VARIoT IoT vulnerabilities database

An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password. General Motors Shanghai OnStar is prone to multiple security vulnerabilities. An attackers may exploit these issues to gain unauthorized complete access to the affected application by bypassing intended security restrictions or perform man-in-the-middle attack to edit or view sensitive information that may aid in launching further attacks. Shanghai OnStar 7.1 is vulnerable; other versions may also be affected

IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613. Vendors have confirmed this vulnerability IBM X-Force ID: 128613 It is released as.Information may be obtained. A local attacker can exploit this issue to gain access to sensitive information; this may lead to further attacks. The product enables access management control through integrated appliances for web, mobile and cloud computing. The vulnerability stems from the fact that the program allows local storage of web pages. An attacker could exploit this vulnerability to read stored pages

The "SagePay Server Gateway for WooCommerce" plugin before 1.0.9 for WordPress has XSS via the includes/pages/redirect.php page parameter. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. A remote attacker could exploit this vulnerability to execute arbitrary code in the browser

A Buffer Overflow issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers, Series B and C Versions 21.002 and earlier. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution. Rockwell Automation Allen-Bradley MicroLogix 1400 The controller contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Due to the nature of this issue, code execution may be possible but this has not been confirmed

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808. This vulnerability CVE-2018-0808 Is a different vulnerability.Your privilege may be elevated. Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. An attacker could use this vulnerability to perform a content injection attack and execute a script in the current user's security context. An attacker can exploit this issue to gain elevated privileges

ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability". Microsoft ASP.NET Core is a cross-platform open source framework of Microsoft Corporation of the United States. The framework is used to build cloud-based applications such as web applications, IoT applications, and mobile backends. A remote attacker could use this vulnerability to change the recovery code on a user's account, causing a denial of service (permanent account lockout). An attacker can exploit this issue to perform unauthorized actions in the context of a logged-in user of the affected application. This may aid in other attacks

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from CVE-2018-0765. This vulnerability CVE-2018-0765 Is a different vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. An attacker can exploit this issue to cause a denial of service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ******************************************************************** Title: Microsoft Security Update Releases Issued: January 25, 2018 ******************************************************************** Summary ======= The following CVEs have undergone a major revision increment: * CVE-2018-0764 Revision Information: ===================== - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0764 - Version: 3.0 - Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0764. See https://github.com/PowerShell/Announcements /issues/2 for more information. - Originally posted: January 9, 2018 - Updated: January 25, 2018 - Aggregate CVE Severity Rating: Important * CVE-2018-0786 Revision Information: ===================== - https://portal.msrc.microsoft.com/en-us/security-guidance/ advisory/CVE-2018-0786 - Version: 3.0 - Reason for Revision: Revised the Affected Products table to include PowerShell Core 6.0.0 because it is affected by CVE-2018-0786. See https://github.com/PowerShell/Announcements /issues/3 for more information. - Originally posted: January 9, 2018 - Updated: January 25, 2018 - Aggregate CVE Severity Rating: Important Other Information ================= Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, PGP is not required for reading security notifications, reading security bulletins, or installing security updates. You can obtain the MSRC public PGP key at <https://technet.microsoft.com/security/dn753714>. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** Microsoft respects your privacy. Please read our online Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=81184>. If you would prefer not to receive future technical security notification alerts by email from Microsoft and its family of companies please visit the following website to unsubscribe: <https://profile.microsoft.com/RegSysProfileCenter/subscriptionwizar d.aspx?wizid=5a2a311b-5189-4c9b-9f1a-d5e913a26c2e&%3blcid=1033>. These settings will not affect any newsletters youave requested or any mandatory service communications that are considered part of certain Microsoft services. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: .NET Core on Red Hat Enterprise Linux security update Advisory ID: RHSA-2018:0379-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:0379 Issue date: 2018-03-01 CVE Names: CVE-2018-0764 ===================================================================== 1. Summary: An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and rh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. It implements a subset of the .NET framework APIs and includes a CLR implementation. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Package List: .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7): Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Server (v. 7): Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.src.rpm x86_64: rh-dotnetcore10-dotnetcore-1.0.9-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.src.rpm x86_64: rh-dotnetcore11-dotnetcore-1.1.6-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7.x86_64.rpm .NET Core on Red Hat Enterprise Linux Workstation (v. 7): Source: rh-dotnet20-dotnet-2.0.5-1.el7.src.rpm x86_64: rh-dotnet20-dotnet-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-host-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7.x86_64.rpm rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-0764 https://access.redhat.com/security/updates/classification/#moderate https://github.com/dotnet/announcements/issues/52 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFal5nzXlSAg2UNWIIRAldoAKCOs8K/QXdtegDgV9D0EbgK5f8dpgCfdT/D hhk5BDNc5IZlJ+doPAaUxt4= =Pz4Z -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability.". An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks

SEMA driver in Intel Driver and Support Assistant before version 3.1.1 allows a local attacker the ability to read and writing to Memory Status registers potentially allowing information disclosure or a denial of service condition. Intel Driver and Support Assistant Contains an input validation vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. SEMA driver is one of the SEMA drivers. A security vulnerability exists in the SEMA driver in versions prior to Intel Driver and Support Assistant 3.1.1

The Photos in Wifi application 1.0.1 for iOS has directory traversal via the ext parameter to assets-library://asset/asset.php. Select a photo or a video to upload moudle is one of the picture and video upload modules. An attacker could exploit this vulnerability by sending an 'ext' parameter to the assets-library: //asset/asset.php file to gain unauthorized access to other application folders

Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. Symmetricom s350i Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Microsemi Symmetricom s350i is a clock server of American Microsemi Company

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username. Symmetricom s350i Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Microsemi Symmetricom s350i is a clock server of American Microsemi Company

Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. This is similar to a Cross Protocol Injection with SNMP. Cobham Sea Tel 116 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A cross-site scripting vulnerability exists in the web server in CobhamSeaTel116build222429

Cobham Sea Tel 121 build 222701 devices allow remote attackers to obtain potentially sensitive information about valid usernames by reading the loginName lines at the js/userLogin.js URI. NOTE: default passwords for the standard usernames are listed in the product's documentation: Dealer with password seatel3, SysAdmin with password seatel2, and User with password seatel1. Cobham Sea Tel 121 The device contains an information disclosure vulnerability.Information may be obtained. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. An information disclosure vulnerability exists in the CobhamSeaTel121build222701 release

Cobham Sea Tel 121 build 222701 devices allow remote attackers to bypass authentication via a direct request to MenuDealerGx.html, MenuDealer.html, MenuEuNCGx.html, MenuEuNC.html, MenuSysGx.html, or MenuSys.html. Cobham Sea Tel 121 Devices have vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. CobhamSeaTel is a wireless communication terminal product from Cobham, UK. A security bypass vulnerability exists in the CobhamSeaTel121build222701 release

pelco Sarix Professional is a video camera. There is an unauthorized access vulnerability in the set_param program of the pelco Sarix Pro network camera. Allowing attackers to exploit vulnerabilities to remotely enable the ssh service without authentication, thereby giving full control to the camera.

pelco Sarix Professional is a video camera. There is an arbitrary file download vulnerability in the scoldownload.cgi program of the pelco Sarix Pro network camera. The vulnerability is due to the program's failure to properly check the path and name of the downloaded file, allowing an attacker to use the vulnerability to download arbitrary files on the system.

pelco Sarix Enhanced is a webcam. The pelco Sarix Enhanced GeneralSetupController.php file has a command execution vulnerability. The vulnerability is due to the program's failure to properly perform validity checks when processing user-submitted data, allowing attackers who pass web authentication to use shell metacharacters to bypass restrictions and execute arbitrary commands as root.

pelco Sarix Enhanced is a webcam. There is an arbitrary file deletion vulnerability in the pelco Sarix Enhanced GeneralSetupController.php file. The vulnerability is due to the program's failure to properly check when processing uploaded files. An attacker can delete any file in the / tmp / directory, resulting in a denial of service.

pelco Sarix Professional is a video camera. A command execution vulnerability exists in the pelco Sarix Pro network camera set_param program. The vulnerability is because the program does not perform security checks on the parameters submitted by the user, allowing the attack to execute arbitrary system commands as root using shell metacharacters, thereby completely controlling the camera.