VARIoT IoT vulnerabilities database
| VAR-202004-1909 | CVE-2020-5350 | Dell EMC Integrated Data Protection Appliance In OS Command injection vulnerabilities |
CVSS V2: 9.0 CVSS V3: 7.2 Severity: HIGH |
Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. (DoS) It may be put into a state. ACM is one of the application configuration management components. An attacker could exploit this vulnerability with specially crafted parameters to manipulate passwords and execute malicious commands
| VAR-202004-0366 | CVE-2020-0547 | Intel(R) Data Migration Software Vulnerability regarding improper default permissions in |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Incorrect default permissions in the installer for Intel(R) Data Migration Software versions 3.3 and earlier may allow an authenticated user to potentially enable escalation of privilege via local access. Intel(R) Data Migration Software There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Intel Data Migration Software is a set of data migration software from Intel Corporation of the United States. The software supports data migration between two storage drives. An attacker could exploit this vulnerability to elevate privileges
| VAR-202004-0362 | CVE-2020-0568 | Intel(R) Driver and Support Assistant Race condition vulnerabilities in |
CVSS V2: 1.9 CVSS V3: 4.7 Severity: MEDIUM |
Race condition in the Intel(R) Driver and Support Assistant before version 20.1.5 may allow an authenticated user to potentially enable denial of service via local access. Intel Driver and Support Assistant is an Intel Driver and Support Assistant application from Intel Corporation. This program is primarily used to detect and install system driver updates. An attacker could exploit this vulnerability to cause a denial of service
| VAR-202004-0092 | CVE-2020-0598 | Windows for Intel(R) Binary Configuration Tool Unreliable search path vulnerabilities in |
CVSS V2: 4.4 CVSS V3: 7.8 Severity: HIGH |
Uncontrolled search path in the installer for the Intel(R) Binary Configuration Tool for Windows, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. (DoS) It may be put into a state. Intel Binary Configuration Tool is a utility from Intel Corporation of America to change configuration settings embedded in Intel FSP (Firmware Support Package) binary files. A security vulnerability exists in the installer of the Windows-based Intel Binary Configuration Tool. An attacker could exploit this vulnerability to elevate privileges with a specially crafted file
| VAR-202004-0076 | CVE-2020-10615 | plural Triangle MicroWorks Product vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: Critical |
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. Triangle MicroWorks Library for control systems provided by the company DNP3 Outstation Libraries , And data management applications for control systems SCADA Data Gateway The following vulnerabilities exist in. DNP3 Outstation Libraries * Stack-based buffer overflow (CWE-121) - CVE-2020-6966 SCADA Data Gateway * Wrong type (CWE-843) - CVE-2020-10611 * Out-of-bounds read (CWE-125) - CVE-2020-10613 * Stack-based buffer overflow (CWE-121) - CVE-2020-10615The expected impact depends on each vulnerability, but it may be affected as follows. * Code execution stopped by an unauthenticated remote third party - CVE-2020-6966 * Arbitrary code executed by an unauthenticated remote third party - CVE-2020-10611 * Sensitive information stolen by an unauthenticated remote third party - CVE-2020-10613 * Interfering with service operations by an unauthenticated remote third party (DoS) Be attacked - CVE-2020-10615. An attacker can leverage this vulnerablity to execute code in the context of SYSTEM. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product of American Triangle MicroWorks company. The vulnerability stems from the program's failure to correctly verify the length of data provided by users. A remote attacker can use the specially crafted input to exploit the vulnerability and cause a denial of service
| VAR-202004-0075 | CVE-2020-10613 | Triangle MicroWorks SCADA Data Gateway buffer error vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: Critical |
