VARIoT IoT vulnerabilities database

A vulnerability has been identified in SIMATIC WinCC OA Operator iOS App (All versions < V1.4). Insufficient protection of sensitive information (e.g. session key for accessing server) in Siemens WinCC OA Operator iOS app could allow an attacker with physical access to the mobile device to read unencrypted data from the app's directory. Siemens provides mitigations to resolve the security issue. Allows an attacker to read unencrypted data from the application's directory. A prerequisite for this is that an attacker can physically access the mobile device. Attackers with physical access to device can exploit this issue to obtain sensitive information that may aid in further attacks

The inputhub driver of HUAWEI P9 Lite mobile phones with Versions earlier than VNS-L21C02B341, Versions earlier than VNS-L21C22B380, Versions earlier than VNS-L31C02B341, Versions earlier than VNS-L31C440B390, Versions earlier than VNS-L31C636B396 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and the APP may sends specific data to the inputhub driver to exploit this vulnerability, successful exploit could cause the system reboot. HUAWEI P9 Lite Smartphones contain a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. HuaweiP9Lite is a smartphone product from China's Huawei company. The HuaweiP9LiteInputhub driver has a buffer overflow vulnerability. The attacker induces the user to install a malicious application. The application sends specific parameters to the mobile device inputhub driver, which can cause the mobile phone to restart

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Belkin N750 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin N750 is a dual-band wireless router from Belkin. A security hole exists in the BelkinN750 using firmware version 1.10.22

A vulnerability in the device manager web interface of Cisco Industrial Ethernet Switches could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected system. The vulnerability is due to insufficient CSRF protection by the device manager web interface. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link or visit an attacker-controlled website. A successful exploit could allow the attacker to submit arbitrary requests to an affected device via the device manager web interface with the privileges of the user. This vulnerability affects the following Cisco Industrial Ethernet (IE) Switches if they are running a vulnerable release of Cisco IOS Software: IE 2000 Series, IE 2000U Series, IE 3000 Series, IE 3010 Series, IE 4000 Series, IE 4010 Series, IE 5000 Series. Cisco Bug IDs: CSCvc96405. Cisco IOS Contains a cross-site request forgery vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvc96405 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

A vulnerability in the Transport Layer Security (TLS) library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a reload of the affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious TLS message to an interface enabled for Secure Layer Socket (SSL) services on an affected device. Messages using SSL Version 3 (SSLv3) or SSL Version 2 (SSLv2) cannot be be used to exploit this vulnerability. An exploit could allow the attacker to cause a buffer underflow, triggering a crash on an affected device. This vulnerability affects Cisco ASA Software and Cisco FTD Software that is running on the following Cisco products: Adaptive Security Virtual Appliance (ASAv), Firepower Threat Defense Virtual (FTDv), Firepower 2100 Series Security Appliance. Cisco Bug IDs: CSCve18902, CSCve34335, CSCve38446. Vendors have confirmed this vulnerability Bug ID CSCve18902 , CSCve34335 and CSCve38446 It is released as.Service operation interruption (DoS) There is a possibility of being put into a state. CiscoAdaptiveSecurityVirtualAppliance and so on are all security devices from Cisco. AdaptiveSecurityAppliance (ASA) Software and FirepowerThreatDefense (FTD) Software are operating systems that run on different security devices. TransportLayerSecurity (TLS) is one of the transport layer security protocol libraries. The TLS inventory in ASASoftware and FTDSoftware in several Cisco products is entering a validation vulnerability that stems from the program failing to adequately verify the user-submitted input

A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to twonky_command.cgi. Belkin N750 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin N750 is a wireless router product. There is a security vulnerability in the implementation of BelkinN7501.10.22

Electronic Numbers to URI Mapping (ENUM) module in some Huawei products DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a buffer error vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted ENUM packets to the affected products. Due to insufficient verification of some values in the packets, successful exploit may cause buffer error and some services abnormal. plural Huawei The product contains a buffer error vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DP300, RP200, and TE30 are all network video communication devices of Huawei. The Huawei DP300 and others are all products of China's Huawei (Huawei). DP300 is a video conferencing terminal. The vulnerability is caused by the fact that the program does not fully verify the fields in the data packet. The following products and versions are affected: Huawei DP300 V500R002C00 Version, RP200 V600R006C00 Version; TE30 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version; TE40 V500R002C00 Version, V600R006C00 Version; TE50 V500R002C00 Version, V600R006C00 Version; TE60 V100R001C10 Version, V500R002C00 Version, V600R006C00 Version

