ID

VAR-201908-1958


CVE

CVE-2019-9506


TITLE

Bluetooth BR/EDR supported devices are vulnerable to key negotiation attacks

Trust: 0.8

sources: CERT/CC: VU#918987

DESCRIPTION

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. Bluetooth BR/EDR The entropy negotiation of the encryption key used for encryption on the connection has a problem that is vulnerable to man-in-the-middle attacks by design. A third party Bluetooth BR/EDR The entropy of the encryption key used for communication 1 Force byte (Key Negotiation Of Bluetooth (KNOB) attack) Brute force attacks on subsequent communications (Brute force attack) May be able to decrypt and intercept the contents. Bluetooth Is Bluetooth Basic Rate / Enhanced Data Rate (Bluetooth BR/EDR) Includes core configuration 6 A short-range wireless technology based on different core specifications and used for low-power short-range communications. Bluetooth To establish encrypted communication for 2 Horn Bluetooth You need to establish a link key that the device will pair and use to generate the encryption key used for encryption at the link layer. The entropy of the encryption key is 1 From bytes 16 In bytes length Bluetooth Set between controllers. When an attacker interrupts the encryption key entropy setting request between controllers and each controller accepts a low entropy setting, encrypted communication with low entropy is forced, resulting in a brute force attack (Brute force attack) Because of this, communication between devices may be easily decrypted.Man-in-the-middle attacks (man-in-the-middle attack) There is a possibility of eavesdropping on encrypted communication by. An encryption issue vulnerability exists in Bluetooth BR/EDR 5.1 and earlier versions. The vulnerability stems from incorrect use of relevant cryptographic algorithms by network systems or products, resulting in improperly encrypted content, weak encryption, and storing sensitive information in plain text. The attack must be performed during negotiation or renegotiation of a paired device connection; existing sessions cannot be attacked. This advisory will be updated as additional information becomes available. There are no workarounds that address this vulnerability. This advisory is available at the following link: tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190813-bluetooth. 7) - aarch64, noarch, ppc64le 3. Bug Fix(es): * kernel modules pkey and paes_s390 are not available (BZ#1719192) * pkey: Indicate old mkvp only if old and curr. mkvp are different (BZ#1720621) * System dropped into Mon running softboots Exception: 501 (Hardware Interrupt) at c00000000000a814 replay_interrupt_return+0x0/0x4 (ipmi) (BZ#1737563) * kernel: jump label transformation performance (BZ#1739143) * Backport i40e MDD detection removal for PFs (BZ#1747618) 4. Bug Fix(es): * port show-kabi to python3 (BZ#1806924) 4. 7.6) - ppc64le, x86_64 3. Description: This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bug Fix(es): * kernel build: parallelize redhat/mod-sign.sh (BZ#1755326) 4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2019:3055-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:3055 Issue date: 2019-10-15 CVE Names: CVE-2018-20856 CVE-2019-3846 CVE-2019-9506 CVE-2019-10126 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c (CVE-2018-20856) * kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c (CVE-2019-3846) * hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) (CVE-2019-9506) * kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c (CVE-2019-10126) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fixes: * gfs2: Fix iomap write page reclaim deadlock (BZ#1737373) * [FJ7.6 Bug]: [REG] kernel: ipc: ipc_free should use kvfree (BZ#1740178) * high update_cfs_rq_blocked_load contention (BZ#1740180) * [Hyper-V][RHEL 7] kdump fails to start on a Hyper-V guest of Windows Server 2019. (BZ#1740188) * kvm: backport cpuidle-haltpoll driver (BZ#1740192) * Growing unreclaimable slab memory (BZ#1741920) * [bnx2x] ping failed from pf to vf which has been attached to vm (BZ#1741926) * [Hyper-V]vPCI devices cannot allocate IRQs vectors in a Hyper-V VM with > 240 vCPUs (i.e., when in x2APIC mode) (BZ#1743324) * Macsec: inbound MACSEC frame is unexpectedly dropped with InPktsNotValid (BZ#1744442) * RHEL 7.7 Beta - Hit error when trying to run nvme connect with IPv6 address (BZ#1744443) * RHEL 7.6 SS4 - Paths lost when running straight I/O on NVMe/RoCE system (BZ#1744444) * NFSv4.0 client sending a double CLOSE (leading to EIO application failure) (BZ#1744946) * [Azure] CRI-RDOS | [RHEL 7.8] Live migration only takes 10 seconds, but the VM was unavailable for 2 hours (BZ#1748239) * NFS client autodisconnect timer may fire immediately after TCP connection setup and may cause DoS type reconnect problem in complex network environments (BZ#1749290) * [Inspur] RHEL7.6 ASPEED graphic card display issue (BZ#1749296) * Allows macvlan to operated correctly over the active-backup mode to support bonding events. (BZ#1751579) * [LLNL 7.5 Bug] slab leak causing a crash when using kmem control group (BZ#1752421) Users of kernel are advised to upgrade to these updated packages, which fix these bugs. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1713059 - CVE-2019-3846 kernel: Heap overflow in mwifiex_update_bss_desc_with_ie function in marvell/mwifiex/scan.c 1716992 - CVE-2019-10126 kernel: Heap overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c 1727857 - CVE-2019-9506 hardware: bluetooth: BR/EDR encryption key negotiation attacks (KNOB) 1738705 - CVE-2018-20856 kernel: Use-after-free in __blk_drain_queue() function in block/blk-core.c 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: kernel-3.10.0-1062.4.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm perf-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: kernel-3.10.0-1062.4.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm perf-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: kernel-3.10.0-1062.4.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm ppc64: bpftool-3.10.0-1062.4.1.el7.ppc64.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-3.10.0-1062.4.1.el7.ppc64.rpm kernel-bootwrapper-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debug-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.1.el7.ppc64.rpm kernel-devel-3.10.0-1062.4.1.el7.ppc64.rpm kernel-headers-3.10.0-1062.4.1.el7.ppc64.rpm kernel-tools-3.10.0-1062.4.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.ppc64.rpm perf-3.10.0-1062.4.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm python-perf-3.10.0-1062.4.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm ppc64le: bpftool-3.10.0-1062.4.1.el7.ppc64le.