OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2017-02
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider SoMachine Basic 1.4 SP1
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2017-01
Date: April 4th, 2017
Authors: Simon Heming, Maik Brüggemann, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 10
Affected Device: Schneider Modicon TM221CE16R, Firmware
OS-S Security Advisory 2016-23
Local DoS: Linux Kernel EXT4 Error Handling (EXT4 calling panic())
Date:
October 31th, 2016
Authors:
Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE:
Not yet assigned
CVSS:
4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Severity:
Critical
Ease of Exploitation:
Trivial
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2016-19
Title: Epson WorkForce multi-function printers do not use signed
firmware images and allow unauthorized malicious firmware-updates
Authors: Yves-Noel Weweler <y.wewe...@gmail.
OS-S Security Advisory 2016-18
Linux ati_remote2 multiple Nullpointer Dereferences
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1
OS-S Security Advisory 2016-17
Linux snd-usb-audio Multiple Free
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes (multiple
OS-S Security Advisory 2016-10
Linux visor (treo_attach) Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: CVE-2016-2782
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes
OS-S Security Advisory 2016-13
Linux powermate Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes
OS-S Security Advisory 2016-12
Linux digi_acceleport Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes
OS-S Security Advisory 2016-11
Linux wacom multiple Nullpointer Dereferences
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Multiple Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel
OS-S Security Advisory 2016-10
Linux visor (treo_attach) Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: CVE-2016-2782
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes
OS-S Security Advisory 2016-09
Linux visor clie_5_attach Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: CVE-2015-7566
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes
OS-S Security Advisory 2016-08
Linux mct_u232 Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
OS-S Security Advisory 2016-07
Linux cypress_m8 Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
OS-S Security Advisory 2016-06
Linux cdc_acm Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: not yet assigned
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
USB
OS-S Security Advisory 2016-05
Linux aiptek Nullpointer Dereference
Date: March 4th, 2016
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: CVE-2015-7515
CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid
USB
OS-S Security Advisory 2016–02-08
Prolific Ser2co64.sys Stack Buffer Overflow
Date: December 23th, 2015
Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg
CVE: Not assigned yet
CVSS: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Title: Local Microsoft Windows 7 / 8 / 10 Buffer Overflow via Third
OS-S Security Advisory 2016-01
Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Insufficient integrity checks in Uhlmann & Zacher Clex prime locking
systems using 125 kHz EM
OS-S Security Advisory 2016-02
Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Weak authentication in NXP Hitag S transponder allows an attacker to
read, write
OS-S Security Advisory 2016-03
Date: January 1st, 2016
Updated: January 1st, 2016
Authors: Oguzhan Cicek, Hendrik Schwartke, Ralf Spenneberg
CVE: Not yet assigned
CVSS: 6.2 (AV:L/AC:L/Au:S/C:C/I:C/A:N)
Title: Insufficient Integrity Protection in Winkhaus Bluesmart locking systems
using Hitag S
OpenSource Security Ralf Spenneberg
Am Bahnhof 3-5
48565 Steinfurt
i...@os-s.net
OS-S Security Advisory 2015-04
http://www.os-s.net/advisories/DOS-KernelCrashesOnInvalidUSBDeviceDescriptors-UsbvisionDriver.pdf
Date: October 7th, 2015
Last Updated: October 7th, 2015
Authors: Sergej Schumilo
We just became aware of a typo in our advisory.
The Red Hat version is 7.1. We did confirm it using the latest available
kernel.
Kind regards,
Ralf
Am Mittwoch, 7. Oktober 2015, 10:04:32 schrieb Ralf Spenneberg:
> OpenSource Security Ralf Spenneberg
> Am Bahnhof 3-5
> 48565 Stei
e ICS-CERT. The ICS-CERT contacted Mitsubishi. Mitsubishi
released a new firmware in April 2015. The new firmware will only be available
in all controllers shipped starting April 2015. Older controllers will not
receive the firmware update.
�
Formatted PDF:
--
OpenSource Security Ralf Spenneberg
The ICS-CERT will shortly publish an advisory on its own: ICSA-15-146-01
It has calculated the CVSS-Score to be 7.1 (AV:N/AC:M/Au:N/C:N/I:N/A:C)
We have updated the CVSS Score in our advisory on
http://www.os-s.net/advisories/mitsubishi_fx3ge_parameter_error-engl.pdf
Ralf Spenneberg
Am
24 matches
Mail list logo
