My laptop Lenovo ThinkPad needs to support Virtualization ASAP

This post was originally published on this site

Greetings all,

 

I seek your prompt support to help me resolve my virtualization issue as my laptop ThinkPad X series apparently doesn’t support the Virtualization.

I badly need my computer to support the virtualization as I will have a training course next week. Please note that I could follow this step: How to enable Virtualization Technology (VT-X) in Lenovo, idea, ThinkPad and ThinkCentre system – sa ; however, it seems that my laptop still doesn’t support it. If you also can provide me with a tool to check or find out whether my laptop supports the virtualization after following the instruction through the abovementioned link or not.

 

This info may be helpful:

 

Processor:”Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz , GenuineIntel”

Windows 10.

 

 

Any ideas to resolve this issue ASAP would be really much appreciated.

 

Best,

AAA

SB18-232: Vulnerability Summary for the Week of August 13, 2018

This post was originally published on this site

Original release date: August 20, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
intel — core_i3 Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis. 2018-08-14 5.4 CVE-2018-3615
CONFIRM
CONFIRM
BID
SECTRACK
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
CONFIRM
CERT-VN
CONFIRM
intel — core_i3 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. 2018-08-14 4.7 CVE-2018-3620
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM
intel — core_i3 Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis. 2018-08-14 4.7 CVE-2018-3646
CONFIRM
CONFIRM
BID
SECTRACK
CONFIRM
CONFIRM
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
REDHAT
MISC
FEDORA
FEDORA
CONFIRM
FREEBSD
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CISCO
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
DEBIAN
CONFIRM
CERT-VN
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery. 2018-08-14 not yet calculated CVE-2018-7097
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow disclosure of privileged information. 2018-08-14 not yet calculated CVE-2018-7099
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow access restriction bypass. 2018-08-14 not yet calculated CVE-2018-7095
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be locally exploited to allow directory traversal. 2018-08-14 not yet calculated CVE-2018-7098
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-5.0.0.0-22913(GA). The vulnerability may be exploited locally to allow disclosure of privileged information. 2018-08-14 not yet calculated CVE-2018-7094
CONFIRM
3par — service_processor A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow code execution. 2018-08-14 not yet calculated CVE-2018-7096
CONFIRM
apache — commons_compress When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17’s ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress’ zip package. 2018-08-16 not yet calculated CVE-2018-11771
SECTRACK
MLIST

apache — http_server

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the “Location” or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). 2018-08-14 not yet calculated CVE-2016-4975
BID
CONFIRM
CONFIRM
apache — spark From version 1.3.0 onward, Apache Spark’s standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property ‘spark.authenticate.secret’ establishes a shared secret for authenticating requests to submit jobs via spark-submit. However, the REST API does not use this or any other authentication mechanism, and this is not adequately documented. In this case, a user would be able to run a driver program without authenticating, but not launch executors, using the REST API. This REST API is also used by Mesos, when set up to run in cluster mode (i.e., when also running MesosClusterDispatcher), for job submission. Future versions of Spark will improve documentation on these points, and prohibit setting ‘spark.authenticate.secret’ when running the REST APIs, to make this clear. Future versions will also disable the REST API by default in the standalone master by changing the default value of ‘spark.master.rest.enabled’ to ‘false’. 2018-08-13 not yet calculated CVE-2018-11770
BID
MLIST
CONFIRM
bytedance — musical.ly_app_for_ios Musical.ly Inc., musical.ly – your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13101
CERT-VN
uber_technologies — ubereats_app_for_ios Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13104
CERT-VN
pinterest — pinterest_app_for_ios Pinterest, 6.37, 2017-10-24, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13103
CERT-VN
distinctdev — the_moron_test_app_for_ios DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13100
CERT-VN
gameloft — asphalt_xtreme_offroad_rally_racing_app_for_ios Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13102
CERT-VN
asustor — adm ASUSTOR ADM 3.1.0.RFQ3 uses the same default root:admin username and password as it does for the NAS itself for applications that are installed from the online repository. This may allow an attacker to login and upload a webshell. 2018-08-16 not yet calculated CVE-2018-11509
MISC
EXPLOIT-DB
asustor — adm The tree list functionality in the photo gallery application in ASUSTOR ADM 3.1.0.RFQ3 has a SQL injection vulnerability that affects the ‘album_id’ or ‘scope’ parameter via a photo-gallery/api/album/tree_lists/ URI. 2018-08-16 not yet calculated CVE-2018-11511
MISC
EXPLOIT-DB
atlassian — confluence_questions The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. 2018-08-15 not yet calculated CVE-2018-13394
CONFIRM
atlassian — confluence_questions The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote attackers to modify a comment into an answer via a Cross-site request forgery (CSRF) vulnerability. 2018-08-15 not yet calculated CVE-2018-13393
CONFIRM
atlassian — fisheye_and_crucible Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue keys. 2018-08-13 not yet calculated CVE-2018-13392
BID
CONFIRM
CONFIRM
btrfsmaintenance — btrfsmaintenance An issue was discovered in evaluate_auto_mountpoint in btrfsmaintenance-functions in btrfsmaintenance through 0.4.1. Code execution as root can occur via a specially crafted filesystem label if btrfs-{scrub,balance,trim} are set to auto in /etc/sysconfig/btrfsmaintenance (this is not the default, though). 2018-08-15 not yet calculated CVE-2018-14722
MLIST
CONFIRM
cisco — asr_9000_series_aggregation_services_router_software A vulnerability in the Local Packet Transport Services (LPTS) feature set of Cisco ASR 9000 Series Aggregation Services Router Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input and validation checking on certain Precision Time Protocol (PTP) ingress traffic to an affected device. An attacker could exploit this vulnerability by injecting malformed traffic into an affected device. A successful exploit could allow the attacker to cause services on the device to become unresponsive, resulting in a DoS condition. Cisco Bug IDs: CSCvj22858. 2018-08-15 not yet calculated CVE-2018-0418
CISCO