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debug-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-devel-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-headers-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-tools-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.ppc64le.rpm perf-3.10.0-1062.4.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm python-perf-3.10.0-1062.4.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm s390x: bpftool-3.10.0-1062.4.1.el7.s390x.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm kernel-3.10.0-1062.4.1.el7.s390x.rpm kernel-debug-3.10.0-1062.4.1.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.s390x.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-1062.4.1.el7.s390x.rpm kernel-devel-3.10.0-1062.4.1.el7.s390x.rpm kernel-headers-3.10.0-1062.4.1.el7.s390x.rpm kernel-kdump-3.10.0-1062.4.1.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm kernel-kdump-devel-3.10.0-1062.4.1.el7.s390x.rpm perf-3.10.0-1062.4.1.el7.s390x.rpm perf-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm python-perf-3.10.0-1062.4.1.el7.s390x.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.s390x.rpm x86_64: bpftool-3.10.0-1062.4.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm perf-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-1062.4.1.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.ppc64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64.rpm ppc64le: bpftool-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.ppc64le.rpm perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.ppc64le.rpm x86_64: bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: kernel-3.10.0-1062.4.1.el7.src.rpm noarch: kernel-abi-whitelists-3.10.0-1062.4.1.el7.noarch.rpm kernel-doc-3.10.0-1062.4.1.el7.noarch.rpm x86_64: bpftool-3.10.0-1062.4.1.el7.x86_64.rpm bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-devel-3.10.0-1062.4.1.el7.x86_64.rpm kernel-headers-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-3.10.0-1062.4.1.el7.x86_64.rpm perf-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: bpftool-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-1062.4.1.el7.x86_64.rpm perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm python-perf-debuginfo-3.10.0-1062.4.1.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXaYG69zjgjWX9erEAQjA1Q/7Bte0lgWfI6xE9bw9FqrE7ZFw3Jq5bqV1 8PYYAZBFCLUHsC1HS33jiTGGaS5xbqR4yrtNCnZHLhsZU6w9avm0zDFW2CEzAwRC Uri5R30mCVtc2p3jsHupNKrKhzzkmKjz2J5gYn+ubX9Ok7ScxZZ8ucF9kJcSx7LL qswocd0lWkbjy/2MY0t6MCMnvoNvgOB1XEmQE5a9CHrHtKe9kEJcWJUht6vXqhZ4 SJYkMLDIsDYOXFsWBwZnKT0BVXNurS9+g7b7MX4ZaQATN5MD9x7jP7FYTIp8lhyJ NKOqa8/D5eFGKF3YlgySgqXZ22XT1MasENDJ7OS62lRQd+/eeznyK0CUOAtILLvH 1GTfXgz8nvMynX+ZKkiZv5+tEFCWFNKkHudYuzoirFa+p29l0YWW6SjfPN+c3NnE 9DLfZhqYuX2tcx3O8khxjS/okRh5mBFQvzXlWqyPmgqsbjP0L5R2YoPNMzzGB3OQ FA/QgjD8AD9Tn8+rZM+VeoWVYTwPT8OMv1wMEqOeJLIxR8/DiY42YEQiNBU2na4W AYajLwK6d3Ey+DV+/5YwjWWQOyyTxP9Q8F0xb61HdQmq1dILZJgFBmVR5ilxlpoJ sHiYCTKF/M8DbDGSWwZkD69ZPtBWPGvTI0XkgTIfhcTeF2BRL2UZkszrM72QjGqH OQh6hA3MyvA=zvD0 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2019-8-13-1 Additional information for APPLE-SA-2019-7-22-2 macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra address the following: AppleGraphicsControl Available for: macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8693: Arash Tohidi of Solita autofs Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper Description: This was addressed with additional checks by Gatekeeper on files mounted through a network share. CVE-2019-8656: Filippo Cavallarin Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2018-19860 Bluetooth Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic (Key Negotiation of Bluetooth - KNOB) Description: An input validation issue existed in Bluetooth. This issue was addressed with improved input validation. CVE-2019-9506: Daniele Antonioli of SUTD, Singapore, Dr. Kasper Rasmussen of University of Oxford, England Entry added August 13, 2019 Carbon Core Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2019-8661: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Core Data Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8660: Samuel Groß and Natalie Silvanovich of Google Project Zero Disk Management Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative FaceTime Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8648: Tao Huang and Tielei Wang of Team Pangu Found in Apps Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: This issue was addressed with improved checks. CVE-2019-8663: Natalie Silvanovich of Google Project Zero Foundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8641: Samuel Groß and Natalie Silvanovich of Google Project Zero Grapher Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8695: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Graphics Drivers Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8691: Aleksandr Tarasikov (@astarasikov), Arash Tohidi of Solita, Lilang Wu and Moony Li of Trend Micro's Mobile Security Research Team working with Trend Micro's Zero Day Initiative CVE-2019-8692: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro's Zero Day Initiative Heimdal Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An issue existed in Samba that may allow attackers to perform unauthorized actions by intercepting communications between services Description: This issue was addressed with improved checks to prevent unauthorized actions. CVE-2018-16860: Isaac Boukris and Andrew Bartlett of the Samba Team and Catalyst IOAcceleratorFamily Available for: macOS Mojave 10.14.5 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8694: Arash Tohidi of Solita libxslt Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: A remote attacker may be able to view sensitive information Description: A stack overflow was addressed with improved input validation. CVE-2019-13118: found by OSS-Fuzz Quick Look Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: An attacker may be able to trigger a use-after-free in an application deserializing an untrusted NSDictionary Description: This issue was addressed with improved checks. CVE-2019-8662: Natalie Silvanovich and Samuel Groß of Google Project Zero Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8697: ccpwd working with Trend Micro's Zero Day Initiative Siri Available for: macOS Mojave 10.14.5 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8646: Natalie Silvanovich of Google Project Zero Time Machine Available for: macOS Mojave 10.14.5 Impact: The encryption status of a Time Machine backup may be incorrect Description: An inconsistent user interface issue was addressed with improved state management. CVE-2019-8667: Roland Kletzing of cyber:con GmbH UIFoundation Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.5 Impact: Parsing a maliciously