VARIoT IoT vulnerabilities database

An issue was discovered in Cloud Media Popcorn A-200 03-05-130708-21-POP-411-000 firmware. It is configured to provide TELNET remote access (without a password) that pops a shell as root. If an attacker can connect to port 23 on the device, he can completely compromise it. Cloud Media Popcorn A-200 The firmware contains a vulnerability related to access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Undocumented Factory Backdoor in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows the vendor to extract confidential information via remote root SSH access. There is a security vulnerability in ECOS SBS version 5.6.5, which is caused by an undocumented vendor backdoor in the program. An attacker could exploit this vulnerability by sending a specially crafted request to extract credential information

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel. Intel Core Systems with microprocessors contain information disclosure vulnerabilities.Information may be obtained. An attacker could exploit this vulnerability to obtain values about other processes stored in a number register. ========================================================================== Ubuntu Security Notice USN-3696-2 July 02, 2018 linux-lts-xenial, linux-aws vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 LTS Summary: Several security issues were fixed in the Linux kernel. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255) Wei Fang discovered an integer overflow in the F2FS filesystem implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18257) It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204) It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10087) It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124) Julian Stecklina and Thomas Prescher discovered that FPU register states (such as MMX, SSE, and AVX registers) which are lazily restored are potentially vulnerable to a side channel attack. A local attacker could use this to expose sensitive information. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5814) It was discovered that an information leak vulnerability existed in the floppy driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-7755) Seunghun Han discovered an information leak in the ACPI handling code in the Linux kernel when handling early termination of ACPI table loading. A local attacker could use this to expose sensitive informal (kernel address locations). (CVE-2017-13695) It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 LTS: linux-image-4.4.0-1024-aws 4.4.0-1024.25 linux-image-4.4.0-130-generic 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-generic-lpae 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-lowlatency 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-e500mc 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc-smp 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-emb 4.4.0-130.156~14.04.1 linux-image-4.4.0-130-powerpc64-smp 4.4.0-130.156~14.04.1 linux-image-aws 4.4.0.1024.24 linux-image-generic-lpae-lts-xenial 4.4.0.130.110 linux-image-generic-lts-xenial 4.4.0.130.110 linux-image-lowlatency-lts-xenial 4.4.0.130.110 linux-image-powerpc-e500mc-lts-xenial 4.4.0.130.110 linux-image-powerpc-smp-lts-xenial 4.4.0.130.110 linux-image-powerpc64-emb-lts-xenial 4.4.0.130.110 linux-image-powerpc64-smp-lts-xenial 4.4.0.130.110 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-18:07.lazyfpu Security Advisory The FreeBSD Project Topic: Lazy FPU State Restore Information Disclosure Category: core Module: kernel Announced: 2018-06-21 Credits: Julian Stecklina from Amazon Germany Thomas Prescher from Cyberus Technology GmbH Zdenek Sojka from SYSGO AG Colin Percival Affects: All supported version of FreeBSD. Corrected: 2018-06-14 18:50:49 UTC (stable/11, 11.2-PRERELEASE) 2018-06-15 13:21:37 UTC (releng/11.2, 11.2-RC3) 2018-06-21 05:17:13 UTC (releng/11.1, 11.1-RELEASE-p11) CVE Name: CVE-2018-3665 Special Note: This advisory only addresses this issue for FreeBSD 11.x on i386 and amd64. We expect to update this advisory to include 10.x in the near future. For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. Background Modern CPUs have a floating point unit (FPU) which needs to maintain state per thread. One technique is to only save and to only restore the FPU state for a thread when a thread attempts to utilize the FPU. This technique is called Lazy FPU state restore. II. III. Impact Any local thread can potentially read FPU state information from other threads running on the host. This could include cryptographic keys when the AES-NI CPU feature is present. IV. Workaround No workaround is available, but non-Intel branded CPUs are not believed to be vulnerable. V. Solution The patch changes from Lazy FPU state restore to Eager FPU state restore. This new technique is the recommended practice from Intel and in some cases can actually increase performance, depending on workload. Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:07/lazyfpu-11.patch.asc # gpg --verify lazyfpu-11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r335169 releng/11.2/ r335196 releng/11.1/ r335465 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. (CVE-2018-3665) Update instructions: The problem can be corrected by updating your livepatches to the following versions: | Kernel | Version | flavors | |--------------------------+----------+--------------------------| | 4.4.0-124.148 | 40.6 | lowlatency, generic | | 4.4.0-124.148~14.04.1 | 40.6 | generic, lowlatency | | 4.4.0-127.153 | 40.6 | lowlatency, generic | | 4.4.0-127.153~14.04.1 | 40.6 | lowlatency, generic | | 4.4.0-128.154 | 40.6 | generic, lowlatency | | 4.4.0-128.154~14.04.1 | 40.6 | generic, lowlatency | | 4.15.0-20.21 | 40.7 | generic, lowlatency | | 4.15.0-22.24 | 40.7 | lowlatency, generic | | 4.15.0-23.25 | 40.7 | lowlatency, generic | References: CVE-2018-1093, CVE-2018-1092, CVE-2018-7755, CVE-2018-3665 -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2164-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2164 Issue date: 2018-07-10 CVE Names: CVE-2018-3639 CVE-2018-3665 CVE-2018-10675 CVE-2018-10872 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD) * kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial of service or other unspecified impact (CVE-2018-10675) * Kernel: FPU state information leakage via lazy FPU restore (CVE-2018-3665) * kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) (CVE-2018-10872) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639 and Julian Stecklina (Amazon.de), Thomas Prescher (cyberus-technology.de), and Zdenek Sojka (sysgo.com) for reporting CVE-2018-3665. Bug Fix(es): * Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1574592) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass 1575065 - CVE-2018-10675 kernel: Use-after-free vulnerability in mm/mempolicy.c:do_get_mempolicy function allows local denial-of-service or other unspecified impact 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1596094 - CVE-2018-10872 kernel: error in exception handling leads to DoS (CVE-2018-8897 regression) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.2.1.el6.src.rpm i386: kernel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-devel-2.6.32-754.2.1.el6.i686.rpm kernel-headers-2.6.32-754.2.1.el6.i686.rpm perf-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm kernel-doc-2.6.32-754.2.1.el6.noarch.rpm kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm perf-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.2.1.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm kernel-doc-2.6.32-754.2.1.el6.noarch.rpm kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm perf-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.2.1.el6.src.rpm i386: kernel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-devel-2.6.32-754.2.1.el6.i686.rpm kernel-headers-2.6.32-754.2.1.el6.i686.rpm perf-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm kernel-doc-2.6.32-754.2.1.el6.noarch.rpm kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm ppc64: kernel-2.6.32-754.2.1.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.2.1.el6.ppc64.rpm kernel-debug-2.6.32-754.2.1.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.2.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.2.1.el6.ppc64.rpm kernel-devel-2.6.32-754.2.1.el6.ppc64.rpm kernel-headers-2.6.32-754.2.1.el6.ppc64.rpm perf-2.6.32-754.2.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm s390x: kernel-2.6.32-754.2.1.el6.s390x.rpm kernel-debug-2.6.32-754.2.1.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.s390x.rpm kernel-debug-devel-2.6.32-754.2.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.2.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.2.1.el6.s390x.rpm kernel-devel-2.6.32-754.2.1.el6.s390x.rpm kernel-headers-2.6.32-754.2.1.el6.s390x.rpm kernel-kdump-2.6.32-754.2.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.2.1.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.2.1.el6.s390x.rpm perf-2.6.32-754.2.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm x86_64: kernel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm perf-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.2.1.el6.ppc64.rpm perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm python-perf-2.6.32-754.2.1.