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to disclose sensitive information due to the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. Triangle MicroWorks Library for control systems provided by the company DNP3 Outstation Libraries , And data management applications for control systems SCADA Data Gateway The following vulnerabilities exist in. DNP3 Outstation Libraries * Stack-based buffer overflow (CWE-121) - CVE-2020-6966 SCADA Data Gateway * Wrong type (CWE-843) - CVE-2020-10611 * Out-of-bounds read (CWE-125) - CVE-2020-10613 * Stack-based buffer overflow (CWE-121) - CVE-2020-10615The expected impact depends on each vulnerability, but it may be affected as follows. * Code execution stopped by an unauthenticated remote third party - CVE-2020-6966 * Arbitrary code executed by an unauthenticated remote third party - CVE-2020-10611 * Sensitive information stolen by an unauthenticated remote third party - CVE-2020-10613 * Interfering with service operations by an unauthenticated remote third party (DoS) Be attacked - CVE-2020-10615. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of SYSTEM. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product of American Triangle MicroWorks company. The vulnerability stems from the lack of correct verification of user-provided data
| VAR-202004-0074 | CVE-2020-10611 | plural Triangle MicroWorks Product vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: Critical |
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers to execute arbitrary code due to the lack of proper validation of user-supplied data, which can result in a type confusion condition. Authentication is not required to exploit this vulnerability. Only applicable to installations using DNP3 Data Sets. Triangle MicroWorks Library for control systems provided by the company DNP3 Outstation Libraries , And data management applications for control systems SCADA Data Gateway The following vulnerabilities exist in. DNP3 Outstation Libraries * Stack-based buffer overflow (CWE-121) - CVE-2020-6966 SCADA Data Gateway * Wrong type (CWE-843) - CVE-2020-10611 * Out-of-bounds read (CWE-125) - CVE-2020-10613 * Stack-based buffer overflow (CWE-121) - CVE-2020-10615The expected impact depends on each vulnerability, but it may be affected as follows. * Code execution stopped by an unauthenticated remote third party - CVE-2020-6966 * Arbitrary code executed by an unauthenticated remote third party - CVE-2020-10611 * Sensitive information stolen by an unauthenticated remote third party - CVE-2020-10613 * Interfering with service operations by an unauthenticated remote third party (DoS) Be attacked - CVE-2020-10615. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Triangle MicroWorks SCADA Data Gateway is a SCADA data gateway product of American Triangle MicroWorks company
| VAR-202004-2274 | No CVE | D-Link DWL-2600 authentication remote command injection vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
D-Link DWL-2600 is a wireless access point device.
D-Link DWL-2600 has a security hole. Attackers can use vulnerabilities to inject arbitrary commands.
| VAR-202004-2005 | CVE-2020-5738 | Grandstream GXP1600 post link vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. Grandstream GXP1600 A link interpretation vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream.
There is a post link vulnerability in the Grandstream GXP1600 series using firmware version 1.0.4.152 and earlier
| VAR-202004-0462 | CVE-2020-11740 | Xen Vulnerability regarding information leakage in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed. Xen There is an information leakage vulnerability in.Information may be obtained. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
For the stable distribution (buster), these problems have been fixed in
version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8
TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR
QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+
anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW
sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn
Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG
AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm
fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv
UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw
iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj
7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9
g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=
=tfm7
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xen: Multiple vulnerabilities
Date: May 14, 2020
Bugs: #717446
ID: 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Xen, the worst of which
could allow privilege escalation.