cisco — asyncos_software_for_cisco_web_security_appliances

A vulnerability in the web proxy functionality of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to exhaust system memory and cause a denial of service (DoS) condition on an affected system. The vulnerability exists because the affected software improperly manages memory resources for TCP connections to a targeted device. An attacker could exploit this vulnerability by establishing a high number of TCP connections to the data interface of an affected device via IPv4 or IPv6. A successful exploit could allow the attacker to exhaust system memory, which could cause the system to stop processing new connections and result in a DoS condition. System recovery may require manual intervention. Cisco Bug IDs: CSCvf36610. 2018-08-15 not yet calculated CVE-2018-0410
BID
CISCO
qnap– qts Command injection vulnerability in Helpdesk versions 1.1.21 and earlier in QNAP QTS 4.2.6 build 20180531, QTS 4.3.3 build 20180528, QTS 4.3.4 build 20180528 and their earlier versions could allow remote attackers to run arbitrary commands in the compromised application. 2018-08-13 not yet calculated CVE-2018-0714
CONFIRM
cisco — email_security_appliances A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable (EXE) files. An attacker could exploit this vulnerability by sending a customized EXE file that is not recognized and blocked by the ESA. A successful exploit could allow an attacker to send email messages that contain malicious executable files to unsuspecting users. Cisco Bug IDs: CSCvh03786. 2018-08-15 not yet calculated CVE-2018-0419
CISCO
cisco — ios_software_and_ios_xe_software A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 (IKEv1) session. The vulnerability exists because the affected software responds incorrectly to decryption failures. An attacker could exploit this vulnerability sending crafted ciphertexts to a device configured with IKEv1 that uses RSA-encrypted nonces. A successful exploit could allow the attacker to obtain the encrypted nonces. Cisco Bug IDs: CSCve77140. 2018-08-14 not yet calculated CVE-2018-0131
BID
CISCO
cisco — multiple_products A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker to cause a temporary service outage for all IM&P users, resulting in a denial of service (DoS) condition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a malicious IPv4 or IPv6 packet to an affected device on TCP port 7400. An exploit could allow the attacker to overread a buffer, resulting in a crash and restart of the XCP Router service. Cisco Bug IDs: CSCvg97663, CSCvi55947. 2018-08-15 not yet calculated CVE-2018-0409
BID
BID
CISCO
cisco — registered_envelope_service A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Bug IDs: CVE-2018-0367. 2018-08-15 not yet calculated CVE-2018-0367
CISCO
cisco — small_business_100_and_300_series_wireless_access_points A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the improper processing of certain EAPOL frames. An attacker could exploit this vulnerability by sending a stream of crafted EAPOL frames to an affected device. A successful exploit could allow the attacker to force the access point (AP) to disassociate all the associated stations (STAs) and to disallow future, new association requests. Cisco Bug IDs: CSCvj97472. 2018-08-15 not yet calculated CVE-2018-0415
CISCO
cisco — small_business_100_and_300_series_wireless_access_points A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of the encryption algorithm that is used between an authenticator (access point) and a supplicant (Wi-Fi client). The vulnerability is due to the improper processing of certain EAPOL messages that are received during the Wi-Fi handshake process. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between a supplicant and an authenticator and manipulating an EAPOL message exchange to force usage of a WPA-TKIP cipher instead of the more secure AES-CCMP cipher. A successful exploit could allow the attacker to conduct subsequent cryptographic attacks, which could lead to the disclosure of confidential information. Cisco Bug IDs: CSCvj29229. 2018-08-15 not yet calculated CVE-2018-0412
CISCO
cisco — unified_communications_domain_manager_software A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. 2018-08-15 not yet calculated CVE-2018-0386
CISCO
cisco — web_security_appliance A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. The vulnerability is due to improper implementation of access controls. An attacker could exploit this vulnerability by authenticating to the device as a specific user to gain the information needed to elevate privileges to root in a separate login shell. A successful exploit could allow the attacker to escape the CLI subshell and execute system-level commands on the underlying operating system as root. Cisco Bug IDs: CSCvj93548. 2018-08-15 not yet calculated CVE-2018-0428
BID
CISCO
cisco — web_security_appliance A vulnerability in the CronJob scheduler API of Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to perform a command injection attack. The vulnerability is due to incorrect input validation of user-supplied data. An attacker could exploit this vulnerability by sending a malicious packet. A successful exploit could allow the attacker to execute arbitrary commands with root privileges. Cisco Bug IDs: CSCvi42263. 2018-08-15 not yet calculated CVE-2018-0427
BID
CISCO
citrix — xenserver Citrix XenServer 7.1 and newer allows Directory Traversal. 2018-08-15 not yet calculated CVE-2018-14007
BID
CONFIRM
CONFIRM
clavister — cos_core The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a Bleichenbacher attack. 2018-08-15 not yet calculated CVE-2018-8753
MISC
CONFIRM
crestron — tsw-x60_and_mc3 Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. 2018-08-10 not yet calculated CVE-2018-13341
BID
MISC
crestron — tsw-x60_and_mc3 For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open. 2018-08-10 not yet calculated CVE-2018-10630
BID
MISC
cryo — cryo A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization. 2018-08-17 not yet calculated CVE-2018-3784
MISC
delta_electronics — cncsoft_with_screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. 2018-08-13 not yet calculated CVE-2018-10636
BID
MISC
delta_electronics — cncsoft_with_screeneditor CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has two out-of-bounds read vulnerabilities could cause the software to crash due to lacking user input validation for processing project files. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. 2018-08-13 not yet calculated CVE-2018-10598
BID
MISC
dojo — toolkit In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid. 2018-08-17 not yet calculated CVE-2018-15494
MISC
MISC
eclipse — openj9 In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows, Linux and AIX JVMs and can be disabled using the command line option -Dcom.ibm.tools.attach.enable=no. 2018-08-14 not yet calculated CVE-2018-12539
CONFIRM
eclipse — vert.x In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response. 2018-08-14 not yet calculated CVE-2018-12537
REDHAT
CONFIRM
CONFIRM