The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot. Huawei Berkeley-AL20 and Berkeley-BD Smartphone software contains a double release vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Berkeley-AL20 and Berkeley-BD are all smartphone products of China's Huawei company. A denial of service vulnerability exists in the Huawei driver of HuaweiBerkeley-AL20 and Berkeley-BD. Mali driver is one of the email drivers. The following products and versions are affected: Huawei Berkeley-AL20 Version 8.0.0.105(C00), Version 8.0.0.111(C00), Version 8.0.0.112D(C00), Version 8.0.0.116(C00), Version 8.0.0.119(C00) Version, version 8.0.0.119D(C00), version 8.0.0.122(C00), version 8.0.0.132(C00), version 8.0.0.132D(C00), version 8.0.0.142(C00), version 8.0.0.151(C00) Version; Berkeley-BD version 1.0.0.21, version 1.0.0.22, version 1.0.0.23, version 1.0.0.24, version 1.0.0.26, version 1.0.0.29

Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 V200R006C10SPC300, AR2200 V200R006C10SPC300, AR3200 V200R006C10SPC300 devices have an improper resource management vulnerability. Due to the improper implementation of ACL mechanism, a remote attacker may send TCP messages to the management interface of the affected device to exploit this vulnerability. Successful exploit could exhaust the socket resource of management interface, leading to a DoS condition. plural Huawei The product is vulnerable to resource exhaustion.Service operation interruption (DoS) There is a possibility of being put into a state. The AR1200, AR160, and AR3200 are a series of enterprise router products from Huawei. There are denial of service vulnerabilities in Huawei AR series products. Huawei AR1200 and others are all enterprise-level routers of China's Huawei (Huawei). The following products and versions are affected: Huawei AR1200 V200R006C10SPC300; AR160 V200R006C10SPC300; AR200 V200R006C10SPC300; AR2200 V200R006C10SPC300; AR3200 V200R006C10SPC300

A remote unauthenticated user can enable telnet on the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to set.cgi. When enabled the telnet session requires no password and provides root access. Belkin N750 Contains vulnerabilities related to authorization, permissions, and access control.Information may be tampered with. The Belkin N750 is a wireless router product. The Belkin N7501.10.22 version has a security flaw in its implementation

A remote unauthenticated user can overflow a stack buffer in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi. Belkin N750 Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin N750 is a wireless router product. There is a security vulnerability in the implementation of BelkinN7501.10.22

Lenovo Help Android mobile app versions earlier than 6.1.2.0327 allowed information to be transmitted over an HTTP channel, permitting others observing the channel to potentially see this information. An attacker could exploit this vulnerability to obtain information

A vulnerability in the Web Server Authentication Required screen of the Clientless Secure Sockets Layer (SSL) VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of that portal on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the portal or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco ASA Software: 3000 Series Industrial Security Appliances, Adaptive Security Virtual Appliance (ASAv), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches, ASA Services Module for Cisco 7600 Series Routers. Cisco Bug IDs: CSCvh20742. Vendors have confirmed this vulnerability Bug ID CSCvh20742 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Clientless Secure Sockets Layer (SSL) VPN is one of the SSL (Secure Sockets Layer) VPN apps. The vulnerability stems from the fact that the program does not fully verify the request submitted by the user

A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985. Vendors have confirmed this vulnerability Bug ID CSCvg33985 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The appliance also includes IPS (Intrusion Prevention System), SSL VPN, IPSec VPN, anti-spam, and more. WebVPN is one of those web-based VPN apps. The WebVPN login page in Cisco ASA has a cross-site scripting vulnerability, which stems from the fact that the program does not fully verify the request submitted by the user

A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx Meetings, and Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability is due to insufficient input validation by the Cisco WebEx clients. An attacker could exploit this vulnerability by providing meeting attendees with a malicious Flash (.swf) file via the file-sharing capabilities of the client. Exploitation of this vulnerability could allow arbitrary code execution on the system of a targeted user. This affects the clients installed by customers when accessing a WebEx meeting. The following client builds of Cisco WebEx Business Suite (WBS30, WBS31, and WBS32), Cisco WebEx Meetings, and Cisco WebEx Meetings Server are impacted: Cisco WebEx Business Suite (WBS31) client builds prior to T31.23.2, Cisco WebEx Business Suite (WBS32) client builds prior to T32.10, Cisco WebEx Meetings with client builds prior to T32.10, Cisco WebEx Meetings Server builds prior to 2.8 MR2. Cisco Bug IDs: CSCvg19384, CSCvi10746. Vendors have confirmed this vulnerability Bug ID CSCvg19384 , CSCvi10746 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will likely cause a denial-of-service condition. Successful exploitation could potentially allow an attacker to take control of the affected system