Background
==========
Xen is a bare-metal hypervisor.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2
2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Xen users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
==========
[ 1 ] CVE-2020-11739
https://nvd.nist.gov/vuln/detail/CVE-2020-11739
[ 2 ] CVE-2020-11740
https://nvd.nist.gov/vuln/detail/CVE-2020-11740
[ 3 ] CVE-2020-11741
https://nvd.nist.gov/vuln/detail/CVE-2020-11741
[ 4 ] CVE-2020-11742
https://nvd.nist.gov/vuln/detail/CVE-2020-11742
[ 5 ] CVE-2020-11743
https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202004-2006 | CVE-2020-5739 | Grandstream GXP1600 code injection vulnerability |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges. Grandstream GXP1600 A code injection vulnerability exists in the series firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Grandstream GXP1600 is an IP telephony product from American company Grandstream. An attacker can use the ‘Additional Settings’ field to exploit this vulnerability to add any OpenVPN configuration settings to the configuration file and execute code with root privileges
| VAR-202004-0712 | CVE-2019-19300 | Variety Siemens Product resource management error vulnerability ( CNVD-2020-23035 ) |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, KTK ATE530S, SIDOOR ATD430W, SIDOOR ATE530S COATED, SIDOOR ATE531S, SIMATIC ET 200AL IM 157-1 PN (6ES7157-1AB00-0AB0), SIMATIC ET 200eco PN, AI 8xRTD/TC, M12-L (6ES7144-6JF00-0BB0), SIMATIC ET 200eco PN, CM 4x IO-Link, M12-L (6ES7148-6JE00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JG00-0BB0), SIMATIC ET 200eco PN, CM 8x IO-Link, M12-L (6ES7148-6JJ00-0BB0), SIMATIC ET 200eco PN, DI 16x24VDC, M12-L (6ES7141-6BH00-0BB0), SIMATIC ET 200eco PN, DI 8x24VDC, M12-L (6ES7141-6BG00-0BB0), SIMATIC ET 200eco PN, DIQ 16x24VDC/2A, M12-L (6ES7143-6BH00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/0,5A, M12-L (6ES7142-6BG00-0BB0), SIMATIC ET 200eco PN, DQ 8x24VDC/2A, M12-L (6ES7142-6BR00-0BB0), SIMATIC ET 200MP IM 155-5 PN HF (6ES7155-5AA00-0AC0), SIMATIC ET 200pro IM 154-8 PN/DP CPU (6ES7154-8AB01-0AB0), SIMATIC ET 200pro IM 154-8F PN/DP CPU (6ES7154-8FB01-0AB0), SIMATIC ET 200pro IM 154-8FX PN/DP CPU (6ES7154-8FX00-0AB0), SIMATIC ET 200S IM 151-8 PN/DP CPU (6ES7151-8AB01-0AB0), SIMATIC ET 200S IM 151-8F PN/DP CPU (6ES7151-8FB01-0AB0), SIMATIC ET 200SP IM 155-6 MF HF (6ES7155-6MU00-0CN0), SIMATIC ET 200SP IM 155-6 PN HA (incl. SIPLUS variants), SIMATIC ET 200SP IM 155-6 PN HF (6ES7155-6AU00-0CN0), SIMATIC ET 200SP IM 155-6 PN/2 HF (6ES7155-6AU01-0CN0), SIMATIC ET 200SP IM 155-6 PN/3 HF (6ES7155-6AU30-0CN0), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC MICRO-DRIVE PDC, SIMATIC PN/MF Coupler (6ES7158-3MU10-0XA0), SIMATIC PN/PN Coupler (6ES7158-3AD10-0XA0), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET 200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0), SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0), SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0), SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0), SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0), SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0), SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0), SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0), SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0), SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0), SIMATIC S7-400 H V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010 (6ES7671-0RC08-0YA0), SIMATIC WinAC RTX F 2010 (6ES7671-1RC08-0YA0), SINAMICS S/G Control Unit w. PROFINET, SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-2AC0), SIPLUS ET 200MP IM 155-5 PN HF (6AG1155-5AA00-7AC0), SIPLUS ET 200MP IM 155-5 PN HF T1 RAIL (6AG2155-5AA00-1AC0), SIPLUS ET 200S IM 151-8 PN/DP CPU (6AG1151-8AB01-7AB0), SIPLUS ET 200S IM 151-8F PN/DP CPU (6AG1151-8FB01-2AB0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU00-4CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-2CN0), SIPLUS ET 200SP IM 155-6 PN HF (6AG1155-6AU01-7CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU00-1CN0), SIPLUS ET 200SP IM 155-6 PN HF T1 RAIL (6AG2155-6AU01-1CN0), SIPLUS ET 200SP IM 155-6 PN HF TX RAIL (6AG2155-6AU01-4CN0), SIPLUS NET PN/PN Coupler (6AG2158-3AD10-4XA0), SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0), SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0), SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0), SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0), SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. are all products of the German Siemens (Siemens) company. SIMATIC S7-1500 CPU is a CPU (Central Processing Unit) module. SIMATIC S7-1500 is a programmable logic controller. SIMATIC TDC CP51M1 is an industrial Ethernet communication module of the SIMATIC TDC automation system.
Many Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Interfacemodul IM 155-6 MF HF (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN HA (incl. PROFINET (All versions)
| VAR-202004-1921 | CVE-2020-7958 | OnePlus 7 Pro information disclosure vulnerability |
CVSS V2: 2.1 CVSS V3: 6.0 Severity: MEDIUM |
An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android. An attacker who is in the position to send commands to the TA (for example, the root user) is able to send a sequence of these commands that will result in the TA sending a raw fingerprint image to the REE. This means that the Trusted Execution Environment (TEE) no longer protects identifiable fingerprint data from the REE. OnePlus 7 Pro The device contains a hard-coded information disclosure vulnerability.Information may be obtained. OnePlus 7 Pro is a smartphone of China OnePlus Technology (OnePlus).
OnePlus 7 Pro 10.0.3.GM21BA has security vulnerabilities in previous versions. Attackers can use this vulnerability to obtain fingerprint images (bitmaps) from the fingerprint sensor
| VAR-202004-0713 | CVE-2019-19301 | Resource exhaustion vulnerabilities in multiple Siemens products |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
A vulnerability has been identified in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, SCALANCE X202-2P IRT, SCALANCE X202-2P IRT PRO, SCALANCE X204-2, SCALANCE X204-2FM, SCALANCE X204-2LD, SCALANCE X204-2LD TS, SCALANCE X204-2TS, SCALANCE X204IRT, SCALANCE X204IRT PRO, SCALANCE X206-1, SCALANCE X206-1LD, SCALANCE X208, SCALANCE X208PRO, SCALANCE X212-2, SCALANCE X212-2LD, SCALANCE X216, SCALANCE X224, SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XF201-3P IRT, SCALANCE XF202-2P IRT, SCALANCE XF204, SCALANCE XF204-2, SCALANCE XF204-2BA IRT, SCALANCE XF204IRT, SCALANCE XF206-1, SCALANCE XF208, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIMATIC CP 343-1 Advanced, SIMATIC CP 442-1 RNA, SIMATIC CP 443-1, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 RNA, SIMATIC RF180C, SIMATIC RF182C, SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SIPLUS NET SCALANCE X308-2. The VxWorks-based Profinet TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. Several Siemens products contain resource exhaustion vulnerabilities.Service operation interruption (DoS) It may be put into a state. Siemens SCALANCE X-200, SCALANCE X-200IRT and SCALANCE X-300 are all industrial switch products.
Many Siemens products have resource management error vulnerabilities, which can be exploited by attackers to cause denial of service. A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS NET variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC RF180C (All versions), SIMATIC RF182C (All versions)
| VAR-202004-0464 | CVE-2020-11742 | Xen Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour. Xen There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service.
For the stable distribution (buster), these problems have been fixed in
version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8
TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR
QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+
anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW
sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn
Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG
AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm
fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv
UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw
iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj
7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9
g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=
=tfm7
-----END PGP SIGNATURE-----
.
Software Description:
- xen: Public headers and libs for Xen
Details:
It was discovered that memory contents previously stored in
microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY
read operations on Intel client and Xeon E3 processors may be briefly
exposed to processes on the same or different processor cores. (CVE-2020-0543)
Julien Grall discovered that Xen incorrectly handled memory barriers on
ARM-based systems.
(CVE-2020-11739)
Ilja Van Sprundel discovered that Xen incorrectly handled profiling of
guests. (CVE-2020-11740, CVE-2020-11741)
It was discovered that Xen incorrectly handled grant tables.
(CVE-2020-11742, CVE-2020-11743)
Jan Beulich discovered that Xen incorrectly handled certain code paths.
(CVE-2020-15563)
Julien Grall discovered that Xen incorrectly verified memory addresses
provided by the guest on ARM-based systems. (CVE-2020-15564)
Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel
systems. (CVE-2020-15565)
It was discovered that Xen incorrectly handled error in event-channel port
allocation. (CVE-2020-15566)
Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended
Page Tables). (CVE-2020-15567)
Andrew Cooper discovered that Xen incorrectly handled PCI passthrough.