CONFIRM
CONFIRM
MISC
edimax — ew-7438rpn_mini An issue was discovered in Edimax EW-7438RPn Mini v2 before version 1.26. There is XSS in an SSID field. 2018-08-13 not yet calculated CVE-2018-10569
MISC
MISC
eltex — esp-200_firmware An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15356
MISC
eltex — esp-200_firmware An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15360
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15358
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15357
MISC
eltex — esp-200_firmware An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0. 2018-08-17 not yet calculated CVE-2018-15359
MISC
embedthis — goahead_and_appweb An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted “Host” header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ‘]’ character in an IPv6 address. 2018-08-17 not yet calculated CVE-2018-15505
MISC
MISC
MISC
embedthis — goahead_and_appweb An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11. 2018-08-17 not yet calculated CVE-2018-15504
MISC
MISC
MISC
ericsson-lg — ipecs_nms_30m Ericsson-LG iPECS NMS 30M allows directory traversal via ipecs-cm/download?filename=../ URIs. 2018-08-15 not yet calculated CVE-2018-15138
EXPLOIT-DB
ethereum — all_for_one_game The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be retrieved with a getStorageAt call. Therefore, it allows attackers to always win and get rewards. 2018-08-15 not yet calculated CVE-2018-12056
MISC
ethereum — bitcoin_red_token An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of digital assets by providing a large address[] array, as exploited in the wild in May 2018, aka the “ownerUnderflow” issue. 2018-08-15 not yet calculated CVE-2018-11687
MISC
f5 — big-ip The svpn and policyserver components of the F5 BIG-IP APM client prior to version 7.1.7.1 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host. A malicious local unprivileged user may gain knowledge of sensitive information, manipulate certain data, or assume super-user privileges on the local client host. 2018-08-17 not yet calculated CVE-2018-5546
SECTRACK
CONFIRM
f5 — big-ip Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the certificate policy. By clicking on the link, unprivileged users can open additional dialog boxes and get access to the local machine windows explorer which can be used to get administrator privilege. Windows Logon Integration is vulnerable when the APM client is installed by an administrator on a user machine. Users accessing the local machine can get administrator privileges 2018-08-17 not yet calculated CVE-2018-5547
SECTRACK
CONFIRM
flintcms — flintcms A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset. 2018-08-17 not yet calculated CVE-2018-3783
MISC
git-dummy-commit — git-dummy-commit A command injection in git-dummy-commit v1.3.0 allows os level commands to be executed due to an unescaped parameter. 2018-08-17 not yet calculated CVE-2018-3785
MISC
gnome — display_manager The daemon in GDM through 3.29.1 does not properly unexport display objects from its D-Bus interface when they are destroyed, which allows a local attacker to trigger a use-after-free via a specially crafted sequence of D-Bus method calls, resulting in a denial of service or potential code execution. 2018-08-14 not yet calculated CVE-2018-14424
CONFIRM
UBUNTU
DEBIAN
ks_mobile– live.me_app_for_android Live.me – live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13107
CERT-VN
cheetah_mobile– cm_launcher_3d_app_for_android Cheetahmobile CM Launcher 3D – Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13106
CERT-VN
hawk_mobile_hi_security_labs — hi_security_virus_cleaner_app_for_android Hi Security Virus Cleaner – Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker. 2018-08-15 not yet calculated CVE-2017-13105
CERT-VN
psafe_tools — dfndr_security_app_for_android DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key. 2018-08-15 not yet calculated CVE-2017-13108
CERT-VN
hikvision — ip_cameras A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process. 2018-08-13 not yet calculated CVE-2018-6414
CONFIRM
hp — multiple_inkjet_printers A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution. 2018-08-13 not yet calculated CVE-2018-5925
BID
SECTRACK
MISC
HP
hp — multiple_inkjet_printers A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a stack buffer overflow, which could allow remote code execution. 2018-08-13 not yet calculated CVE-2018-5924
BID
SECTRACK
MISC
HP
hpe — multiple_products A security vulnerability in HPE Integrated Lights-Out 3 prior to v1.90, iLO 4 prior to v2.60, iLO 5 prior to v1.30, Moonshot Chassis Manager firmware prior to v1.58, and Moonshot Component Pack prior to v2.55 could be remotely exploited to create a denial of service. 2018-08-14 not yet calculated CVE-2018-7093
SECTRACK
CONFIRM
hpe — officeconnect_1810_switch_series A potential security vulnerability has been identified in HPE OfficeConnect 1810 Switch Series (HP 1810-24G – P.2.22 and previous versions, HP 1810-48G PK.1.34 and previous versions, HP 1810-8 v2 P.2.22 and previous versions). The vulnerability could allow local disclosure of sensitive information. 2018-08-14 not yet calculated CVE-2018-7100
SECTRACK
CONFIRM
hpe — xp_p9000_command_view_advanced_edition A security vulnerability in HPE XP P9000 Command View Advanced Edition (CVAE) Device Manager (DevMgr 8.5.0-00 and prior to 8.6.0-00), Configuration Manager (CM 8.5.0-00 and prior to 8.6.0-00) could be exploited to allow local and remote unauthorized access to sensitive information. 2018-08-14 not yet calculated CVE-2018-7077
CONFIRM
ibm — api_connect IBM API Connect’s Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request Forgery. An attacker, using specially crafted input parameters can trick the server into making potentially malicious calls within the trusted network. IBM X-Force ID: 146370. 2018-08-16 not yet calculated CVE-2018-1712
XF
CONFIRM
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003. 2018-08-16 not yet calculated CVE-2018-1715
XF
CONFIRM
ibm — rational_clearquest IBM Rational ClearQuest 8.0 through 8.0.1.9 and 9.0 through 9.0.1.3 (CQ OSLC linkages, EmailRelay) fails to check the SSL certificate against the requested hostname. It is subject to a man-in-the-middle attack with an impersonating server observing all the data transmitted to the real server. IBM X-Force ID: 113353. 2018-08-13 not yet calculated CVE-2016-2922
XF
CONFIRM
ibm — security_access_manager_for enterprise_single_sign_on IBM Security Access Manager for Enterprise Single Sign-On 8.2.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 134913. 2018-08-17 not yet calculated CVE-2017-1732
CONFIRM
XF
ibm — tivoli_application_dependency_discovery_manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 11029. 2018-08-15 not yet calculated CVE-2018-1455
XF
CONFIRM
ibm — urbancode_deploy IBM UrbanCode Deploy 6.1 through 6.9.6.0 could allow a remote attacker to traverse directories on the system. An unauthenticated attacker could alter UCD deployments. IBM X-Force ID: 135522. 2018-08-13 not yet calculated CVE-2017-1749
XF
CONFIRM