crafted office document may lead to an unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8657: riusksk of VulWar Corp working with Trend Micro's Zero Day Initiative Additional recognition Classroom We would like to acknowledge Jeff Johnson of underpassapp.com for their assistance. Game Center We would like to acknowledge Min (Spark) Zheng and Xiaolong Bai of Alibaba Inc. for their assistance. Installation note: macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAl1S688pHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3Hiog/+ PcWPEhxDpnU1ctoVPhyoqkV1tUs8z3hdNyX/tPtQZIQVFB7No1Md0GX8Zrv2libb LwrbU25ewe82XE9Es6ngxTdkRaREn8+hm9gxYPCMDXyKRlv904Q1b4zthYUt7/NO 7RG6ZRHEINOQORzrDsmgT/X6TukIy73HNob+4xZJTdJe9ZU3/zDCaqUgyUJSodou vsVFR3oqkwbVby4eT9+YbxJWMvVoFfB1+Qqo1w9kN7WXcYK3gb7sGtnNQlrE70kR pLRogcmwTQsi+sTm8bxQsuXXjdtTHeeCf0FRJg8NY5wZmdV9lNOghtmNxfTwIuir VeWusIgZWaK7IbgHW3PRYv3Sbrk40zcOraDsPv2rdgjOj4ReVyKHw5/f5Fyhcn+v WnIC4iNIBurz0HZU91QqD58Sqp+HtWl8xkM3ZW+Kd9LjnLty3fNw6Au5Aw8DTHzN 5F+lz7JRVV3+j7AYELog3WV6mdzMKW85gJRJtwXJ8hHSYZnvat06faFlPcDiKjBW rW7BehRykZpmZtaSZjL25IeOuXJHHdRfvabuTZ3nk47SSn7EJJ3xFBnvw6TgVFX+ TvmcUg5FinTSR81NkIY0ux6x1kuV/4vIUGZ4O0Houf/FoUhMQvig9ZkSw2B+Ynbd Xl3qBT4SVPWQyFAvjHwjCZA+GpNsnEKgZm8SlYVgqog= =tCwo -----END PGP SIGNATURE----- . Bug Fix(es): * kernel-rt: update to the RHEL7.7.z batch#2 source tree (BZ#1748570) 4. ========================================================================== Ubuntu Security Notice USN-4147-1 October 04, 2019 linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.04 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services (AWS) systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform (GCP) systems - linux-kvm: Linux kernel for cloud environments - linux-raspi2: Linux kernel for Raspberry Pi 2 - linux-snapdragon: Linux kernel for Snapdragon processors - linux-gke-5.0: Linux kernel for Google Container Engine (GKE) systems - linux-hwe: Linux hardware enablement (HWE) kernel Details: It was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136) It was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207) It was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631) It was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel did not properly validate device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15117) Hui Peng and Mathias Payer discovered that the USB audio driver for the Linux kernel improperly performed recursion while handling device meta data. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15118) It was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211) It was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212) It was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215) It was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220) Benjamin Moody discovered that the XFS file system in the Linux kernel did not properly handle an error condition when out of disk quota. A local attacker could possibly use this to cause a denial of service. (CVE-2019-15538) It was discovered that the Hisilicon HNS3 ethernet device driver in the Linux kernel contained an out of bounds access vulnerability. A local attacker could use this to possibly cause a denial of service (system crash). (CVE-2019-15925) It was discovered that the Atheros mobile chipset driver in the Linux kernel did not properly validate data in some situations. An attacker could use this to cause a denial of service (system crash). (CVE-2019-15926) Daniele Antonioli, Nils Ole Tippenhauer, and Kasper B. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506) It was discovered that ZR364XX Camera USB device driver for the Linux kernel did not properly initialize memory. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15217) It was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218) It was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221) It was discovered that the Line 6 USB driver for the Linux kernel contained a race condition when the device was disconnected. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15223) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04: linux-image-5.0.0-1018-aws 5.0.0-1018.20 linux-image-5.0.0-1019-kvm 5.0.0-1019.20 linux-image-5.0.0-1019-raspi2 5.0.0-1019.19 linux-image-5.0.0-1020-gcp 5.0.0-1020.20 linux-image-5.0.0-1022-azure 5.0.0-1022.23 linux-image-5.0.0-1023-snapdragon 5.0.0-1023.24 linux-image-5.0.0-31-generic 5.0.0-31.33 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33 linux-image-5.0.0-31-lowlatency 5.0.0-31.33 linux-image-aws 5.0.0.1018.19 linux-image-azure 5.0.0.1022.21 linux-image-gcp 5.0.0.1020.46 linux-image-generic 5.0.0.31.32 linux-image-generic-lpae 5.0.0.31.32 linux-image-gke 5.0.0.1020.46 linux-image-kvm 5.0.0.1019.19 linux-image-lowlatency 5.0.0.31.32 linux-image-raspi2 5.0.0.1019.16 linux-image-snapdragon 5.0.0.1023.16 linux-image-virtual 5.0.0.31.32 Ubuntu 18.04 LTS: linux-image-5.0.0-1020-gke 5.0.0-1020.20~18.04.1 linux-image-5.0.0-31-generic 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-generic-lpae 5.0.0-31.33~18.04.1 linux-image-5.0.0-31-lowlatency 5.0.0-31.33~18.04.1 linux-image-generic-hwe-18.04 5.0.0.31.88 linux-image-generic-lpae-hwe-18.04 5.0.0.31.88 linux-image-gke-5.0 5.0.0.1020.9 linux-image-lowlatency-hwe-18.04 5.0.0.31.88 linux-image-snapdragon-hwe-18.04 5.0.0.31.88 linux-image-virtual-hwe-18.04 5.0.0.31.88 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://usn.ubuntu.com/4147-1 CVE-2019-0136, CVE-2019-10207, CVE-2019-13631, CVE-2019-15090, CVE-2019-15117, CVE-2019-15118, CVE-2019-15211, CVE-2019-15212, CVE-2019-15215, CVE-2019-15217, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15223, CVE-2019-15538, CVE-2019-15925, CVE-2019-15926, CVE-2019-9506 Package Information: https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33 https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20 https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23 https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20 https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20 https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19 https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24 https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1 https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1 . 7.4) - noarch, x86_64 3. Bug Fix(es): * Fix possible Spectre-v1 bugs in wireless code (BZ#1706696) * powerpc/pseries: Disable CPU hotplug across migrations / powerpc/rtas: Fix a potential race between CPU-Offline & Migration (LPM) (BZ#1745436) * powerpc/pseries: Fix unitialized timer reset on migration / powerpc/pseries/mobility: Extend start/stop topology update scope (LPM) (BZ#1745438) * ISST-LTE:PVM:Zeppelin :LPM: Failure logs and stack trace seen during LPM (POWER9/P9) (BZ#1745446) 4