(CVE-2020-25595)
Andrew Cooper discovered that Xen incorrectly sanitized path injections.
(CVE-2020-25596)
Jan Beulich discovered that Xen incorrectly handled validation of event
channels. (CVE-2020-25597)
Julien Grall and Jan Beulich discovered that Xen incorrectly handled
resetting event channels. (CVE-2020-25599)
Julien Grall discovered that Xen incorrectly handled event channels
memory allocation on 32-bits domains. (CVE-2020-25600)
Jan Beulich discovered that Xen incorrectly handled resetting or cleaning
up event channels. (CVE-2020-25601)
Andrew Cooper discovered that Xen incorrectly handled certain Intel
specific MSR (Model Specific Registers). (CVE-2020-25602)
Julien Grall discovered that Xen incorrectly handled accessing/allocating
event channels.
(CVE-2020-25603)
Igor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5617-1
CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741,
CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564,
CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595,
CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600,
CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604
Package Information:
https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xen: Multiple vulnerabilities
Date: May 14, 2020
Bugs: #717446
ID: 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Xen, the worst of which
could allow privilege escalation.
Background
==========
Xen is a bare-metal hypervisor.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2
2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Xen users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
==========
[ 1 ] CVE-2020-11739
https://nvd.nist.gov/vuln/detail/CVE-2020-11739
[ 2 ] CVE-2020-11740
https://nvd.nist.gov/vuln/detail/CVE-2020-11740
[ 3 ] CVE-2020-11741
https://nvd.nist.gov/vuln/detail/CVE-2020-11741
[ 4 ] CVE-2020-11742
https://nvd.nist.gov/vuln/detail/CVE-2020-11742
[ 5 ] CVE-2020-11743
https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202004-1862 | CVE-2020-7575 | Cross-site scripting vulnerabilities in multiple Siemens products |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the web server access log page of the affected devices that could allow an attacker to inject arbitrary JavaScript code via specially crafted GET requests. The code could be potentially executed later by another (privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web sessions. Multiple Siemens products contain cross-site scripting vulnerabilities.Information may be obtained and tampered with
| VAR-202004-0465 | CVE-2020-11743 | Xen Vulnerability in handling exceptional conditions in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain. Xen Is vulnerable to handling exceptional conditions.Service operation interruption (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There are security vulnerabilities in Xen 4.13.x and previous versions. An attacker can use this vulnerability to cause a denial of service.
For the stable distribution (buster), these problems have been fixed in
version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8
TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR
QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+
anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW
sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn
Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG
AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm
fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv
UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw
iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj
7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9
g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=
=tfm7
-----END PGP SIGNATURE-----
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xen: Multiple vulnerabilities
Date: May 14, 2020
Bugs: #717446
ID: 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Xen, the worst of which
could allow privilege escalation.
Background
==========
Xen is a bare-metal hypervisor.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2
2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Xen users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
==========
[ 1 ] CVE-2020-11739
https://nvd.nist.gov/vuln/detail/CVE-2020-11739
[ 2 ] CVE-2020-11740
https://nvd.nist.gov/vuln/detail/CVE-2020-11740
[ 3 ] CVE-2020-11741
https://nvd.nist.gov/vuln/detail/CVE-2020-11741
[ 4 ] CVE-2020-11742
https://nvd.nist.gov/vuln/detail/CVE-2020-11742
[ 5 ] CVE-2020-11743
https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202004-1861 | CVE-2020-7574 | Cross-site scripting vulnerabilities in multiple Siemens products |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix POL909 (AWM module) (All versions < V11.32). A persistent cross-site scripting (XSS) vulnerability exists in the "Server Config" web interface of the affected devices that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user. The security vulnerability could be exploited by an attacker with network access to the affected system. Successful exploitation requires no system privileges. An attacker could use the vulnerability to compromise the confidentiality and integrity of other users' web session. Multiple Siemens products contain cross-site scripting vulnerabilities.Information may be obtained and tampered with
| VAR-202004-0243 | CVE-2020-11739 | Xen Buffer error vulnerability in |
CVSS V2: 6.9 CVSS V3: 7.8 Severity: HIGH |
An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the "critical" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Xen Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Xen is an open source virtual machine monitor product from the University of Cambridge. The product enables different and incompatible operating systems to run on the same computer and supports migration during runtime to ensure normal operation and avoid downtime.