ibm — urbancode_deploy

Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147. 2018-08-13 not yet calculated CVE-2017-1286
XF
CONFIRM
intelbras — win_240 A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. 2018-08-15 not yet calculated CVE-2018-10369
MISC
jetbrains — dotpeek_and_resharper_ultimate JetBrains dotPeek before 2018.2 and ReSharper Ultimate before 2018.1.4 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific file, because of Deserialization of Untrusted Data. 2018-08-13 not yet calculated CVE-2018-14878
CONFIRM
MISC
keycloak — keycloak It was found that an authenticated user could manipulate user session information to trigger an infinite loop in keycloak. A malicious user could use this flaw to conduct a denial of service attack against the server. 2018-08-13 not yet calculated CVE-2018-10842
CONFIRM
kraftway — 24f2xg_router_firmware Denial of service via crafting malicious link and sending it to a privileged user can cause Denial of Service in Kraftway 24F2XG Router firmware version 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15351
MISC
kraftway — 24f2xg_router_firmware An attacker with low privileges can cause denial of service in Kraftway 24F2XG Router firmware version 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15352
MISC
kraftway — 24f2xg_router_firmware A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15353
MISC
kraftway — 24f2xg_router_firmware A Buffer Overflow exploited through web interface by remote attacker can cause denial of service in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15354
MISC
kraftway — 24f2xg_router_firmware Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router. 2018-08-17 not yet calculated CVE-2018-15350
MISC
kraftway — 24f2xg_router_firmware Usage of SSLv2 and SSLv3 leads to transmitted data decryption in Kraftway 24F2XG Router firmware 3.5.30.1118. 2018-08-17 not yet calculated CVE-2018-15355
MISC
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004. 2018-08-17 not yet calculated CVE-2018-14982
CONFIRM
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006. 2018-08-17 not yet calculated CVE-2018-15482
CONFIRM
lg — android_devices Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005. 2018-08-17 not yet calculated CVE-2018-14981
CONFIRM
libcgroup — libcgroup libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. 2018-08-14 not yet calculated CVE-2018-14348
SUSE
CONFIRM
FEDORA
CONFIRM
libgit2 — libgit2 In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol “ng” packet that lacks a ” byte to trigger an out-of-bounds read that leads to DoS. 2018-08-17 not yet calculated CVE-2018-15501
MISC
MISC
MISC
MISC
MISC
MISC
libxml2 — libxml2 libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035 and CVE-2018-9251. 2018-08-16 not yet calculated CVE-2018-14567
CONFIRM
UBUNTU
litecart — litecart admin/vqmods.app/vqmods.inc.php in LiteCart before 2.1.3 allows remote authenticated attackers to upload a malicious file (resulting in remote code execution) by using the text/xml or application/xml Content-Type in a public_html/admin/?app=vqmods&doc=vqmods request. 2018-08-16 not yet calculated CVE-2018-12256
CONFIRM
CONFIRM
man-cgi — man-cgi man-cgi before 1.16 allows Local File Inclusion via absolute path traversal, as demonstrated by a cgi-bin/man-cgi?/etc/passwd URI. 2018-08-14 not yet calculated CVE-2018-14429
MISC
BUGTRAQ
medtronic — minimed_508_insulin_pump Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G The models identified above, when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. 2018-08-13 not yet calculated CVE-2018-14781
BID
MISC
medtronic — minimed_508_insulin_pump Medtronic MMT 508 MiniMed insulin pump, 522 / MMT – 722 Paradigm REAL-TIME, 523 / MMT – 723 Paradigm Revel, 523K / MMT – 723K Paradigm Revel, and 551 / MMT – 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. 2018-08-13 not yet calculated CVE-2018-10634
BID
MISC
microsoft — .net_framework An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka “.NET Framework Information Disclosure Vulnerability.” This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. 2018-08-15 not yet calculated CVE-2018-8360
BID
SECTRACK
CONFIRM
microsoft — chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381. 2018-08-15 not yet calculated CVE-2018-8384
BID
CONFIRM
microsoft — chakracore A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8359
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389. 2018-08-15 not yet calculated CVE-2018-8390
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8380, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8381
BID
SECTRACK
CONFIRM
microsoft — chakracore_and_edge A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8266, CVE-2018-8381, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8380
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8355
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8372
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8387. 2018-08-15 not yet calculated CVE-2018-8377
BID
CONFIRM
microsoft — edge A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka “Microsoft Edge Security Feature Bypass Vulnerability.” This affects Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8358
BID
SECTRACK
CONFIRM
microsoft — edge A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8383. 2018-08-15 not yet calculated CVE-2018-8388
BID
SECTRACK
CONFIRM
microsoft — edge A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka “Microsoft Edge Spoofing Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8388. 2018-08-15 not yet calculated CVE-2018-8383
BID
SECTRACK
CONFIRM
microsoft — edge A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka “Microsoft Edge Memory Corruption Vulnerability.” This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8377. 2018-08-15 not yet calculated CVE-2018-8387
BID
CONFIRM
microsoft — edge A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka “Microsoft Edge Information Disclosure Vulnerability.” This affects Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8370
BID
SECTRACK
CONFIRM
microsoft — edge_and_chakracore A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka “Chakra Scripting Engine Memory Corruption Vulnerability.” This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8380, CVE-2018-8381, CVE-2018-8384. 2018-08-15 not yet calculated CVE-2018-8266
BID
SECTRACK
CONFIRM
microsoft — excel A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375. 2018-08-15 not yet calculated CVE-2018-8379
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka “Microsoft Excel Information Disclosure Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. 2018-08-15 not yet calculated CVE-2018-8382
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka “Microsoft Excel Remote Code Execution Vulnerability.” This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379. 2018-08-15 not yet calculated CVE-2018-8375
BID
SECTRACK
CONFIRM
microsoft — exchange_server A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka “Microsoft Exchange Server Tampering Vulnerability.” This affects Microsoft Exchange Server. 2018-08-15 not yet calculated CVE-2018-8374
BID
SECTRACK
CONFIRM
microsoft — exchange_server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka “Microsoft Exchange Memory Corruption Vulnerability.” This affects Microsoft Exchange Server. 2018-08-15 not yet calculated CVE-2018-8302
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka “Internet Explorer Remote Code Execution Vulnerability.” This affects Internet Explorer 11, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8316
BID
SECTRACK
CONFIRM
microsoft — internet_explorer_and_edge An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka “Microsoft Browser Elevation of Privilege Vulnerability.” This affects Internet Explorer 11, Microsoft Edge. 2018-08-15 not yet calculated CVE-2018-8357
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka “Microsoft Browser Memory Corruption Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8403
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8371
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8389
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8353
BID
SECTRACK
CONFIRM
microsoft — internet_explorer A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8373
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. 2018-08-15 not yet calculated CVE-2018-8343
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8346. 2018-08-15 not yet calculated CVE-2018-8345
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8399. 2018-08-15 not yet calculated CVE-2018-8404
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka “Microsoft Graphics Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8344
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8396, CVE-2018-8398. 2018-08-15 not yet calculated CVE-2018-8394
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8405
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8348. 2018-08-15 not yet calculated CVE-2018-8341
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka “Windows Kernel Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. 2018-08-15 not yet calculated CVE-2018-8348
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka “Microsoft Office Information Disclosure Vulnerability.” This affects Word, Microsoft SharePoint Server, Microsoft Office Word Viewer, Microsoft Excel Viewer, Microsoft SharePoint, Microsoft Office. 2018-08-15 not yet calculated CVE-2018-8378
BID
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8394, CVE-2018-8396. 2018-08-15 not yet calculated CVE-2018-8398
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka “Windows Installer Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8339
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka “Scripting Engine Memory Corruption Vulnerability.” This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8389, CVE-2018-8390. 2018-08-15 not yet calculated CVE-2018-8385
BID
SECTRACK
CONFIRM
microsoft — multiple_products  A remote code execution vulnerability exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, aka “Microsoft COM for Windows Remote Code Execution Vulnerability.” This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8349
BID
SECTRACK
CONFIRM
microsoft — office An elevation of privilege vulnerability exists when the Microsoft AutoUpdate (MAU) application for Mac improperly validates updates before executing them, aka “Microsoft (MAU) Office Elevation of Privilege Vulnerability.” This affects Microsoft Office. 2018-08-15 not yet calculated CVE-2018-8412
BID
SECTRACK
CONFIRM
microsoft — powerpoint A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka “Microsoft PowerPoint Remote Code Execution Vulnerability.” This affects Microsoft PowerPoint. 2018-08-15 not yet calculated CVE-2018-8376
BID
SECTRACK
CONFIRM
microsoft — sql_server A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka “Microsoft SQL Server Remote Code Execution Vulnerability.” This affects Microsoft SQL Server. 2018-08-15 not yet calculated CVE-2018-8273