Trust: 3.42

sources: NVD: CVE-2019-9506 // CERT/CC: VU#918987 // JVNDB: JVNDB-2019-007618 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // PACKETSTORM: 155005 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154863 // PACKETSTORM: 154054 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154949

AFFECTED PRODUCTS

vendor:huaweimodel:cornell-tl10bscope:ltversion:9.1.0.333\(c01e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:p30scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:lelandp-l22dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-tl10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:columbia-tl00dscope:ltversion:8.1.0.186\(c01gt\)

Trust: 1.0

vendor:huaweimodel:y6 2019scope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:19.04

Trust: 1.0

vendor:applemodel:tvosscope:eqversion:12.4

Trust: 1.0

vendor:huaweimodel:cairogo-l22scope:ltversion:cairogo-l22c461b153

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:huaweimodel:princeton-tl10cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ever-l29bscope:ltversion:9.1.0.338\(c185e3r3p1\)

Trust: 1.0

vendor:huaweimodel:princeton-al10dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.341\(c185e1r1p9t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.325\(c185e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:leland-l32cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-tl00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.350\(c10e3r1p14t8\)

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.12.6

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.307\(c635e4r1p13t8\)

Trust: 1.0

vendor:redhatmodel:virtualization host eusscope:eqversion:4.2

Trust: 1.0

vendor:huaweimodel:nova 3scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.7

Trust: 1.0

vendor:huaweimodel:laya-al00epscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c432e4r1p11t8\)

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.158\(c432e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.328\(c782e10r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.332\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-l22cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ares-al10dscope:ltversion:9.1.0.160\(c00e160r2p5t8\)

Trust: 1.0

vendor:huaweimodel:y6 prime 2018scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-l21scope:eqversion: -

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:huaweimodel:cornell-al00indscope:ltversion:8.2.0.141\(c675custc675d1gt\)

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.0

Trust: 1.0

vendor:huaweimodel:paris-al00icscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l42scope:ltversion:8.0.0.155\(c636custc636d1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.3

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.155\(c10e2r3p1\)

Trust: 1.0

vendor:huaweimodel:madrid-tl00ascope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux ausscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:8

Trust: 1.0

vendor:huaweimodel:florida-l21scope:ltversion:9.1.0.150\(c185e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c636e3r1p13t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.137\(c33e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.171\(c10e2r3p1\)

Trust: 1.0

vendor:huaweimodel:leland-tl10cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:madrid-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al10indscope:ltversion:9.1.0.363\(c675e2r1p9t8\)

Trust: 1.0

vendor:huaweimodel:nova 5i proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:jakarta-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-l21ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al00ascope:ltversion:9.1.0.333\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.351\(c432e5r1p13t8\)

Trust: 1.0

vendor:huaweimodel:nova lite 3scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.172\(c432e2r5p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux tusscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.336\(c636e2r1p12t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:7

Trust: 1.0

vendor:huaweimodel:sydney-l22scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:dura-tl00ascope:ltversion:1.0.0.176\(c01\)

Trust: 1.0

vendor:huaweimodel:p20scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:y9 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:potter-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-tl10bscope:ltversion:9.1.0.128\(c01e112r1p6t8\)

Trust: 1.0

vendor:huaweimodel:sydneym-l22scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.7