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.2.1.el6.s390x.rpm kernel-debuginfo-2.6.32-754.2.1.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.2.1.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.2.1.el6.s390x.rpm perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm python-perf-2.6.32-754.2.1.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.2.1.el6.src.rpm i386: kernel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-devel-2.6.32-754.2.1.el6.i686.rpm kernel-headers-2.6.32-754.2.1.el6.i686.rpm perf-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.2.1.el6.noarch.rpm kernel-doc-2.6.32-754.2.1.el6.noarch.rpm kernel-firmware-2.6.32-754.2.1.el6.noarch.rpm x86_64: kernel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.2.1.el6.i686.rpm kernel-debug-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm kernel-devel-2.6.32-754.2.1.el6.x86_64.rpm kernel-headers-2.6.32-754.2.1.el6.x86_64.rpm perf-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-2.6.32-754.2.1.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.2.1.el6.i686.rpm perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm python-perf-2.6.32-754.2.1.el6.i686.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.2.1.el6.x86_64.rpm perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm python-perf-2.6.32-754.2.1.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.2.1.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/cve/CVE-2018-3665 https://access.redhat.com/security/cve/CVE-2018-10675 https://access.redhat.com/security/cve/CVE-2018-10872 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW0TykdzjgjWX9erEAQj7nQ/8DBiN11jNNGxND1Io2xuiZ+/RqzFz4IXv VMTrhukotRz5vbQWziRcHl0DVUttBBbwzdoNUu4RH4rxHv0J0GTLYusgyWlyDJP8 D229CT7o6lK4RjPryXFsu/4YsIzu8Vz35KB8SpW6gUkXibANrCWDEHEqc9+6mQ6g VFe0wAu1Tw3PKre0zK+XL/uxkvjk8ZeDINe8WVUDloBOnxFMnZZjEcZsIO9JfjBr krlU1QTQcPeKsrv6gofNXBOeQn0JZS1BVDy0JiNoOihJqPPBLA5RkyZzWouy6FDt xVTN7BEuILTUszfcygXA17OdNUzJm/L6a4rFXno4+eN5u5Ucx46/abXhWhRzcwvV +7IuGNs83aTZufXNbWDtiGFkIyKE5NyX7U7SOoxz42AxesSxJ6SKJFD4iBu/0YrU h9BvuHkkVNu+NsYT6rajqwz5ytkEbCJAX7xvNnu7Wi18tWKEWklqAFYSqVnpopO2 8xSW2+OTSkAQ9uiGAz9aTLLca2Zi/I8kjAcNyv4tASUcvodNzUE/OuERC5hvOZ6X 6j/POh7W7xA3cAg216EEj4X12BIwArqt8hjZ6hO5cd7ZfnWof7BVEjLnqtyJjhzi Xap6Pf/NG4/iSO1kEFLo3Uw9sQVoPRU4Hg1KXJJy+XboBQ3/K9ctCU5qvTRApmmM OjBeir/Q654=I9wq -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Security Fix(es): * A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130) * Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. (CVE-2018-12126) * Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. Bug Fix(es): * rwsem in inconsistent state leading system to hung (BZ#1690321) * efi_bgrt_init fails to ioremap error during boot (BZ#1692284) 4. Bugs fixed (https://bugzilla.redhat.com/): 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver 1474928 - CVE-2017-11600 kernel: Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors 1517220 - CVE-2017-16939 Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation 1520328 - CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow 1535173 - CVE-2017-13215 kernel: crypto: privilege escalation in skcipher_recvmsg function 1552048 - CVE-2018-1068 kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c 1585011 - CVE-2018-3665 Kernel: FPU state information leakage via lazy FPU restore 1641878 - CVE-2018-18559 kernel: Use-after-free due to race condition in AF_PACKET implementation 1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS) 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS) 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS) 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2018-10-30-14 Additional information for APPLE-SA-2018-7-9-4 macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, Security Update 2018-004 El Capitan macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan address the following: AMD Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to determine kernel memory layout Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2018-4289: shrek_wzw of Qihoo 360 Nirvan Team APFS Available for: macOS High Sierra 10.13.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4268: Mac working with Trend Micro's Zero Day Initiative ATS Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to gain root privileges Description: A type confusion issue was addressed with improved memory handling. CVE-2018-4285: Mohamed Ghannam (@_simo36) Bluetooth Available for: MacBook Pro (15-inch, 2018), and MacBook Pro (13-inch, 2018, Four Thunderbolt 3 Ports) Other Mac models were addressed with macOS High Sierra 10.13.5. Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2018-5383: Lior Neumann and Eli Biham CFNetwork Available for: macOS High Sierra 10.13.5 Impact: Cookies may unexpectedly persist in Safari Description: A cookie management issue was addressed with improved checks. CVE-2018-4293: an anonymous researcher CoreCrypto Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: A malicious application may be able to break out of its sandbox Description: A memory corruption issue was addressed with improved input validation. CVE-2018-4269: Abraham Masri (@cheesecakeufo) CUPS Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A null pointer dereference was addressed with improved validation. CVE-2018-4276: Jakub Jirasek of Secunia Research at Flexera Entry added October 30, 2018 DesktopServices Available for: macOS Sierra 10.12.6 Impact: A local user may be able to view sensitive user information Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed with improved permission validation. CVE-2018-4178: Arjen Hendrikse IOGraphics Available for: macOS High Sierra 10.13.5 Impact: A local user may be able to read kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. An information disclosure issue was addressed with FP/SIMD register state sanitization. CVE-2018-3665: Julian Stecklina of Amazon Germany, Thomas Prescher of Cyberus Technology GmbH (cyberus-technology.de), Zdenek Sojka of SYSGO AG (sysgo.com), and Colin Percival Kernel Available for: macOS High Sierra 10.13.5 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4259: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4286: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4287: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4288: Kevin Backhouse of Semmle and LGTM.com CVE-2018-4291: Kevin Backhouse of Semmle and LGTM.com Entry added October 30, 2018 libxpc Available for: OS X El Capitan 10.11.6, macOS Sierra 10.12.6, macOS High Sierra 10.13.5 Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4280: Brandon Azad libxpc Available for: macOS High Sierra 10.13.5 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2018-4248: Brandon Azad LinkPresentation Available for: macOS High Sierra 10.13.5 Impact: Visiting a malicious website may lead to address bar spoofing Description: A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. CVE-2018-4277: xisigr of Tencent's Xuanwu Lab (tencent.com) Perl Available for: macOS High Sierra 10.13.5 Impact: Multiple buffer overflow issues existed in Perl Description: Multiple issues in Perl were addressed with improved memory handling. CVE-2018-6797: Brian Carpenter CVE-2018-6913: GwanYeong Kim Entry added October 30, 2018 Ruby Available for: macOS High Sierra 10.13.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Multiple issues in Ruby were addressed in this update. CVE-2017-898 CVE-2017-10784 CVE-2017-14033 CVE-2017-14064 CVE-2017-17405 CVE-2017-17742 CVE-2018-6914 CVE-2018-8777 CVE-2018-8778 CVE-2018-8779 CVE-2018-8780 Entry added October 30, 2018 Additional recognition App Store We would like to acknowledge Jesse Endahl & Stevie Hryciw of Fleetsmith and and Max BA(c)langer of Dropbox for their assistance. Help Viewer We would like to acknowledge Wojciech ReguAa (@_r3ggi) of SecuRing for their assistance. Kernel We would like to acknowledge juwei lin (@panicaII) of Trend Micro working with Trend Micro's Zero Day Initiative for their assistance. Security We would like to acknowledge Brad Dahlsten of Iowa State University for their assistance. Installation note: macOS High Sierra 10.13.6, Security Update 2018-004 Sierra, and Security Update 2018-004 El Capitan may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlvYkgUpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3EgwhAA rut4Qepkh88tcd23FV/Fz6uEdqa2MDPRPhVs6rM5iM7912vhtVZHz1sDUpSwNFe+ Hfdx0qsZaxY1sKjqMejq5mpanjFWhCCWb7MxifGm1HTJRMibuTAW7zVwD51jsG7z GpQtZ8ASaW9NErn+3IPB0O//CCvAKR/qyqn+KyEhYw+xtz2j+dzneB6lpwFkiqG2 0Iz5DQ2Hwms/88byzoXLWljAApvgSeant1YAiShq9bvQ3iWSkLSoo1dEa9jhhGJV jKyc+XloM7AfAHl6sjR6t3Cgdmfpy7s4osx17tqa4B5CYUloBGcZ0SZrL6iJDDvV 5OTsXHCQ9NLwZrdAwIgfcVcs01Y8hVkpjhCmm2InGwREJUtpYefCQ/kIlDa1YOym 3ua/SEO5+UYSVspG45vTdRB6SNSzeWzcQvJohrXavSllttcGyNx9RxMSr9CGxNSE Vjmo30J8D2Oow2hMtK1PWXxI+t4UadO33rL1H2u8ivl9J1BI9sEL0linFTUpEnIS iIRYUdrr+ZduSsC21NBLhMOak61GWYQRSN+p3nbL7fDqZCFdBSwvye4q2MmZG1Op aDePXQWSPgzlXzfi2C6KiR+lSyZlgCwtwhPGlzDFH5MGxr5Tleov98GB4uml91lj PVSMCsvYvRarIh6enmy+SR/6X7gVgrpx4m/fdraBwTw= =e0YF -----END PGP SIGNATURE-----

Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code. OPC Foundation Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Huawei HG255s-10 V100R001C163B025SP02 has a path traversal vulnerability due to insufficient validation of the received HTTP requests, a remote attacker may access the local files on the device without authentication. Huawei HG255s-10 Contains a path traversal vulnerability.Information may be obtained. HuaweiHG255s-10 is a wireless router product from China's Huawei company

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.). SamsungsmartViewer is Samsung's TV connection software. A cross-site scripting vulnerability exists in SamsungWebViewerforSamsungDVR that allows remote attackers to exploit exploits to inject arbitrary web scripts or HTML

Improper authorization vulnerability in SYNO.Cal.Event in Calendar before 2.1.2-0511 allows remote authenticated users to create arbitrary events via the (1) cal_id or (2) original_cal_id parameter. Calendar Contains an authorization vulnerability.Information may be tampered with. Synology Calendar is a file protection program from Synology that runs on Synology NAS devices

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. Knowage ( Old SpagoBI) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site scripting vulnerability exists in Knowage 6.1.1. A remote attacker could use this vulnerability to inject arbitrary Web scripts or HTML by sending a name or description field to the 'Olap Schemas' Catalogue' directory

Knowage (formerly SpagoBI) 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request. Knowage ( Old SpagoBI) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site request forgery vulnerability exists in Knowage 6.1.1. A remote attacker could use the form to exploit this vulnerability to send a request and perform an action without the user's knowledge

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. Knowage ( Old SpagoBI) Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Knowage (formerly known as SpagoBI) is an open source suite for modern business analysis on traditional resources and big data systems from Knowage, Italy. A cross-site scripting vulnerability exists in Knowage 6.1.1. A remote attacker could use this vulnerability to inject arbitrary Web scripts or HTML by sending a name field to the 'Business Model's Catalogue' directory

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IgniteRealtimeOpenfire (formerly Wildfire) is a cross-platform open source real-time collaboration (RTC) server based on XMPP (formerly known as Jabber, instant messaging protocol) developed by Java in the Ignite Realtime community. It can build an efficient instant messaging server and support it. The number of tens of thousands of concurrent users