There is a security vulnerability in Xen 4.13.x and previous versions. An attacker could use this vulnerability to cause a denial of service, possibly obtaining sensitive information or elevating permissions.
For the stable distribution (buster), these problems have been fixed in
version 4.11.4+24-gddaaccbbab-1~deb10u1.
We recommend that you upgrade your xen packages.
For the detailed security status of xen please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/xen
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl8Lc/AACgkQEMKTtsN8
TjaMdxAAqGcAm1NI7JRg7LQprevLCPkxPItZapx3n/q/W6HwiGQxC6KP9Ntp3ArR
QiIeIPzTWVMHcaahlgkLePaFPU3MCe5TkL0GKG1JIAD8JieKBSrAWJ6tqTiZx+G+
anbksp/I9Mq9nciMlnPXeOVQgksoCB0tFYC2Ld+H7btZdD5G4KpJsz25c0S5poxW
sIXLgNXIzmZcI8mVzUlt+w0FG3tnolr/kJppHBkgC46riVcy8LHRaRQiVTjwqjSn
Eop4oXxLDZ/qH8k+0JAZLtBPpc9PfQcLxCJnhH8z76QdPPkcJuNFx5zRXqr1dZfG
AkRuG6LZa2tRGYzKZmo7BMj5dUei4xhDHLAoWGhSHkTmYtdc1Kyy4+duGPEChSCm
fCSC1FhFJFK30iq918cunWtjhRrEqrJr10HuC+YlSXfqrv1Z12fPw3UPRJmdG2Dv
UPS5vT8/NwF0osNrvNE+rkhYXTEKECE756pP3jTV4+BBBgf9DLtbV0EvYq1YWlJw
iT+KnzX9iW/jJg3bC32+UJlVv7IAkb8F9hcK3wKpvgSUVJIDWN352rfW7p8/xZoj
7eIlmZwDPKWsyMlbt2OsyYQFQlBvNsk0+7ycu9hG6fBaF5ATSxTO+A43Q7OxorP9
g8OhDVMgrx5GM4rXSZ60J6uxkd2eUns4Ud8pDGG8XTpnRBxD8Kk=
=tfm7
-----END PGP SIGNATURE-----
. ==========================================================================
Ubuntu Security Notice USN-5617-1
September 19, 2022
xen vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in Xen.
Software Description:
- xen: Public headers and libs for Xen
Details:
It was discovered that memory contents previously stored in
microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY
read operations on Intel client and Xeon E3 processors may be briefly
exposed to processes on the same or different processor cores. (CVE-2020-0543)
Julien Grall discovered that Xen incorrectly handled memory barriers on
ARM-based systems.
(CVE-2020-11739)
Ilja Van Sprundel discovered that Xen incorrectly handled profiling of
guests. (CVE-2020-11740, CVE-2020-11741)
It was discovered that Xen incorrectly handled grant tables.
(CVE-2020-11742, CVE-2020-11743)
Jan Beulich discovered that Xen incorrectly handled certain code paths.
(CVE-2020-15563)
Julien Grall discovered that Xen incorrectly verified memory addresses
provided by the guest on ARM-based systems. (CVE-2020-15564)
Roger Pau Monn\xe9 discovered that Xen incorrectly handled caching on x86 Intel
systems. (CVE-2020-15565)
It was discovered that Xen incorrectly handled error in event-channel port
allocation. (CVE-2020-15566)
Jan Beulich discovered that Xen incorrectly handled certain EPT (Extended
Page Tables). (CVE-2020-15567)
Andrew Cooper discovered that Xen incorrectly handled PCI passthrough.