Trust: 1.0

vendor:huaweimodel:lelandp-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-tl10scope:ltversion:9.1.0.333\(c01e333r1p1t8\)

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.2

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.6

Trust: 1.0

vendor:huaweimodel:p30 proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.342\(c461e1r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.4

Trust: 1.0

vendor:huaweimodel:figo-l23scope:ltversion:9.1.0.160\(c605e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:imanager neteco 6000scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-l09scope:ltversion:9.1.0.350\(c636e4r1p13t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.328\(c432e7r1p11t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c432e2r5p1\)

Trust: 1.0

vendor:huaweimodel:tony-tl00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:harry-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l22scope:ltversion:9.1.0.150\(c636e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:9.1.0.149\(c675e8r2p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.170\(c185e2r5p1\)

Trust: 1.0

vendor:huaweimodel:nova 5scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-l42cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 8ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:lelandp-al10dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-tl10bscope:ltversion:9.1.0.130\(c01e115r2p8t8\)

Trust: 1.0

vendor:huaweimodel:tony-al00bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c185e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:london-al40indscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:harry-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:johnson-tl00dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:alp-al00bscope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.326\(c635e2r1p11t8\)

Trust: 1.0

vendor:huaweimodel:p smartscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.1

Trust: 1.0

vendor:huaweimodel:asoka-al00axscope:ltversion:9.1.1.181\(c00e48r6p1\)

Trust: 1.0

vendor:huaweimodel:columbia-al10iscope:ltversion:9.1.0.335\(c675e8r1p9t8\)

Trust: 1.0

vendor:huaweimodel:sydneym-l23scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:ares-tl00cscope:ltversion:9.1.0.165\(c01e165r2p5t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv eusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:cornell-l29ascope:ltversion:9.1.0.347\(c432e1r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time eusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:katyusha-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l29bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l01scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-al20bscope:ltversion:9.1.0.128\(c00e112r1p6t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c185e3r1p12t8\)

Trust: 1.0

vendor:huaweimodel:potter-al10ascope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:huaweimodel:yale-l61cscope:eqversion: -

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:12.4

Trust: 1.0

vendor:huaweimodel:sydney-l22brscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-al00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.328\(c432e5r1p9t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.170\(c636e2r3p1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux eusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:dubai-al00ascope:ltversion:8.2.0.190\(c00r2p2\)

Trust: 1.0

vendor:googlemodel:androidscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.311\(c605e2r1p11t8\)

Trust: 1.0

vendor:huaweimodel:honor 20scope:ltversion:9.1.0.143\(c675e8r2p1\)

Trust: 1.0

vendor:huaweimodel:hima-l29cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l33scope:ltversion:8.0.0.147\(c605custc605d1\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfvscope:eqversion:7

Trust: 1.0

vendor:huaweimodel:bla-tl00bscope:ltversion:9.1.0.329\(c01e320r1p1t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.325\(c636e7r1p13t8\)

Trust: 1.0

vendor:huaweimodel:dura-al00ascope:ltversion:1.0.0.182\(c00\)

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.325\(c636e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:eqversion:8.1.0.156\(c605\)

Trust: 1.0

vendor:huaweimodel:p smart 2019scope:eqversion: -

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.5

Trust: 1.0

vendor:huaweimodel:harry-tl00cscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux for real timescope:eqversion:8

Trust: 1.0

vendor:huaweimodel:y6 pro 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor view 10scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:berkeley-al20scope:ltversion:9.1.0.333\(c00e333r2p1t8\)

Trust: 1.0

vendor:huaweimodel:johnson-tl00fscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.122\(c09e7r1p5t8\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c10e5r1p14t8\)

Trust: 1.0

vendor:huaweimodel:yalep-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l23scope:ltversion:9.1.0.154\(c605e7r1p2t8\)

Trust: 1.0

vendor:huaweimodel:yale-al50ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:emily-l29cscope:ltversion:9.1.0.311\(c461e2r1p11t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time for nfv eusscope:eqversion:8.4

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.7

Trust: 1.0

vendor:redhatmodel:enterprise linux for real time eusscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:honor 8xscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:eqversion:8.0.0.122d\(c652\)

Trust: 1.0

vendor:huaweimodel:mate 20 xscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:cornell-al00iscope:ltversion:9.1.0.363\(c675e3r1p9t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.6

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:7.4

Trust: 1.0

vendor:huaweimodel:nova 4scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:leland-l42ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-al00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.165\(c10e8r1p5t8\)

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c636e2r3p1\)

Trust: 1.0

vendor:huaweimodel:columbia-l29dscope:ltversion:9.1.0.350\(c461e3r1p11t8\)

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:8.2

Trust: 1.0

vendor:huaweimodel:leland-l32ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:neo-al00dscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l03scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor 20 proscope:ltversion:9.1.0.154\(c185e2r5p1\)

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.13.6

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.300\(c605e2r1p12t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-l22ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:charlotte-l29cscope:ltversion:9.1.0.325\(c185e4r1p11t8\)

Trust: 1.0

vendor:huaweimodel:leland-l31ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:atomu-l41scope:ltversion:8.0.0.153\(c461custc461d1\)

Trust: 1.0

vendor:huaweimodel:imanager netecoscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l21bscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:7.3

Trust: 1.0

vendor:huaweimodel:mate 20 proscope:eqversion: -

Trust: 1.0

vendor:redhatmodel:mrg realtimescope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:y5 2018scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:yale-al00ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-tl00scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-l29cscope:ltversion:9.1.0.306\(c636e2r1p13t8\)

