nagios XI Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Nagios is an open source, free network monitoring tool that effectively monitors host status on Windows, Linux and Unix, network devices such as switch routers, and printers. A SQL injection vulnerability exists in NagiosXI 5.4.12 and earlier versions of the admin/commandline.phpcname parameter, which can be exploited by remote attackers to execute arbitrary SQL commands

A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authentication for the Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the ISE application server to restart unexpectedly, causing a denial of service (DoS) condition on an affected system. The vulnerability is due to incomplete input validation of the client EAP-TLS certificate. An attacker could exploit this vulnerability by initiating EAP authentication over TLS to the ISE with a crafted EAP-TLS certificate. A successful exploit could allow the attacker to restart the ISE application server, resulting in a DoS condition on the affected system. The ISE application could continue to restart while the client attempts to establish the EAP authentication connection. If an attacker attempted to import the same EAP-TLS certificate to the ISE trust store, it could trigger a DoS condition on the affected system. This exploit vector would require the attacker to have valid administrator credentials. The vulnerability affects Cisco ISE, Cisco ISE Express, and Cisco ISE Virtual Appliance. Cisco Bug IDs: CSCve31857. Vendors have confirmed this vulnerability Bug ID CSCve31857 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition; denying service to legitimate users. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. ISE Express is a bundle for use in ISE that provides dynamic client functionality

A vulnerability in the Real-Time Transport Protocol (RTP) bitstream processing of the Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of incoming RTP bitstreams. An attacker could exploit this vulnerability by sending a crafted RTP bitstream to an affected Cisco Meeting Server. A successful exploit could allow the attacker to deny audio and video services by causing media process crashes resulting in a DoS condition on the affected product. This vulnerability affects Cisco Meeting Server deployments that are running Cisco Meeting Server Software Releases 2.0, 2.1, 2.2, and 2.3. Cisco Bug IDs: CSCve79693, CSCvf91393, CSCvg64656, CSCvh30725, CSCvi86363. Vendors have confirmed this vulnerability Bug ID CSCve79693 , CSCvf91393 , CSCvg64656 , CSCvh30725 ,and CSCvi86363 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308. Vendors have confirmed this vulnerability Bug ID CSCvh11308 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The logs component is one of the log components

A vulnerability in the TCP stack of Cisco SocialMiner could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition in the notification system. The vulnerability is due to faulty handling of new TCP connections to the affected application. An attacker could exploit this vulnerability by sending a malicious TCP packet to the vulnerable service. An exploit could allow the attacker to create a DoS condition by interrupting certain phone services. A manual restart of the service may be required to restore full functionalities. Cisco Bug IDs: CSCvh48368. Cisco SocialMiner Contains a resource management vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvh48368 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco SocialMiner is a set of social media call center solutions from Cisco. The solution supports social media monitoring and analysis capabilities

A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743. Vendors have confirmed this vulnerability Bug ID CSCvg86743 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies