VARIoT IoT vulnerabilities database

A remote attacker via undisclosed measures, may be able to exploit an F5 BIG-IP APM 13.0.0-13.1.0.7 or 12.1.0-12.1.3.5 virtual server configured with an APM per-request policy object and cause a memory leak in the APM module. F5 BIG-IP APM Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5 BIG-IP APM is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. F5 BIG-IP Access Policy Manager (APM) is a set of access and security solutions from F5 Corporation of the United States. The solution provides unified access to business-critical applications and networks. The following versions are affected: F5 BIG-IP Access Policy Manager version 13.0.0 to version 13.1.0.7, version 12.1.0 to version 12.1.3.5

ASUS HG100 devices with firmware before 1.05.12 allow unauthenticated access, leading to remote command execution. ASUS HG100 The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. ASUSHG100 is a home intelligence monitoring device from ASUS. A command execution vulnerability exists in ASUSHG100 using firmware prior to 1.05.12. A remote attacker can exploit the vulnerability to execute commands

SEL AcSELerator Architect version 2.2.24.0 and prior can be exploited when the AcSELerator Architect FTP client connects to a malicious FTP server, which may cause denial of service via 100% CPU utilization. Restart of the application is required. SEL AcSELerator Architect Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. SEL AcSELerator Architect is a system used by Schweitzer Engineering Laboratories (SEL) to communicate with, configure and manage substations

SEL Compass version 3.0.5.1 and prior allows all users full access to the SEL Compass directory, which may allow modification or overwriting of files within the Compass installation folder, resulting in escalation of privilege and/or malicious code execution. SEL Compass Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SEL Compass is an application for managing and updating SEL products from Schweitzer Engineering Laboratories (SEL), USA. A privilege elevation vulnerability exists in SEL Compass 3.0.5.1 and earlier. The vulnerability stems from a program failing to properly set access rights

SEL AcSELerator Architect version 2.2.24.0 and prior allows unsanitized input to be passed to the XML parser, which may allow disclosure and retrieval of arbitrary data, arbitrary code execution (in certain situations on specific platforms), and denial of service attacks. SEL AcSELerator Architect In XML An external entity vulnerability exists.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SEL AcSELerator Architect is a system used by Schweitzer Engineering Laboratories (SEL) to communicate with, configure and manage substations. An injection injection vulnerability exists in SEL AcSELerator Architect 2.2.24.0 and earlier. In some cases on a particular platform) and cause a denial of service

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware updates by unsecure FTP. Echelon SmartServer and i.LON Contains a cryptographic vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. EchelonSmartServer1 and other products are products of Echelon Corporation of the United States. The EchelonSmartServer1 is a versatile controller that supports building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products that originated in the program transmitting sensitive information in clear text. An attacker could exploit the vulnerability to replace legacy files and modules with malicious firmware binaries and modules and execute code on the system

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can bypass the required authentication specified in the security configuration file by including extra characters in the directory name when specifying the directory to be accessed. This vulnerability does not affect the i.LON 600 product. Echelon SmartServer and i.LON Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. An attacker can use the SOAP API to retrieve and change sensitive configuration items such as the usernames and passwords for the Web and FTP servers. This vulnerability does not affect the i.LON 600 product. plural Echelon SmartServer and i.LON The product contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. EchelonSmartServer1, SmartServer2 and i.LON100 are products of Echelon Corporation of the United States. EchelonSmartServer1 and SmartServer2 are multi-function controllers that support building automation control and enterprise energy management. i.LON100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in EchelonSmartServer1, SmartServer versions prior to 24.11.007, and i.LON100

Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices store passwords in plaintext, which may allow an attacker with access to the configuration file to log into the SmartServer web user interface. Echelon SmartServer and i.LON Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Echelon SmartServer 1 and so on are products of Echelon Corporation of the United States. The Echelon SmartServer 1 is a versatile controller that supports building automation control and enterprise energy management. The i.LON 100 is a web server that is primarily used to configure and monitor LonWorks devices. An information disclosure vulnerability exists in several Echelon products