Trust: 1.0

vendor:huaweimodel:lelandp-al00cscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydney-l21brscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:columbia-al10bscope:ltversion:9.1.0.333\(c00e333r1p1t8\)

Trust: 1.0

vendor:huaweimodel:p20 proscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:honor view 20scope:eqversion: -

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:8.4

Trust: 1.0

vendor:huaweimodel:barca-al00scope:ltversion:8.0.0.366\(c00\)

Trust: 1.0

vendor:huaweimodel:leland-l21ascope:eqversion: -

Trust: 1.0

vendor:huaweimodel:paris-l21mebscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:princeton-al10bscope:eqversion: -

Trust: 1.0

vendor:huaweimodel:florida-l21scope:ltversion:9.1.0.150\(c432e6r1p5t8\)

Trust: 1.0

vendor:huaweimodel:ares-al00bscope:ltversion:9.1.0.160\(c00e160r2p5t8\)

Trust: 1.0

vendor:huaweimodel:mate 20scope:eqversion: -

Trust: 1.0

vendor:applemodel:watchosscope:eqversion:5.3

Trust: 1.0

vendor:huaweimodel:honor 10 litescope:eqversion: -

Trust: 1.0

vendor:huaweimodel:y5 litescope:eqversion: -

Trust: 1.0

vendor:huaweimodel:bla-al00bscope:ltversion:9.1.0.329\(c786e320r2p1t8\)

Trust: 1.0

vendor:huaweimodel:figo-l31scope:ltversion:9.1.0.137\(c530e8r1p5t8\)

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:huaweimodel:y7 2019scope:eqversion: -

Trust: 1.0

vendor:huaweimodel:sydneym-l21scope:eqversion: -

Trust: 1.0

vendor:blackberrymodel: - scope: - version: -

Trust: 0.8

vendor:bluetooth sigmodel: - scope: - version: -

Trust: 0.8

vendor:bluetooth sigmodel:br/edr corescope:lteversion:v5.1

Trust: 0.8

sources: CERT/CC: VU#918987 // JVNDB: JVNDB-2019-007618 // NVD: CVE-2019-9506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-9506
value: HIGH

Trust: 1.0

cret@cert.org: CVE-2019-9506
value: HIGH

Trust: 1.0

NVD: CVE-2019-9506
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201908-864
value: HIGH

Trust: 0.6

VULHUB: VHN-160941
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-9506
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-9506
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2019-9506
severity: HIGH
baseScore: 7.8
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-160941
severity: MEDIUM
baseScore: 4.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-9506
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

cret@cert.org: CVE-2019-9506
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.0

Trust: 1.0

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506 // NVD: CVE-2019-9506

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.1

problemtype:CWE-327

Trust: 1.1

sources: VULHUB: VHN-160941 // NVD: CVE-2019-9506

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201908-864

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-007618

PATCH

title:Key Negotiation of Bluetoothurl:https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/

Trust: 0.8

title:The building blocks of all Bluetooth devicesurl:https://www.bluetooth.com/specifications/

Trust: 0.8

title:Keep up to date with Errataurl:https://www.bluetooth.com/specifications/errata/

Trust: 0.8

title:Bluetooth Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96553

Trust: 0.6

title:The Registerurl:https://www.theregister.co.uk/2019/08/22/cisco_patch_bundle/

Trust: 0.2

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193187 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kpatch-patch security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193231 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20192975 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193165 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193218 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20201460 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193220 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193089 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193055 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kernel-alt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193217 - Security Advisory

Trust: 0.1

title:Red Hat: Important: kpatch-patch security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193076 - Security Advisory

Trust: 0.1

title:Red Hat: CVE-2019-9506url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2019-9506

Trust: 0.1

title:Cisco: Key Negotiation of Bluetooth Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20190813-bluetooth

Trust: 0.1

title:HP: HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03634

Trust: 0.1

title:Red Hat: Important: kernel security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20200204 - Security Advisory

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=814c3d5b0bc03fc1c34e62dbc5cf6bf7

Trust: 0.1

title:HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03634 rev. 1 - HP OfficeJet Mobile and Sprocket Printers KNOB Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=20bba81176880ee641f9d46354adc125

Trust: 0.1

title:Red Hat: Important: kernel security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193517 - Security Advisory

Trust: 0.1

title:Huawei Security Advisories: Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=huawei_security_advisories&qid=4da976eef66883f5331725800e5cf063

Trust: 0.1

title:Red Hat: Important: kernel-rt security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20193309 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-azure, linux-gcp, linux-gke-5.0, linux-hwe, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4147-1

Trust: 0.1

title:Fortinet Security Advisories: CVE-2019-9506 Encryption Key Negotiation of Bluetooth Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=fortinet_security_advisories&qid=FG-IR-19-224

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-aws, linux-aws-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 regressionurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-2

Trust: 0.1

title:Ubuntu Security Notice: linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oracle, linux-raspi2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4115-1

Trust: 0.1

title:Ubuntu Security Notice: linux-aws vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-4118-1

Trust: 0.1

title:knoburl:https://github.com/francozappa/knob

Trust: 0.1

title:bluetooth-KNOBurl:https://github.com/u10427687/bluetooth-KNOB

Trust: 0.1

title: - url:https://github.com/makaubenson/Fix-BT-Ubuntu

Trust: 0.1

title:broadcom-bt-firmwareurl:https://github.com/winterheart/broadcom-bt-firmware

Trust: 0.1

title:broadcom-bt-firmwareurl:https://github.com/AlexandrBing/broadcom-bt-firmware

Trust: 0.1

title:Protocol-Vulurl:https://github.com/WinMin/Protocol-Vul

Trust: 0.1

title:awesome-bluetooth-securityurl:https://github.com/engn33r/awesome-bluetooth-security

Trust: 0.1

title: - url:https://github.com/JeffroMF/awesome-bluetooth-security321

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:CVE-POCurl:https://github.com/0xT11/CVE-POC

Trust: 0.1

title: - url:https://github.com/vincent-deng/veracode-container-security-finding-parser

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub

Trust: 0.1

title:Symantec Threat Intelligence Blogurl:https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-august-2019

Trust: 0.1

title:Threatposturl:https://threatpost.com/cisco-patches-six-critical-bugs/147585/

Trust: 0.1

title:Threatposturl:https://threatpost.com/lenovo-warns-bugs-thinkpads/147338/

Trust: 0.1

title:Threatposturl:https://threatpost.com/wormable-remote-desktop-bugs-august-patch-tuesday/147302/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-traffic/

Trust: 0.1

title:BleepingComputerurl:https://www.bleepingcomputer.com/news/security/new-bluetooth-knob-flaw-lets-attackers-manipulate-connections/

Trust: 0.1

sources: VULMON: CVE-2019-9506 // JVNDB: JVNDB-2019-007618 // CNNVD: CNNVD-201908-864

EXTERNAL IDS

db:NVDid:CVE-2019-9506

Trust: 3.6

db:CERT/CCid:VU#918987

Trust: 3.4

db:PACKETSTORMid:157216

Trust: 0.8

db:JVNid:JVNVU90240762

Trust: 0.8

db:JVNDBid:JVNDB-2019-007618

Trust: 0.8

db:CNNVDid:CNNVD-201908-864

Trust: 0.7

db:AUSCERTid:ESB-2020.0141

Trust: 0.6

db:AUSCERTid:ESB-2020.1366

Trust: 0.6

db:AUSCERTid:ESB-2020.1189

Trust: 0.6

db:AUSCERTid:ESB-2020.1366.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4346

Trust: 0.6

db:AUSCERTid:ESB-2019.4346.2

Trust: 0.6

db:AUSCERTid:ESB-2019.4676

Trust: 0.6

db:AUSCERTid:ESB-2020.0262

Trust: 0.6

db:AUSCERTid:ESB-2019.3115

Trust: 0.6

db:AUSCERTid:ESB-2019.4252

Trust: 0.6

db:AUSCERTid:ESB-2020.1338

Trust: 0.6

db:AUSCERTid:ESB-2019.4584

Trust: 0.6

db:PACKETSTORMid:156058

Trust: 0.6

db:LENOVOid:LEN-27173

Trust: 0.6

db:PACKETSTORMid:155017

Trust: 0.2

db:PACKETSTORMid:154949

Trust: 0.2

db:PACKETSTORMid:154936

Trust: 0.2

db:PACKETSTORMid:155004

Trust: 0.2

db:VULHUBid:VHN-160941

Trust: 0.1

db:VULMONid:CVE-2019-9506

Trust: 0.1

db:PACKETSTORMid:155005

Trust: 0.1

db:PACKETSTORMid:154863

Trust: 0.1

db:PACKETSTORMid:154054

Trust: 0.1

db:PACKETSTORMid:154879

Trust: 0.1

db:PACKETSTORMid:154740

Trust: 0.1

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // JVNDB: JVNDB-2019-007618 // PACKETSTORM: 155005 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154863 // PACKETSTORM: 154054 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154949 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506

REFERENCES

url:https://www.kb.cert.org/vuls/id/918987/

Trust: 2.6

url:https://www.usenix.org/conference/usenixsecurity19/presentation/antonioli

Trust: 2.6

url:https://access.redhat.com/errata/rhsa-2020:0204

Trust: 2.4

url:https://access.redhat.com/errata/rhsa-2019:3187

Trust: 2.0

url:https://access.redhat.com/errata/rhsa-2019:3055

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3089

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3165

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3217

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3218

Trust: 1.9

url:https://access.redhat.com/errata/rhsa-2019:3231

Trust: 1.9

url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en

Trust: 1.8

url:https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth/

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/11

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/13

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/14

Trust: 1.8

url:http://seclists.org/fulldisclosure/2019/aug/15

Trust: 1.8

url:http://www.cs.ox.ac.uk/publications/publication12404-abstract.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00014.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00015.html

Trust: 1.8

url:https://lists.debian.org/debian-lts-announce/2019/09/msg00025.html

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:2975

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3076

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3220

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3309

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2019:3517

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html

Trust: 1.8

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html

Trust: 1.8

url:https://usn.ubuntu.com/4115-1/

Trust: 1.8

url:https://usn.ubuntu.com/4118-1/

Trust: 1.8

url:https://usn.ubuntu.com/4147-1/

Trust: 1.8

url:https://www.bluetooth.com/security/statement-key-negotiation-of-bluetooth

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2019-9506

Trust: 1.6

url:https://github.com/francozappa/knob

Trust: 0.9

url:https://www.bluetooth.com/specifications/adopted-specifications

Trust: 0.8

url:https://www.usenix.org/system/files/sec19-antonioli.pdf

Trust: 0.8

url:https://www.icasi.org/br-edr-encryption-key-bluetooth-vulnerability/

Trust: 0.8

url:http://support.blackberry.com/kb/articledetail?articlenumber=000057251

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-9506

Trust: 0.8

url:https://jvn.jp/vu/jvnvu90240762/

Trust: 0.8

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.8

url:https://access.redhat.com/security/cve/cve-2019-9506

Trust: 0.8

url:https://bugzilla.redhat.com/):

Trust: 0.8

url:https://access.redhat.com/security/team/key/

Trust: 0.8

url:https://access.redhat.com/articles/11258

Trust: 0.8

url:https://access.redhat.com/security/team/contact/

Trust: 0.8

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.8

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190813-bluetooth

Trust: 0.7

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193294-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193295-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192984-1.html

Trust: 0.6

url:https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00237.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20193200-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192953-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192952-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192951-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192950-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192949-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192948-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192947-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192946-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2020/suse-su-20200093-1.html

Trust: 0.6

url:https://packetstormsecurity.com/files/157216/red-hat-security-advisory-2020-1460-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1338/

Trust: 0.6

url:https://portal.msrc.microsoft.com/zh-cn/security-guidance/advisory/cve-2019-9506

Trust: 0.6

url:https://support.lenovo.com/us/en/product_security/len-27173

Trust: 0.6

url:https://support.apple.com/en-us/ht210353

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4676/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346/

Trust: 0.6

url:https://support.apple.com/en-us/ht210346

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4252/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4584/

Trust: 0.6

url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20190828-01-knob-cn

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0141/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.0262/

Trust: 0.6

url:https://packetstormsecurity.com/files/156058/red-hat-security-advisory-2020-0204-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.3115/

Trust: 0.6

url:https://vigilance.fr/vulnerability/bluetooth-br-edr-information-disclosure-via-key-negotiation-30041

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.4346.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1189/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1366/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1366.2/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2018-20856

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-20856

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-3846

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-10126

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-10126

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-3846

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/327.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.kb.cert.org/vuls/id/918987

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-11810

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-11810

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-9500

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-10902

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-9500

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10902

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:1460

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8691

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-16860

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8646

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8694

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13118

Trust: 0.1

url:https://support.apple.com/downloads/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8663

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8656

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8648

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8641

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8660

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8657

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-19860

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8662

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-8661

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15223

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux/5.0.0-31.33

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15538

Trust: 0.1

url:https://usn.ubuntu.com/4147-1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15118

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10207

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15090

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15217

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-13631

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15925

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-snapdragon/5.0.0-1023.24

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-hwe/5.0.0-31.33~18.04.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gcp/5.0.0-1020.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15117

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15220

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-raspi2/5.0.0-1019.19

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15211

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-aws/5.0.0-1018.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15218

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-azure/5.0.0-1022.23

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15215

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-gke-5.0/5.0.0-1020.20~18.04.1

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0136

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/linux-kvm/5.0.0-1019.20

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-15212

Trust: 0.1

sources: CERT/CC: VU#918987 // VULHUB: VHN-160941 // VULMON: CVE-2019-9506 // JVNDB: JVNDB-2019-007618 // PACKETSTORM: 155005 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154863 // PACKETSTORM: 154054 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154740 // PACKETSTORM: 154949 // CNNVD: CNNVD-201908-864 // NVD: CVE-2019-9506

CREDITS

Red Hat

Trust: 0.8

sources: PACKETSTORM: 155005 // PACKETSTORM: 157216 // PACKETSTORM: 155017 // PACKETSTORM: 155004 // PACKETSTORM: 154863 // PACKETSTORM: 154879 // PACKETSTORM: 154936 // PACKETSTORM: 154949

SOURCES

db:CERT/CCid:VU#918987
db:VULHUBid:VHN-160941
db:VULMONid:CVE-2019-9506
db:JVNDBid:JVNDB-2019-007618
db:PACKETSTORMid:155005
db:PACKETSTORMid:157216
db:PACKETSTORMid:155017
db:PACKETSTORMid:155004
db:PACKETSTORMid:154863
db:PACKETSTORMid:154054
db:PACKETSTORMid:154879
db:PACKETSTORMid:154936
db:PACKETSTORMid:154740
db:PACKETSTORMid:154949
db:CNNVDid:CNNVD-201908-864
db:NVDid:CVE-2019-9506

LAST UPDATE DATE

2024-12-21T21:24:13.149000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#918987date:2020-05-15T00:00:00
db:VULHUBid:VHN-160941date:2021-11-04T00:00:00
db:VULMONid:CVE-2019-9506date:2021-11-04T00:00:00
db:JVNDBid:JVNDB-2019-007618date:2019-08-16T00:00:00
db:CNNVDid:CNNVD-201908-864date:2021-11-05T00:00:00
db:NVDid:CVE-2019-9506date:2024-11-21T04:51:45.113

SOURCES RELEASE DATE

db:CERT/CCid:VU#918987date:2019-08-14T00:00:00
db:VULHUBid:VHN-160941date:2019-08-14T00:00:00
db:VULMONid:CVE-2019-9506date:2019-08-14T00:00:00
db:JVNDBid:JVNDB-2019-007618date:2019-08-16T00:00:00
db:PACKETSTORMid:155005date:2019-10-29T14:49:28
db:PACKETSTORMid:157216date:2020-04-14T15:40:41
db:PACKETSTORMid:155017date:2019-10-29T14:59:12
db:PACKETSTORMid:155004date:2019-10-29T14:48:28
db:PACKETSTORMid:154863date:2019-10-15T22:22:11
db:PACKETSTORMid:154054date:2019-08-14T18:32:22
db:PACKETSTORMid:154879date:2019-10-16T15:06:37
db:PACKETSTORMid:154936date:2019-10-22T17:27:00
db:PACKETSTORMid:154740date:2019-10-05T14:13:57
db:PACKETSTORMid:154949date:2019-10-23T18:29:02
db:CNNVDid:CNNVD-201908-864date:2019-08-13T00:00:00
db:NVDid:CVE-2019-9506date:2019-08-14T17:15:11.597