(CVE-2020-25595)
Andrew Cooper discovered that Xen incorrectly sanitized path injections.
(CVE-2020-25596)
Jan Beulich discovered that Xen incorrectly handled validation of event
channels. (CVE-2020-25597)
Julien Grall and Jan Beulich discovered that Xen incorrectly handled
resetting event channels. (CVE-2020-25599)
Julien Grall discovered that Xen incorrectly handled event channels
memory allocation on 32-bits domains. (CVE-2020-25600)
Jan Beulich discovered that Xen incorrectly handled resetting or cleaning
up event channels. (CVE-2020-25601)
Andrew Cooper discovered that Xen incorrectly handled certain Intel
specific MSR (Model Specific Registers). (CVE-2020-25602)
Julien Grall discovered that Xen incorrectly handled accessing/allocating
event channels.
(CVE-2020-25603)
Igor Druzhinin discovered that Xen incorrectly handled locks. (CVE-2020-25604)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 20.04 LTS:
libxendevicemodel1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenevtchn1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxengnttab1 4.11.3+24-g14b62ab3e5-1ubuntu2.3
libxenmisc4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-amd64 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-arm64 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-hypervisor-4.11-armhf 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-4.11 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xen-utils-common 4.11.3+24-g14b62ab3e5-1ubuntu2.3
xenstore-utils 4.11.3+24-g14b62ab3e5-1ubuntu2.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5617-1
CVE-2020-0543, CVE-2020-11739, CVE-2020-11740, CVE-2020-11741,
CVE-2020-11742, CVE-2020-11743, CVE-2020-15563, CVE-2020-15564,
CVE-2020-15565, CVE-2020-15566, CVE-2020-15567, CVE-2020-25595,
CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600,
CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604
Package Information:
https://launchpad.net/ubuntu/+source/xen/4.11.3+24-g14b62ab3e5-1ubuntu2.3
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Xen: Multiple vulnerabilities
Date: May 14, 2020
Bugs: #717446
ID: 202005-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Xen, the worst of which
could allow privilege escalation.
Background
==========
Xen is a bare-metal hypervisor.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-emulation/xen < 4.12.2-r2 >= 4.12.2-r2
2 app-emulation/xen-tools < 4.12.2-r2 >= 4.12.2-r2
-------------------------------------------------------------------
2 affected packages
Description
===========
Multiple vulnerabilities have been discovered in Xen. Please review the
CVE identifiers referenced below for details.
Impact
======
Please review the referenced CVE identifiers for details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Xen users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-emulation/xen-4.12.2-r2"
References
==========
[ 1 ] CVE-2020-11739
https://nvd.nist.gov/vuln/detail/CVE-2020-11739
[ 2 ] CVE-2020-11740
https://nvd.nist.gov/vuln/detail/CVE-2020-11740
[ 3 ] CVE-2020-11741
https://nvd.nist.gov/vuln/detail/CVE-2020-11741
[ 4 ] CVE-2020-11742
https://nvd.nist.gov/vuln/detail/CVE-2020-11742
[ 5 ] CVE-2020-11743
https://nvd.nist.gov/vuln/detail/CVE-2020-11743
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202005-08
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2020 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202004-1521 | CVE-2018-6402 | Ecobee Ecobee4 Input verification vulnerabilities on devices |
CVSS V2: 2.9 CVSS V3: 7.5 Severity: HIGH |
Ecobee Ecobee4 4.2.0.171 devices can be forced to deauthenticate and connect to an unencrypted Wi-Fi network with the same SSID, even if the device settings specify use of encryption such as WPA2, as long as the competing network has a stronger signal. An attacker must be able to set up a nearby SSID, similar to an "Evil Twin" attack. Ecobee Ecobee4 The device contains an input verification vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Ecobee Ecobee4 is a room intelligent constant temperature device of Canada Ecobee company.
Ecobee Ecobee4 4.2.0.171 version has input validation error vulnerability. The vulnerability stems from the fact that the network system or product did not correctly verify the input data. There is currently no detailed vulnerability details provided