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later. Bouncy Castle BC and BC-FJA Contains a cryptographic vulnerability.Information may be obtained. Bouncy Castle is prone to a security weakness. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks. Currently there is no information about this vulnerability, please keep an eye on CNNVD or vendor announcements. Red Hat would like to thank Chris McCown for reporting CVE-2018-8088. Installation instructions are located in the download section of the customer portal. The References section of this erratum contains a download link (you must log in to download the update). The JBoss server process must be restarted for the update to take effect. For further information, refer to the release notes linked to in the References section. For the stable distribution (stretch), this problem has been fixed in version 1.56-1+deb9u2. We recommend that you upgrade your bouncycastle packages. For the detailed security status of bouncycastle please refer to its security tracker page at: https://security-tracker.debian.org/tracker/bouncycastle Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlstVJsACgkQEMKTtsN8 TjbYZw/+Ig5wYiaMaeNbnzRu8Je7e4jGvglWlqLeTX7xG2hpzaFHCeOFxTX9oJmt r/8y/wZMhf+pV3h1KlP9nxOLEhchcL4hSAM4necgVP6odykbH0Em2yAE5i7ae9ez oD9Ib7dUUFbRk2a19J4bVdXXUjb3YQCN1SsS5KVYfWDgzxa+dC34vhm3yfNqoPej 0sFczW7kuUUK61a9LwNmuTp8hVyvtNc5FjhK5mEB3Fi2EiYYn8UT/LNp5QElKB4i h7P6c1Q9jw8VSqvRqlt4n2+HAreKmOS8a61hFYFV/HFoer6rOxa03YDcC0rlva7O a0WcOzet/IzRCOJilj2TIgXBZzFb3peyzd4arTa/VCt794qHOTIElBnmvAvVeXBW yu83IQrDYrKnwm85K0R3YUXaBzaGTeVPwnYPJnYRydlF/zxvg7l9xx7Cy7PJN2Xh Y+visDrPob09QFNc4PYlzQ+V6vrFrygAPO7CJ7hY7KrF8nuhbt9Ygd75IBIMTqhZ QsQlAUZ8UU7q9vVPZCZFb89ks5WyRm8O7Kdn5wzEx1Egas1/jfUzfMOUYTEl0nfM iOk0Q0pFpbwQ+9vWZBMWYTVHXUi8jabBbJcM4g9xVzlDk2mqTVaimnFXfl28Y3aK D8ul9kVTrOOX/jutkY46hdLOhmGo52oHDW5qiJtQL49QzC+Qm3o= =p+RC -----END PGP SIGNATURE----- . JIRA issues fixed (https://issues.jboss.org/): RHSSO-1429 - CVE-2018-10912 [7.2.z] Replace command might fail and cause endless loop when cache owners >= 2 6. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.1.4 on RHEL7 security update Advisory ID: RHSA-2018:2424-01 Product: Red Hat JBoss Enterprise Application Platform Advisory URL: https://access.redhat.com/errata/RHSA-2018:2424 Issue date: 2018-08-15 CVE Names: CVE-2017-12624 CVE-2018-8039 CVE-2018-10237 CVE-2018-10862 CVE-2018-1000180 ==================================================================== 1. Summary: An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server - noarch, x86_64 3. Description: Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service (CVE-2018-10237) * bouncycastle: flaw in the low-level interface to RSA key pair generator (CVE-2018-1000180) * cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services (CVE-2017-12624) * wildfly: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (CVE-2018-10862) * cxf-core: apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* (CVE-2018-8039) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1515976 - CVE-2017-12624 cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services 1573391 - CVE-2018-10237 guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service 1588306 - CVE-2018-1000180 bouncycastle: flaw in the low-level interface to RSA key pair generator 1593527 - CVE-2018-10862 wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) 1595332 - CVE-2018-8039 apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* 6. JIRA issues fixed (https://issues.jboss.org/): JBEAP-14788 - Tracker bug for the EAP 7.1.4 release for RHEL-7 7. Package List: Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7 Server: Source: eap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el7.src.rpm eap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el7.src.rpm eap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el7.src.rpm eap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el7.src.rpm eap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el7.src.rpm eap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el7.src.rpm eap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el7.src.rpm eap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el7.src.rpm noarch: eap7-activemq-artemis-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-cli-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-commons-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-core-client-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-dto-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hornetq-protocol-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-hqclient-protocol-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jdbc-store-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-client-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-jms-server-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-journal-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-native-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-ra-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-selector-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-server-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-activemq-artemis-service-extensions-1.5.5.013-1.redhat_1.1.ep7.el7.noarch.rpm eap7-bouncycastle-1.56.0-5.redhat_3.1.ep7.el7.noarch.rpm eap7-bouncycastle-mail-1.56.0-5.redhat_3.1.ep7.el7.noarch.rpm eap7-bouncycastle-pkix-1.56.0-5.redhat_3.1.ep7.el7.noarch.rpm eap7-bouncycastle-prov-1.56.0-5.redhat_3.1.ep7.el7.noarch.rpm eap7-guava-25.0.0-1.redhat_1.1.ep7.el7.noarch.rpm eap7-guava-libraries-25.0.0-1.redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-core-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-entitymanager-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-envers-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-infinispan-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-hibernate-java8-5.1.15-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-api-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-impl-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-common-spi-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-core-api-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-core-impl-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-deployers-common-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-jdbc-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-ironjacamar-validator-1.4.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jberet-1.2.6-2.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jberet-core-1.2.6-2.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jboss-ejb-client-4.0.11-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jboss-remoting-5.0.8-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-cli-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-core-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap6.4-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly10.1-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly8.2-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.0-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-jboss-server-migration-wildfly9.0-to-eap7.1-1.0.6-4.Final_redhat_4.1.ep7.el7.noarch.rpm eap7-mod_cluster-1.3.10-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-compensations-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jbosstxbridge-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jbossxts-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jts-idlj-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-jts-integration-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-api-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-bridge-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-integration-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-restat-util-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-narayana-txframework-5.5.32-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-api-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-bindings-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-common-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-config-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-federation-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-api-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-impl-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-idm-simple-schema-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-impl-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-picketlink-wildfly8-2.5.5-13.SP12_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-atom-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-cdi-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-client-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-crypto-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jackson-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jackson2-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jaxb-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jaxrs-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jettison-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jose-jwt-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-jsapi-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-json-p-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-multipart-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-spring-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-validator-provider-11-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-resteasy-yaml-provider-3.0.26-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-undertow-1.4.18-7.SP8_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-7.1.4-1.GA_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-javadocs-7.1.4-2.GA_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-modules-7.1.4-1.GA_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-naming-client-1.0.9-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-transaction-client-1.0.4-1.Final_redhat_1.1.ep7.el7.noarch.rpm eap7-wildfly-web-console-eap-2.9.18-1.Final_redhat_1.1.ep7.el7.noarch.rpm x86_64: eap7-wildfly-openssl-linux-1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64.rpm eap7-wildfly-openssl-linux-debuginfo-1.0.6-14.Final_redhat_1.1.ep7.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 8. References: https://access.redhat.com/security/cve/CVE-2017-12624 https://access.redhat.com/security/cve/CVE-2018-8039 https://access.redhat.com/security/cve/CVE-2018-10237 https://access.redhat.com/security/cve/CVE-2018-10862 https://access.redhat.com/security/cve/CVE-2018-1000180 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/?version=7.1 https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/ 9. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3QPddzjgjWX9erEAQgnPhAAkejdrTQRFvbSe9wUnOVuoetQE+Z7Pp7y 0a3is5tbC1CX/s3qn6GAtPhDWYREAu8zinHgu29MLWHEeUiLyMv6l9Nss70POKaC r6vtNC/OZ42NbtA7Hb8XEJAlCnb60rO2bwqK2qoyPsJSiiDQwh0FBvshUmdaKjUk 7Kz9ESIrLlBNU+w+sy+D/eTQ6DvAY12Na/qR/OCfrDuIQtqbHTYzTz8PHAEBxhS3 9tRacBrtaiNIPAkmPdnG0ABFrlbEP4tjSmyR0fZPLSMRCuAas/V9pl7QT/sICacf v76I1NB2gA24qOCcsJ/WPKMQSodSJ0GmLWEq0XVXzSpmPGgkDMTVyvhc0xGA3kkv 6kwNyqLMPSMj4NX5PWd7PcImpmk2IvKRDRqielrM/+NCPbWlheE9HVtX9EolEOMv H9ZIyq6l4j451eiNGhGzxzdKewrGAvejU6Mie1bn51S+6MLHWyt0Sw8DrXQTX+rl obXsxrrts3Y3Dl9S5PXry0lMowRlMWdtdzmH887xsn5QOs8fQ7dr+6Ggt9IdvYoJ 9aJD47C/ZzlL7iPMWwaZdeKxavRLu/H5b3jJJG3G4UZzdQ4Hu/Q2o0mSeLOkeJ+s J/I1qRKpRt8pTYMwTGSJtm2S3TYbhVKfNjHxfcOv5zL9wWbBEdd+7lmEX7/g7mla 32+tI5y4JiA=1Ut9 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