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka “Windows PDF Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. 2018-08-15 not yet calculated CVE-2018-8350
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka “Microsoft Browser Information Disclosure Vulnerability.” This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10. 2018-08-15 not yet calculated CVE-2018-8351
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka “Win32k Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404. 2018-08-15 not yet calculated CVE-2018-8399
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka “Windows Shell Remote Code Execution Vulnerability.” This affects Windows 10 Servers, Windows 10. 2018-08-15 not yet calculated CVE-2018-8414
BID
SECTRACK
CONFIRM
microsoft — windows_10_servers_and_windows_10 An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8401, CVE-2018-8405, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8400
BID
SECTRACK
CONFIRM
microsoft — windows_7_and_windows_server_2008_r2 An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka “Windows NDIS Elevation of Privilege Vulnerability.” This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8343. 2018-08-15 not yet calculated CVE-2018-8342
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka “LNK Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8345. 2018-08-15 not yet calculated CVE-2018-8346
BID
SECTRACK
CONFIRM
microsoft — multiple_products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka “GDI+ Remote Code Execution Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. 2018-08-15 not yet calculated CVE-2018-8397
BID
SECTRACK
CONFIRM
microsoft — multiple_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka “Windows GDI Information Disclosure Vulnerability.” This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8394, CVE-2018-8398. 2018-08-15 not yet calculated CVE-2018-8396
BID
SECTRACK
CONFIRM
microsoft — windows_server_2016_and_windows_10 An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka “Microsoft Cortana Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10. 2018-08-15 not yet calculated CVE-2018-8253
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8204. 2018-08-15 not yet calculated CVE-2018-8200
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka “Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8200. 2018-08-15 not yet calculated CVE-2018-8204
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists in Microsoft Windows when the Windows kernel fails to properly handle parsing of certain symbolic links, aka “Windows Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8347
BID
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8405, CVE-2018-8406. 2018-08-15 not yet calculated CVE-2018-8401
BID
SECTRACK
CONFIRM
microsoft — multiple_products An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka “DirectX Graphics Kernel Elevation of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8400, CVE-2018-8401, CVE-2018-8405. 2018-08-15 not yet calculated CVE-2018-8406
BID
SECTRACK
CONFIRM
microsoft — multiple_products A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka “AD FS Security Feature Bypass Vulnerability.” This affects Windows Server 2016, Windows Server 2012 R2, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-8340
BID
SECTRACK
CONFIRM
microsoft – multiple_products An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka “Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability.” This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. 2018-08-15 not yet calculated CVE-2018-0952
BID
SECTRACK
CONFIRM
monstra — cms Multiple cross-site scripting (XSS) vulnerabilities in Monstra CMS 3.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name field in the edit profile page. 2018-08-14 not yet calculated CVE-2018-14922
MISC
MISC
EXPLOIT-DB
multiple_vendors — bios_firmware An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation. 2018-08-17 not yet calculated CVE-2018-6622
MISC
multiple_vendors — multiple_products mingw-w64 version 5.0.4 by default produces executables that opt in to ASLR, but are not compatible with ASLR. ASLR is an exploit mitigation technique used by modern Windows platforms. For ASLR to function, Windows executables must contain a relocations table. Despite containing the “Dynamic base” PE header, which indicates ASLR compatibility, Windows executables produced by mingw-w64 have the relocations table stripped from them by default. This means that executables produced by mingw-w64 are vulnerable to return-oriented programming (ROP) attacks. Windows executables generated by mingw-w64 claim to be ASLR compatible, but are not. Vulnerabilities in such executables are more easily exploitable as a result. 2018-08-14 not yet calculated CVE-2018-5392
CERT-VN
mybb — mybb inc/plugins/thankyoulike.php in the Eldenroot Thank You/Like plugin before 3.1.0 for MyBB allows XSS via a post or thread subject. 2018-08-14 not yet calculated CVE-2018-14888
MISC
CONFIRM
CONFIRM
EXPLOIT-DB
nasdaq — bwise The JMX/RMI interface in Nasdaq BWise 5.0 does not require authentication for an SAP BO Component, which allows remote attackers to execute arbitrary code via a session on port 81. 2018-08-15 not yet calculated CVE-2018-11247
FULLDISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. 2018-08-10 not yet calculated CVE-2018-14782
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. 2018-08-10 not yet calculated CVE-2018-14784
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. 2018-08-10 not yet calculated CVE-2018-14785
BID
MISC
netcomm_wireless — g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. 2018-08-10 not yet calculated CVE-2018-14783
BID
MISC
nextcloud — server A missing sanitization of search results for an autocomplete field in NextCloud Server <13.0.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. 2018-08-13 not yet calculated CVE-2018-3780
MISC
CONFIRM
nextcloud — server Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. 2018-08-12 not yet calculated CVE-2018-3775
MISC
CONFIRM
nextcloud — server Improper input validator in Nextcloud Server prior to 12.0.3 and 11.0.5 could lead to an attacker’s actions not being logged in the audit log. 2018-08-12 not yet calculated CVE-2018-3776
MISC
CONFIRM
nextcloud — talk A missing sanitization of search results for an autocomplete field in NextCloud Talk <3.2.5 could lead to a stored XSS requiring user-interaction. The missing sanitization only affected user names, hence malicious search results could only be crafted by authenticated users. 2018-08-13 not yet calculated CVE-2018-3781
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘text’ parameter. 2018-08-15 not yet calculated CVE-2018-15148
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. 2018-08-13 not yet calculated CVE-2018-15143
CONFIRM
MISC
openemr — openemr Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. 2018-08-13 not yet calculated CVE-2018-15145
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘temporary_files_dir’ variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15150
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘encounter’ parameter. 2018-08-15 not yet calculated CVE-2018-15149
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory. 2018-08-13 not yet calculated CVE-2018-15139
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. 2018-08-15 not yet calculated CVE-2018-15146
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘id’ parameter. 2018-08-15 not yet calculated CVE-2018-15147
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to execute arbitrary PHP code by writing a file with a PHP extension via the “docid” and “content” parameters and accessing it in the traversed directory. 2018-08-13 not yet calculated CVE-2018-15142
CONFIRM
MISC
EXPLOIT-DB
openemr — openemr Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient. 2018-08-15 not yet calculated CVE-2018-15152
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. 2018-08-13 not yet calculated CVE-2018-15144
CONFIRM
MISC
openemr — openemr SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the ‘search_term’ parameter. 2018-08-15 not yet calculated CVE-2018-15151
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/fax_dispatch.php after modifying the “hylafax_enscript” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15155
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/billing/sl_eob_search.php after modifying the “print_command” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15154
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/main/daemon_frame.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15153
CONFIRM
MISC
MISC
EXPLOIT-DB
CONFIRM
openemr — openemr OS command injection occurring in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary commands by making a crafted request to interface/fax/faxq.php after modifying the “hylafax_server” global variable in interface/super/edit_globals.php. 2018-08-15 not yet calculated CVE-2018-15156
CONFIRM
MISC
MISC
CONFIRM
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to read arbitrary files via the “docid” parameter when the mode is set to get. 2018-08-13 not yet calculated CVE-2018-15140
CONFIRM
MISC
EXPLOIT-DB
openemr — openemr Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the “docid” parameter when the mode is set to delete. 2018-08-13 not yet calculated CVE-2018-15141
CONFIRM
MISC
EXPLOIT-DB
openssh — openssh OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c. 2018-08-17 not yet calculated CVE-2018-15473
MISC
SECTRACK
MISC
MISC
oracle — database_server A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 2018-08-10 not yet calculated CVE-2018-3110
CONFIRM
BID
palo_alto_networks — pan-os The PAN-OS Management Web Interface in Palo Alto Networks PAN-OS 8.1.2 and earlier may allow an authenticated user to shut down all management sessions, resulting in all logged in users to be redirected to the login page. PAN-OS 6.1, PAN-OS 7.1 and PAN-OS 8.0 are NOT affected. 2018-08-16 not yet calculated CVE-2018-10140
BID
CONFIRM
palo_alto_networks — pan-os The PAN-OS response page for GlobalProtect in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected. 2018-08-16 not yet calculated CVE-2018-10139
BID
CONFIRM
pimcore — pimcore Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the “Settings > Users / Roles” function. 2018-08-17 not yet calculated CVE-2018-14057
MISC
FULLDISC
EXPLOIT-DB
MISC
pimcore — pimcore Pimcore before 5.3.0 allows SQL Injection via the REST web service API. 2018-08-17 not yet calculated CVE-2018-14058
MISC
FULLDISC
EXPLOIT-DB
MISC
plex — media_server In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. 2018-08-13 not yet calculated CVE-2018-13415
FULLDISC
EXPLOIT-DB
progress — telerik_justassembly An issue found in Progress Telerik JustAssembly through 2018.1.323.2 and JustDecompile through 2018.2.605.0 makes it possible to execute code by decompiling a compiled .NET object (such as DLL or EXE) with an embedded resource file by clicking on the resource. 2018-08-16 not yet calculated CVE-2018-15122
CONFIRM
CONFIRM