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. Bluetooth is a wireless technology standard that enables short-range data exchange between fixed and mobile devices and personal area networks in buildings. The following systems are affected: macOS prior to 10.13; macOS High Sierra prior to 11.4; iOS prior to 11.4; Android prior to Patch 2018-06-05. Alternatively, on your watch, select "My Watch > General > About". CVE-2018-4249: Kevin Backhouse of Semmle Ltd. CVE-2018-4240: Sriram (@Sri_Hxor) of PrimeFort Pvt. CVE-2018-4199: Alex Plaskett, Georgi Geshev, Fabi Beterke, and Nils of MWR Labs working with Trend Micro's Zero Day Initiative WebKit Available for: Apple TV 4K and Apple TV (4th generation) Impact: Visiting a maliciously crafted website may leak sensitive data Description: Credentials were unexpectedly sent when fetching CSS mask images. This was addressed by using a CORS-enabled fetch method. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-9-17-1 iOS 12 iOS 12 is now available and addresses the following: Accounts Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local app may be able to read a persistent account identifier Description: This issue was addressed with improved entitlements. CVE-2018-4322: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc. Bluetooth Available for: iPhone SE, iPhone 6s, iPhone 6s Plus, iPhone 7, iPhone 7 Plus, iPad Mini 4, 12.9-inch iPad Pro 1st generation, 12.9-inch iPad Pro 2nd generation, 10.5-inch iPad Pro, 9.7-inch iPad Pro, iPad 5th generation, and iPod Touch 6th generation Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham Core Bluetooth Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4330: Apple CoreMedia Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An app may be able to learn information about the current camera view before being granted camera access Description: A permissions issue existed. This issue was addressed with improved permission validation. CVE-2018-4356: an anonymous researcher IOMobileFrameBuffer Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4335: Brandon Azad iTunes Store Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker in a privileged network position may be able to spoof password prompts in the iTunes Store Description: An input validation issue was addressed with improved input validation. CVE-2018-4305: Jerry Decime Kernel Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: An input validation issue existed in the kernel. This issue was addressed with improved input validation. CVE-2018-4363: Ian Beer of Google Project Zero Messages Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted messages Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of message deletions. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Notes Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover a user's deleted notes Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of notes deletions. CVE-2018-4352: an anonymous researcher Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be able to discover websites a user has visited Description: A consistency issue existed in the handling of application snapshots. The issue was addressed with improved handling of application snapshots. CVE-2018-4313: 11 anonymous researchers, David Scott, Enes Mert Ulu of Abdullah MA1/4rAide AzA1/4nenek Anadolu Lisesi - Ankara/TA1/4rkiye, Mehmet Ferit DaAtan of Van YA1/4zA1/4ncA1/4 YA+-l University, Metin Altug Karakaya of Kaliptus Medical Organization, Vinodh Swami of Western Governor's University (WGU) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A user may be unable to delete browsing history items Description: Clearing a history item may not clear visits with redirect chains. The issue was addressed with improved data deletion. CVE-2018-4329: Hugo S. Diaz (coldpointblue) Safari Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A malicious website may be able to exfiltrate autofilled data in Safari Description: A logic issue was addressed with improved state management. CVE-2018-4307: Rafay Baloch of Pakistan Telecommunications Authority SafariViewController Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: Visiting a malicious website may lead to address bar spoofing Description: An inconsistent user interface issue was addressed with improved state management. CVE-2018-4362: Jun Kokatsu (@shhnjk) Security Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm Description: This issue was addressed by removing RC4. CVE-2016-1777: Pepi Zawodsky Status Bar Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A person with physical access to an iOS device may be able to determine the last used app from the lock screen Description: A logic issue was addressed with improved restrictions. CVE-2018-4325: Brian Adeloye Wi-Fi Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2018-4338: Lee @ SECLAB, Yonsei University working with Trend Micro's Zero Day Initiative Installation note: This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About. The version after applying this update will be "iOS 12". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAluf5GIACgkQeC9tht7T K3G2mg//QBqaVSeHLeqL489OJmSvBtudWIDY1GhHJ5Xc8ox3ILDNLVZeBU+DIpqr Fb/slmBKhNM69CPf2fGC/Af2h3ZbUYVoANoyWfH+A/PYzFV726w5WHaq4QZndauO urHsrE/lH8CvDFS6lzp0OdGV5hVIGQ3hoYiF0lYmIdzCDQYwvFp+pn2I3b37Io8K 5/cjRiYp+uq2NAKLm6hx8yq0NtYAQyQTsk6ZAsGlilmydLJDGnaeJE80wk7EBd8f rkdtqzs5B5ohHVYLcoGgMUrE7qyLpqwXjkfIJO8bkk1IqlbMwjmhOJVRPaHWtj5Y 8Ouc2ebMfpFimk9+ODBUYMCsQJgQw8P6pW3gfSpiheIOPc65KzoaAdg+nOfmPwJK LR9CDMJauwYHf1I2RrMzDBflV1HIPurYciHBZKn6IH4f3KNIu5PGNTnHFgln6MxT D11WXuxNfvc2B1hRIRHXD2OB1+rh5Q+tkb+AEauHzIFWgl7otx6EZhiu7W8Mxa22 k6s/Fo1UZI1GbnNjU9ugEumxH8w0WQNQZOOH3FI07aA7F2FVcTVXL4uaIoHzZR0N ZmC/RvsQNGmw8L+DRWedEHda/rieAgMHkJxrjF0Day9PqY50YL7F+7qaw2J6Tmpo r5jDothh/1TQbkE5G8oOaT3Y3iOtDcMqh0T7jRxIP7awQMKce9M= =1Ld6 -----END PGP SIGNATURE----- . (CVE-2019-10126) Andrei Vlad Lutas and Dan Lutas discovered that some x86 processors incorrectly handle SWAPGS instructions during speculative execution. ========================================================================= Ubuntu Security Notice USN-4118-1 September 02, 2019 linux-aws vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-aws-hwe: Linux kernel for Amazon Web Services (AWS-HWE) systems Details: It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053) Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093) Wen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616) Wen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613) Wen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617) Vasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862) Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985) Hui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169) Zhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784) It was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. An attacker could use this to expose sensitive information. (CVE-2018-5383) It was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136) It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) Amit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638) Amit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639) Adam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11085) It was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487) Jann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599) It was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810) It was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11815) It was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833) It was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11884) It was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818) It was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819) It was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984) Jann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233) Jann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283) It was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284) Tuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) It was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292) It was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024) It was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101) It was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846) Jason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information. (CVE-2018-20511) It was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) Muyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701) Vladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49 linux-image-aws 4.15.0.1047.46 Ubuntu 16.04 LTS: linux-image-4.15.0-1047-aws 4.15.0-1047.49~16.04.1 linux-image-aws-hwe 4.15.0.1047.47 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4118-1 CVE-2018-13053, CVE-2018-13093, CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616, CVE-2018-14617, CVE-2018-16862, CVE-2018-19985, CVE-2018-20169, CVE-2018-20511, CVE-2018-20784, CVE-2018-20856, CVE-2018-5383, CVE-2019-0136, CVE-2019-10126, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-11085, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-11815, CVE-2019-11833, CVE-2019-11884, CVE-2019-12818, CVE-2019-12819, CVE-2019-12984, CVE-2019-13233, CVE-2019-13272, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-2024, CVE-2019-2101, CVE-2019-3701, CVE-2019-3819, CVE-2019-3846, CVE-2019-3900, CVE-2019-9506 Package Information: https://launchpad.net/ubuntu/+source/linux-aws/4.15.0-1047.49 https://launchpad.net/ubuntu/+source/linux-aws-hwe/4.15.0-1047.49~16.04.1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: linux-firmware security, bug fix, and enhancement update Advisory ID: RHSA-2019:2169-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2169 Issue date: 2019-08-06 CVE Names: CVE-2018-5383 ==================================================================== 1. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: Red Hat Enterprise Linux Client (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: linux-firmware-20190429-72.gitddde598.el7.src.rpm noarch: iwl100-firmware-39.31.5.1-72.el7.noarch.rpm iwl1000-firmware-39.31.5.1-72.el7.noarch.rpm iwl105-firmware-18.168.6.1-72.el7.noarch.rpm iwl135-firmware-18.168.6.1-72.el7.noarch.rpm iwl2000-firmware-18.168.6.1-72.el7.noarch.rpm iwl2030-firmware-18.168.6.1-72.el7.noarch.rpm iwl3160-firmware-22.0.7.0-72.el7.noarch.rpm iwl3945-firmware-15.32.2.9-72.el7.noarch.rpm iwl4965-firmware-228.61.2.24-72.el7.noarch.rpm iwl5000-firmware-8.83.5.1_1-72.el7.noarch.rpm iwl5150-firmware-8.24.2.2-72.el7.noarch.rpm iwl6000-firmware-9.221.4.1-72.el7.noarch.rpm iwl6000g2a-firmware-17.168.5.3-72.el7.noarch.rpm iwl6000g2b-firmware-17.168.5.2-72.el7.noarch.rpm iwl6050-firmware-41.28.5.1-72.el7.noarch.rpm iwl7260-firmware-22.0.7.0-72.el7.noarch.rpm iwl7265-firmware-22.0.7.0-72.el7.noarch.rpm linux-firmware-20190429-72.gitddde598.el7.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-7-23-1 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. CVE-2018-4283: @panicaII working with Trend Micro's Zero Day Initiative Kernel Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: Systems using IntelA(r) Core-based microprocessors may potentially allow a local process to infer data utilizing Lazy FP state restore from another process through a speculative execution side channel Description: Lazy FP state restore instead of eager save and restore of the state upon a context switch. Lazy restored states are potentially vulnerable to exploits where one process may infer register values of other processes through a speculative execution side channel that infers their value. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Additional recognition Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance

Tenda AC7 through V15.03.06.44_CN, AC9 through V15.03.05.19(6318)_CN, and AC10 through V15.03.06.23_CN devices have a Stack-based Buffer Overflow via a long limitSpeed or limitSpeedup parameter to an unspecified /goform URI. Tenda AC7 , AC9 ,and AC10 Contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. TendaAC7, AC9 and AC10 are all wireless router products from Tenda. A buffer overflow vulnerability exists in TendaAC715.03.06.44_CN and previous versions, AC915.03.05.19 (6318)_CN and previous versions, and AC1015.03.06.23_CN and earlier. An attacker could exploit the vulnerability with a longer \342\200\230limitSpeed\342\200\231 or \342\200\230limitSpeedup\342\200\231 parameter to cause a denial of service

Huawei mobile phones with versions earlier before Emily-AL00A 8.1.0.153(C00) have an authentication bypass vulnerability. An attacker could trick the user to connect to a malicious device. In the debug mode, the malicious software in the device may exploit the vulnerability to bypass some specific function. Successful exploit may cause some malicious applications to be installed in the mobile phones. Emily-AL00A Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. HuaweiEmily-AL00A is a smartphone device from China's Huawei company. The following products and versions are affected: Huawei Anne-AL00 before 9.1.0.122 (C00E120R1P7T8); Honor Play 7A before 8.0.0.213 (C00); Atomu-L03 before 8.0.0.159 (C605CUSTC605D1); Atomu-L11 8.0. 0.149(C782CUSTC782D1) previous version; Atomu-L21 8.0.0.153(C432CUSTC432D1) previous version; Atomu-L23 8.0.0.162(C605CUSTC605D1) previous version; Atomu-L29A 8.0.0.149(C432CUSTC432D1) previous version, 8.0.0.149(C461CUSTC461D1) Before Version, version before 8.0.0.150(C185CUSTC185D1), version before 8.0.0.165(C636CUSTC636D1); version before Atomu-L41 8.0.0.151(C461CUSTC461D1); version before Atomu-L42 8.0.0.153(C636CUSTC636D1-1.0.8.10Berkeley); Version before (C01E181R1P14T8); Version before Delhi-L42 Version before Delhi-L42C185B123, Version before Delhi-L42C432B136; Version before Duke-L09 Version Duke-L09C10B187, Version Duke-L09C432B189, Version Duke-L09C636B189; Figo-L03 8.0.0.137 (C605) version; Figo-L11 8.0.0.135 (C432) version, 9.1.0

Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352). Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. A remote attacker can use this vulnerability to hijack the administrator's identity through a malicious page and perform unauthorized operations

IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142967. Vendors have confirmed this vulnerability IBM X-Force ID: 142967 It is released as.Information may be obtained and information may be altered. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The software supports secure integration of complex B2B processes with diverse partner communities

IBM Sterling File Gateway 2.2.0 through 2.2.6 could allow a remote attacker to download certain files that could contain sensitive information. IBM X-Force ID: 138434. Vendors have confirmed this vulnerability IBM X-Force ID: 138434 It is released as.Information may be obtained. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The software consolidates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet

Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. NA-VIEW has a memory corruption vulnerability. The vulnerability is caused by NA-VIEW's failure to determine whether the return value of the GetNext function is legal when analyzing the project. Attackers can exploit vulnerabilities to cause software to crash by constructing illegal data passed into functions

Nanda Aotuo Technology Jiangsu Co., Ltd. focuses on the research and development, production and sales of programmable logic controller PLC. At present, it has formed large and medium-sized PLC products, supplemented by small PLC products, remote measurement and control unit (RTU), touch screen, etc Product structure. NAPro has a memory corruption vulnerability. The vulnerability is due to NAPro's failure to determine whether the return value of the strlen function is legal when parsing the project. Attackers can use vulnerabilities to construct illegal data entry functions, causing software to crash

In some Lenovo ThinkPad products, one BIOS region is not properly included in the checks, allowing injection of arbitrary code. E42-80 firmware, e42-80 isk firmware, e52-80 firmware etc. Lenovo The product contains an injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Bootgaurd is prone to a local security-bypass vulnerability. Successful exploits will allow local attackers to bypass certain security restrictions. Other attacks are also possible

On F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.0-11.6.3.1, or 11.2.1-11.5.6 a domain name cached within the DNS Cache of TMM may continue to be resolved by the cache even after the parent server revokes the record, if the DNS Cache is receiving a stream of requests for the cached name. plural F5 BIG-IP The product contains vulnerabilities related to security functions.Information may be tampered with. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. A security vulnerability exists in the F5 BIG-IP. A remote attacker could exploit this vulnerability to cause DNS cache data to persist on the target system. The following versions are affected: F5 BIG-IP version 13.0.0, version 12.1.0 to version 12.1.2, version 11.6.0 to version 11.6.3.1, version 11.2.1 to version 11.5.6

On F5 BIG-IP 14.0.0, 13.0.0-13.1.0, 12.1.0-12.1.3, or 11.5.1-11.6.3 specifically crafted HTTP responses, when processed by a Virtual Server with an associated QoE profile that has Video enabled, may cause TMM to incorrectly buffer response data causing the TMM to restart resulting in a Denial of Service. plural F5 BIG-IP The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. F5BIG-IP is an all-in-one network device that integrates network traffic management, application security management, load balancing and other functions. A denial of service vulnerability exists in F5BIG-IP version 13.0.0 through 13.1.0, 12.1.0 through 12.1.3, and 11.2.1 through 11.6.3. The vulnerability stems from a configuration file associated with QoE. Security vulnerabilities exist in F5 BIG-IP versions 13.0.0 to 13.1.0, 12.1.0 to 12.1.3, and 11.2.1 to 11.6.3