A vulnerability in the Secure Sockets Layer (SSL) packet reassembly functionality of the detection engine in Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the detection engine to consume excessive system memory on an affected device, which could cause a denial of service (DoS) condition. The vulnerability is due to the affected software improperly handling changes to SSL connection states. An attacker could exploit this vulnerability by sending crafted SSL connections through an affected device. A successful exploit could allow the attacker to cause the detection engine to consume excessive system memory on the affected device, which could cause a DoS condition. The device may need to be reloaded manually to recover from this condition. This vulnerability affects Cisco Firepower System Software Releases 6.0.0 and later, running on any of the following Cisco products: Adaptive Security Appliance (ASA) 5500-X Series Firewalls with FirePOWER Services, Adaptive Security Appliance (ASA) 5500-X Series Next-Generation Firewalls, Advanced Malware Protection (AMP) for Networks, 7000 Series Appliances, Advanced Malware Protection (AMP) for Networks, 8000 Series Appliances, Firepower 4100 Series Appliances, FirePOWER 7000 Series Appliances, FirePOWER 8000 Series Appliances, Firepower 9300 Series Security Appliances, Firepower Threat Defense for Integrated Services Routers (ISRs), Firepower Threat Defense Virtual for VMware, Industrial Security Appliance 3000, Sourcefire 3D System Appliances. Cisco Bug IDs: CSCve23031. Cisco Firepower System Software Contains a resource exhaustion vulnerability. Vendors report this vulnerability Bug ID CSCve23031 Published as.Denial of service (DoS) May be in a state. are security firewall devices of Cisco (Cisco). Firepower System Software is one of the firewall operating systems. The detection engine is one of the intrusion detection engines