pulp — pulp

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. A malicious user or a malicious iso feed repository can write to locations accessible to the ‘apache’ user. This may lead to overwrite of published content on other iso repositories. 2018-08-15 not yet calculated CVE-2018-10917
CONFIRM
red_hat — jboss_core_services libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. 2018-08-16 not yet calculated CVE-2016-9598
REDHAT
CONFIRM

red_hat — jboss_core_services

libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. 2018-08-16 not yet calculated CVE-2016-9596
CONFIRM
red_hat — openshift_enterprise The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens. 2018-08-13 not yet calculated CVE-2017-15138
REDHAT
CONFIRM
redhat — red_hat_certification An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial of Service. 2018-08-13 not yet calculated CVE-2018-10864
REDHAT
CONFIRM
responsive_filemanager — responsive_filemanager /filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value. 2018-08-17 not yet calculated CVE-2018-15495
MISC
MISC
rpm-software-management — rpm It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege. 2018-08-13 not yet calculated CVE-2017-7500
CONFIRM
CONFIRM
CONFIRM
sap — businessobjects_business_intelligence In SAP BusinessObjects Business Intelligence, versions 4.0, 4.1 and 4.2, while viewing a Web Intelligence report from BI Launchpad, the user session details captured by an HTTP analysis tool could be reused in a HTML page while the user session is still valid. 2018-08-14 not yet calculated CVE-2018-2442
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence AdminTools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allows an attacker to manipulate the vulnerable application to send crafted requests on behalf of the application, resulting in a Server-Side Request Forgery (SSRF) vulnerability. 2018-08-14 not yet calculated CVE-2018-2445
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence Admin tools in SAP BusinessObjects Business Intelligence, versions 4.1, 4.2, allow an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. 2018-08-14 not yet calculated CVE-2018-2446
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence SAP BusinessObjects Business Intelligence (Launchpad Web Intelligence), version 4.2, allows an attacker to execute crafted InfoObject queries, exposing the CMS InfoObjects database. 2018-08-14 not yet calculated CVE-2018-2447
BID
MISC
CONFIRM
sap — businessobjects_business_intelligence Admin tools in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, allows an unauthenticated user to read sensitive information (server name), hence leading to an information disclosure. 2018-08-14 not yet calculated CVE-2018-2448
BID
MISC
CONFIRM
sap — businessobjects_financial_consolidation SAP BusinessObjects Financial Consolidation, versions 10.0, 10.1, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 2018-08-14 not yet calculated CVE-2018-2444
BID
MISC
CONFIRM
sap — change_and_transport_system_and_kernel Under certain conditions the SAP Change and Transport System (ABAP), SAP KERNEL 32 NUC, SAP KERNEL 32 Unicode, SAP KERNEL 64 NUC, SAP KERNEL 64 Unicode 7.21, 7.21EXT, 7.22 and 7.22EXT; SAP KERNEL 7.21, 7.22, 7.45, 7.49, 7.53 and 7.73, allows an attacker to transport information which would otherwise be restricted. 2018-08-14 not yet calculated CVE-2018-2441
BID
MISC
CONFIRM
sap — hana_extended_application_services XS Command-Line Interface (CLI) user sessions with the SAP HANA Extended Application Services (XS), version 1, advanced server may have an unintentional prolonged period of validity. Consequently, a platform user could access controller resources via active CLI session even after corresponding authorizations have been revoked meanwhile by an administrator user. Similarly, an attacker who managed to gain access to the platform user’s session might misuse the session token even after the session has been closed. 2018-08-14 not yet calculated CVE-2018-2451
BID
MISC
CONFIRM
sap — maxdb SAP MaxDB (liveCache), versions 7.8 and 7.9, allows an attacker who gets DBM operator privileges to execute crafted database queries and therefore read, modify or delete sensitive data from database. 2018-08-14 not yet calculated CVE-2018-2450
BID
MISC
CONFIRM
sap — srm_mdm_catalog SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) – import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. 2018-08-14 not yet calculated CVE-2018-2449
BID
MISC
CONFIRM
sentinel — license_manager A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification. 2018-08-17 not yet calculated CVE-2018-15492
MISC
MISC
sony — ipela_e_series_camera_g5_firmware An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. 2018-08-14 not yet calculated CVE-2018-3938
MISC
sony — ipela_e_series_network_camera_g5_firmware An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. 2018-08-14 not yet calculated CVE-2018-3937
MISC
spice — spice A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. 2018-08-17 not yet calculated CVE-2018-10873
CONFIRM
CONFIRM
swoole — swoole The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV. 2018-08-17 not yet calculated CVE-2018-15503
MISC
MISC
tiki — tiki Stored XSS vulnerabilities in Tiki before 18.2, 15.7 and 12.14 allow an authenticated user injecting JavaScript to gain administrator privileges if an administrator opens a wiki page and moves the mouse pointer over a modified link or thumb image. 2018-08-13 not yet calculated CVE-2018-14850
MLIST
MLIST
CONFIRM
tiki — tiki Tiki before 18.2, 15.7 and 12.14 has XSS via link attributes, related to lib/core/WikiParser/OutputLink.php and lib/parser/parserlib.php. 2018-08-13 not yet calculated CVE-2018-14849
MLIST
MLIST
CONFIRM
tp-link — wr840n_devices TP-Link WR840N devices have a buffer overflow via a long Authorization HTTP header. 2018-08-15 not yet calculated CVE-2018-15172
MISC
EXPLOIT-DB
trend_micro — control_manager A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server (DoS). 2018-08-15 not yet calculated CVE-2018-10512
CONFIRM
trend_micro — control_manager A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to conduct a server-side request forgery (SSRF) attack on vulnerable installations. 2018-08-15 not yet calculated CVE-2018-10511
CONFIRM
trend_micro — control_manager A Directory Traversal Remote Code Execution vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to execute arbitrary code on vulnerable installations. 2018-08-15 not yet calculated CVE-2018-10510
CONFIRM
unshiftio — url-parse Incorrect parsing in url-parse <1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol. 2018-08-12 not yet calculated CVE-2018-3774
CONFIRM
CONFIRM
MISC
valeuraddons — german_spelling_dictionary A cross-site scripting (XSS) vulnerability was found in valeuraddons German Spelling Dictionary v1.3 (an Opera Browser add-on). Instead of providing text for a spelling check, remote attackers may inject arbitrary web script or HTML via the ajax query parameter in the URL Address Bar. 2018-08-13 not yet calculated CVE-2018-12587
MISC
MISC
vmware — horizon_and_horizon_client VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1) contain an out-of-bounds read vulnerability in the Message Framework library. Successfully exploiting this issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Note: This issue doesn’t apply to Horizon 6, 7 Agents installed on Linux systems or Horizon Clients installed on non-Windows systems. 2018-08-13 not yet calculated CVE-2018-6970
BID
SECTRACK
CONFIRM
vmware — workstation_and_fusion VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host. 2018-08-15 not yet calculated CVE-2018-6973
BID
SECTRACK
CONFIRM
vuze — bittorrent_client In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains. 2018-08-13 not yet calculated CVE-2018-13417
FULLDISC
EXPLOIT-DB
wordpress — wordpress In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine’s wp-content/plugins directory permissions were set up to block all new plugins. 2018-08-10 not yet calculated CVE-2018-14028
BID
MISC
MISC
MISC
xen — xen An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtualised by the processor, and software has to be careful to configure it suitably not to lock up the core. As a result, it must only be available to fully trusted guests. Unfortunately, in the case that vPMU is disabled, all value checking was skipped, allowing the guest to choose any MSR_DEBUGCTL setting it likes. A malicious or buggy guest administrator (on Intel x86 HVM or PVH) can lock up the entire host, causing a Denial of Service. 2018-08-17 not yet calculated CVE-2018-15468
MISC
xen — xen An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they will simply not be properly set up, resulting in subsequent grant-related hypercalls hitting BUG() checks. An unprivileged guest can cause a BUG() check in the hypervisor, resulting in a denial-of-service (crash). 2018-08-17 not yet calculated CVE-2018-15469
MISC
xen — xen An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 “Operations on data structures” of the OCaml manual, the order of evaluation of subexpressions is not specified. In practice, different implementations behave differently. Thus, oxenstored may not enforce the configured quota-maxentity. This allows a malicious or buggy guest to write as many xenstore entries as it wishes, causing unbounded memory usage in oxenstored. This can lead to a system-wide DoS. 2018-08-17 not yet calculated CVE-2018-15470
MISC
xen — xen An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. 2018-08-17 not yet calculated CVE-2018-15471
MISC
MISC
yubico — piv An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} — in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer. 2018-08-15 not yet calculated CVE-2018-14780
MLIST
MISC
CONFIRM
yubico — piv A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `ykpiv_transfer_data()`: {% highlight c %} if(*out_len + recv_len – 2 > max_out) { fprintf(stderr, “Output buffer to small, wanted to write %lu, max was %lu.”, *out_len + recv_len – 2, max_out); } if(out_data) { memcpy(out_data, data, recv_len – 2); out_data += recv_len – 2; *out_len += recv_len – 2; } {% endhighlight %} — it is clearly checked whether the buffer is big enough to hold the data copied using `memcpy()`, but no error handling happens to avoid the `memcpy()` in such cases. This code path can be triggered with malicious data coming from a smartcard. 2018-08-15 not yet calculated CVE-2018-14779
MLIST
MISC
CONFIRM
zemana — anti-logger A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2.ini under %LOCALAPPDATA%ZemanaZALSDK) to permit execution of unauthorized applications (such as ones that record keystrokes). 2018-08-17 not yet calculated CVE-2018-15491
MISC
zipato — zipabox Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device. 2018-08-13 not yet calculated CVE-2018-15124
MISC
zipato — zipabox Insecure configuration storage in Zipato Zipabox Smart Home Controller BOARD REV – 1 with System Version -118 allows remote attacker perform new attack vectors and take under control device and smart home. 2018-08-13 not yet calculated CVE-2018-15123
MISC
zipato — zipabox Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface. 2018-08-13 not yet calculated CVE-2018-15125
MISC
zyxel — zywall/usg_series_devices ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. 2018-08-15 not yet calculated CVE-2018-9129
CONFIRM
MISC
CONFIRM