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. RAPIDLab and RAPIDPoint Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RAPIDLab 1200 system is a cartridge-based blood gas, electrolyte and metabolite analyzer designed for medium to large capacity clinical laboratories. The RAPIDPoint 400/405/500 system is a cassette analyzer based on blood gases, electrolytes and metabolites designed for use in a care setting environment. SIEMENS RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers have elevated permissions vulnerabilities. Siemens RAPIDLab 1200 systems is an intensive care solution with blood and respiratory monitoring functions. RAPIDPoint 400 systems and RAPIDPoint 500 systems are different series of solutions for the clinical analysis of blood electrolytes, glucose, hematocrit and neonatal bilirubin

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. SIEMENSSCALANCEM875 has a cross-site request forgery vulnerability. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a stored Cross-Site Scripting (XSS) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires that the attacker has access to the web interface of an affected device. The attacker must be authenticated as administrative user on the web interface. Afterwards, a legitimate user must access the web interface. A successful attack could allow an attacker to execute malicious code in the browser of a legitimate user. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a command injection vulnerability in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). An attacker with access to the local file system might obtain passwords for administrative users. Successful exploitation requires read access to files on the local file system. A successful attack could allow an attacker to obtain administrative passwords. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. SIEMENSSCALANCEM875 has an information disclosure vulnerability. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could execute arbitrary operating system commands. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. The vulnerability could allow an attacker to execute arbitrary code on the device. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Is OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a command injection vulnerability in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

A vulnerability has been identified in SCALANCE M875 (All versions). An authenticated remote attacker with access to the web interface (443/tcp), could potentially read and download arbitrary files from the device's file system. Successful exploitation requires that the attacker has network access to the web interface. The attacker must be authenticated as administrative user to exploit the security vulnerability. At the time of advisory publication no public exploitation of this security vulnerability was known. SCALANCE M875 Contains an information disclosure vulnerability.Information may be obtained. SCALANCEM Industrial Routers are used for secure remote access to factories via mobile networks, such as GPRS or UMTS, with integrated security features of the firewall to prevent unauthorized access and VPNs to protect data transmission. There is a security hole in SIEMENSSCALANCEM875. Siemens SCALANCE M875 is an industrial-grade mobile wireless router product of Siemens

An issue was discovered on Momentum Axel 720P 5.1.8 devices. A password of EHLGVG is hard-coded for the root and admin accounts, which makes it easier for physically proximate attackers to login at the console. Momentum Axel 720P The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The MomentumAxel720P is a dual-band HD camera that supports WiFi connectivity. An attacker with a physical location nearby can use this vulnerability to log in to the device

A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. plural Siemens The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SCALANCE X switches are used to connect industrial components such as programmable logic controllers (PLCs) or human machine interfaces (HMIs). The SCALANCE X-204RNA Industrial Ethernet network access point enables the connection of non-PRP terminal devices. The RUGGEDDCOM WiMAX product line offers a dedicated wireless WAN solution. The RFID 181-EIP is an RFID communication module for Ethernet/IP that connects two serial SIMATIC identification readers to an Ethernet/IP scanner. The SIMATIC RF182C is an RFID communication module for Ethernet TCP/IP and XML for connecting two serial SIMAITC identification readers to a PC or other programmable device that can communicate via Ethernet TCP/IP and XML. Multiple SIEMENS product heap overflow vulnerabilities. An attacker can exploit this issue to inject and execute arbitrary code in the context of the affected application. Siemens RFID 181-EIP, etc. are all products of Germany's Siemens (Siemens). SCALANCE X-200 is an industrial grade Ethernet switch product. The following products and versions are affected: Siemens RFID 181-EIP; RUGGEDCOM WiMAX Version 4.4, Version 4.5; SCALANCE X-200 up to 5.2.3; SCALANCE X-200 IRT up to 5.4.1; SCALANCE X-204RNA; SCALANCE X- 300; SCALANCE X408; SCALANCE X414; SIMATIC RF182C