A vulnerability in the implementation of Security Assertion Markup Language (SAML) Single Sign-On (SSO) authentication for Cisco AnyConnect Secure Mobility Client for Desktop Platforms, Cisco Adaptive Security Appliance (ASA) Software, and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. The authentication would need to be done by an unsuspecting third party, aka Session Fixation. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company's Identity Provider (IdP). A successful exploit could allow the attacker to hijack a valid authentication token and use that to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. This vulnerability affects the Cisco AnyConnect Secure Mobility Client, and ASA Software and FTD Software configured for SAML 2.0-based SSO for AnyConnect Remote Access VPN that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvg65072, CSCvh87448. Vendors have confirmed this vulnerability Bug ID CSCvg65072 and CSCvh87448 It is released as.Information may be obtained. Multiple Cisco Products are prone to a session-fixation vulnerability. An attacker can hijack an arbitrary session and gain unauthorized access to the affected application. AnyConnect Secure Mobility Client is a desktop application for managing firewalls

A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvg40155. Vendors have confirmed this vulnerability Bug ID CSCvg40155 It is released as.Information may be tampered with. Multiple Cisco products are prone to a security-bypass vulnerability. An attacker can exploit this issue to perform man-in-the-middle attacks and perform certain unauthorized actions, which will aid in further attacks. are security firewall devices of Cisco (Cisco)

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9960. Reason: This candidate is a duplicate of CVE-2017-9960. Notes: All CVE users should reference CVE-2017-9960 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. U.motion Builder is a generator product from Schneider Electric, France. An information disclosure vulnerability exists in Schneider Electric U.motion Builder externalframe.php. An attacker can exploit the vulnerability to obtain path information returned by exception information