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

___VMware_Conv_SA___

This post was originally published on this site

Hey there.

 

After i’ve installed Vmware converter all, in my laptop probook 640g2, it blocked because the vmware created user ___VMware_Conv_SA___ and this user conflicted with the HP software security and blocked my bios.

 

Now… when i try to start my laptop, the pasword for user ___VMware_Conv_SA___ is requested.

 

I would like any assistance for know the password of user for unlock my probook bios.

 

Regards

 

Rafael

PowerShell Module Function Export in Constrained Language

This post was originally published on this site

PowerShell Module Exporting Functions in Constrained Language

PowerShell offers a number of ways to expose functions in a script module. But some options have serious performance or security drawbacks. In this blog I describe these issues and provide simple guidance for creating performant and secure script modules. Look for a module soon in PSGallery that helps you update your modules to be compliant with this guidance.

When PowerShell is running in Constrained Language mode it adds some restrictions in how module functions can be exported. Normally, when PowerShell is not running in Constrained Language, all script functions defined in the module are exported by default.

# TestModule.psm1
function F1 { }
function F2 { }
function F3 { }

# TestModule.psd1
@{ ModuleVersion = '1.0'; RootModule = 'TestModule.psm1' }

# All functions (Function1, Function2, Function3) are exported and available
Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

F1
F2
F3

This is handy and works well for simple modules. However, it can cause problems for more complex modules.

Performance Degradation

Command discovery is much slower when script functions are exported implicitly or explicitly using wildcard characters. This is because PowerShell has to parse all module script content to look for available functions and then match the found function names with a wildcard pattern. If the module uses explicit function export lists, then this parsing during discovery is not necessary. If you have a lot of custom script modules with many functions, the performance hit can become very noticeable. This principal also applies to exporting any other script element such as cmdlets, variables, aliases, and DSC resources.

# TestModule.psm1
function F1 { }
function F2 { }
function F3 { }
...
# This wildcard function export has the same behavior as the default behavior, all module functions are exported and PowerShell has to parse all script to discover available functions
Export-ModuleMember -Function '*'

Confused Intent

For large complex modules, exporting all defined functions is confusing to users as to how the module is intended to be used. The number of defined functions can be very large and the handful of user cmdlets can get lost in the noise. It is much better to export just the functions intended for the user and hide all helper functions.

# TestModule.psm1
function Invoke-Program { }
function F1 { }
function F2 { }
...
function F100 { }

# TestModule.psd1
@{ ModuleVersion = '1.0'; RootModule = 'TestModule.psm1'; FunctionsToExport = 'Invoke-Program' }

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

Invoke-Program

Security

PowerShell runs in Constrained Language mode when a DeviceGuard or AppLocker policy is enforced on the system. This provides a good user shell experience while allowing trusted script modules to run in Full Language so that system management can still be done. For example, a user from the command line cannot use Add-Type to create and run arbitrary C# types, but a trusted script can.

So, it is important that a trusted script does not expose any vulnerabilities such as script injection or arbitrary code execution. Another type of vulnerability is leaking dangerous module functions not intended for public use. A helper function might take arbitrary source code and create a type intended to be used privately in a trusted context. But, if that helper function becomes publically available it exposes a code execution vulnerability.

# TestModule.psm1
function Invoke-Program { }
# Private helper function
function Get-Type
{
    param( [string] $source )
    Add-Type -TypeDefinition $source -PassThru
}

# Exposes *all* module functions!
Export-ModuleMember -Function '*'

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

Invoke-Program
Get-Type

In the above example, Get-Type module helper function is exported via wildcard along with the intended Invoke-Program function. Since this is a trusted module Get-Type runs in Full Language and exposes the ability to create arbitrary types.

Unintended Consequences

A major problem with exporting module functions using wildcards is that you may end up exporting functions unintentionally. For example, your module may specify other nested modules, or it may explicitly import other modules, or it may dot source script files into the module scope. All of those script functions will become publicly available if wild cards are used to export module functions.

# TestModule.psm1
import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }

# Exposes *all* module functions!
Export-ModuleMember -Function '*'

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions
Invoke-Program
HelperFn1
HelperFn2
Compile-CSharp

Module Function Export Restrictions

When PowerShell detects that an application whitelisting policy is enforced it runs in Constrained Language mode as mentioned previously, but it also applies some function export restrictions for imported modules. Remember that these restrictions only apply when PowerShell is running under DeviceGuard or AppLocker policy enforcement mode. Otherwise module function export works as before.

  • Wildcards are not allowed with the FunctionsToExport keyword in a module manifest (.psd1 file). If a wildcard is found in the keyword argument then no functions are exported in that module.
  • Wildcards are allowed in a module script file (.psm1). This is to provide backward compatibility but we strongly discourage it.
  • A module that uses wildcards to export functions, and at the same time dot sources script files into the module scope, will throw an error during module loading time. Note that if a psm1 file exports functions via wildcard, but it is imported under a manifest (psd1 file) that exports functions explicitly by name, then no error is thrown because the psd1 overrides any function export done within a psm1 file associated with the manifest. But if the psm1 file is imported directly (without the psd1 manifest file) then the error is thrown (see example below). Basically, the dot source operator cannot be used in module script along with wildcard based function export. It is too easy to inadvertently expose unwanted functions.

These restrictions are to help prevent inadvertent exposure of functions. By using wildcard based function export, you may be exposing dangerous functions without knowing it.

# TestModule.psm1
Import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }
Export-ModuleMember -Function '*'

# TestModule.psd1
@{ ModuleVersion='1.0'; RootModule='TestModule.psm1'; FunctionsToExport='Invoke-Program' }

# Importing the psm1 file directly results in error because of the wildcard function export and use of dot source operator
Import-Module -Name TestModuleTestModule.psm1
Error:
'This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.'

# But importing using the module manifest succeeds since the manifest explicitly exports functions by name without wildcards
Import-Module TestModule
Get-Module -Name TestModule | Select -ExpandProperty ExportedFunctions
Invoke-Program

Module Function Export Best Practices

Best practices for module function exporting is pretty simple. Always export module functions explicitly by name. Never export using wild card names. This will yield the best performance and ensure you don’t expose functions you don’t intend to expose. It makes your module safer to use as trusted in a DeviceGuard policy enforcement environment.

# TestModule.psm1
Import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }

# TestModule.psd1
@ { ModuleVersion='1.0'; RootModule='TestModule.psm1'; FunctionsToExport='Invoke-Program' }

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions
Invoke-Program

Paul Higinbotham
Senior Software Engineer
PowerShell Team

SB18-225: Vulnerability Summary for the Week of August 6, 2018

This post was originally published on this site

Original release date: August 13, 2018

The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0

  • Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9

  • Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9

Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.

The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no high vulnerabilities recorded this week.

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no medium vulnerabilities recorded this week.

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
aedes — aedes
 
Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized. 2018-08-08 not yet calculated CVE-2018-3778
MISC
MISC
MISC
apache — airflow It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don’t, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above. 2018-08-06 not yet calculated CVE-2017-12614
MLIST
arubanetworks — airwave Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker’s choosing. This could include files that contain passwords, which could then lead to privilege escalation. 2018-08-06 not yet calculated CVE-2016-8526
CONFIRM
BID
EXPLOIT-DB
arubanetworks — airwave Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. 2018-08-06 not yet calculated CVE-2016-8527
CONFIRM
BID
EXPLOIT-DB
arubanetworks — arubaos Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code – remote code execution has not yet been confirmed. 2018-08-06 not yet calculated CVE-2017-9003
CONFIRM
SECTRACK
arubanetworks — arubaos ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility controller on TCP port 8080 or 8081 may be able to access arbitrary files stored on the mobility controller. Ports 8080 and 8081 are used for captive portal functionality and are listening, by default, on all IP interfaces of the mobility controller, including captive portal interfaces. The attacker could access files which could contain passwords, keys, and other sensitive information that could lead to full system compromise. 2018-08-06 not yet calculated CVE-2017-9000
CONFIRM
SECTRACK
arubanetworks — clearpass Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that helps to coordinate cluster actions. An authenticated user with the “mon” permission could use this vulnerability to obtain cluster credentials which could allow privilege escalation. This vulnerability is only present when authenticated as a user with “mon” permission. 2018-08-06 not yet calculated CVE-2018-7059
CONFIRM
arubanetworks — clearpass Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulnerable to CSRF attacks against authenticated users. An attacker could manipulate an authenticated user into performing actions on the web administrative interface. 2018-08-06 not yet calculated CVE-2018-7060
CONFIRM
arubanetworks — clearpass Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web interfaces, including administrative, guest captive portal, and API. Customers who do not expose ClearPass web interfaces to untrusted users are impacted to a lesser extent. 2018-08-06 not yet calculated CVE-2018-7058
CONFIRM
arubanetworks — clearpass Aruba ClearPass 6.6.3 and later includes a feature called “SSH Lockout”, which causes ClearPass to lock accounts with too many login failures through SSH. When this feature is enabled, an unauthenticated remote command execution vulnerability is present which could allow an unauthenticated user to execute arbitrary commands on the underlying operating system with “root” privilege level. This vulnerability is only present when a specific feature has been enabled. The SSH Lockout feature is not enabled by default, so only systems which have enabled this feature are vulnerable. 2018-08-06 not yet calculated CVE-2017-9001
CONFIRM
arubanetworks — clearpass All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross-site scripting vulnerabilities. By exploiting this vulnerability, an attacker who can trick a logged-in ClearPass administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into ClearPass in the same browser. 2018-08-06 not yet calculated CVE-2017-9002
CONFIRM
asus — hg100_devices ASUS HG100 devices allow denial of service via an IPv4 packet flood. 2018-08-10 not yet calculated CVE-2018-11492
MISC
atlassian — cloudtoken Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users’ roles. 2018-08-10 not yet calculated CVE-2018-13390
MISC
auracms — auracms
 
AuraCMS 2.3 allows XSS via a Bukutamu -> AddGuestbook action. 2018-08-07 not yet calculated CVE-2018-15199
MISC
celalink — clr-m20_devices CeLa Link CLR-M20 devices allow unauthorized users to upload any file (e.g., asp, aspx, cfm, html, jhtml, jsp, or shtml), which causes remote code execution as well. Because of the WebDAV feature, it is possible to upload arbitrary files by utilizing the PUT method. 2018-08-07 not yet calculated CVE-2018-15137
MISC
cgit — cgit
 
cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. 2018-08-03 not yet calculated CVE-2018-14912
MISC
MLIST
MISC
DEBIAN
cisco — thor Stack-based buffer overflow in the Cisco Thor decoder before commit 18de8f9f0762c3a542b1122589edb8af859d9813 allows local users to cause a denial of service (segmentation fault) and execute arbitrary code via a crafted non-conformant Thor bitstream. 2018-08-09 not yet calculated CVE-2018-0429
CONFIRM
cobbler — cobbler
 
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of the daemon. 2018-08-09 not yet calculated CVE-2018-10931
REDHAT
CONFIRM
coremail — coremail
 
Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. 2018-08-10 not yet calculated CVE-2018-14503
MISC
couchdb — couchdb CouchDB administrative users before 2.2.0 can configure the database server via HTTP(S). Due to insufficient validation of administrator-supplied configuration settings via the HTTP API, it is possible for a CouchDB administrator user to escalate their privileges to that of the operating system’s user under which CouchDB runs, by bypassing the blacklist of configuration settings that are not allowed to be modified via the HTTP API. This privilege escalation effectively allows a CouchDB admin user to gain arbitrary remote code execution, bypassing CVE-2017-12636 and CVE-2018-8007. 2018-08-08 not yet calculated CVE-2018-11769
BID
MISC
craft — cms
 
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don’t match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code. 2018-08-06 not yet calculated CVE-2018-14716
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
EXPLOIT-DB
crestron — tsw-x60_and_mc3 For Crestron TSW-X60 version prior to 2.001.0037.001 and MC3 version prior to 1.502.0047.001, The devices are shipped with authentication disabled, and there is no indication to users that they need to take steps to enable it. When compromised, the access to the CTP console is left open. 2018-08-10 not yet calculated CVE-2018-10630
MISC
crestron — tsw-x60_and_mc3 Crestron TSW-X60 all versions prior to 2.001.0037.001 and MC3 all versions prior to 1.502.0047.00, The passwords for special sudo accounts may be calculated using information accessible to those with regular user privileges. Attackers could decipher these passwords, which may allow them to execute hidden API calls and escape the CTP console sandbox environment with elevated privileges. 2018-08-10 not yet calculated CVE-2018-13341
MISC
csrf-magic — csrf-magic
 
In csrf-magic before 1.0.4, if $GLOBALS[‘csrf’][‘secret’] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatically generated secret is not used. 2018-08-07 not yet calculated CVE-2013-7464
MISC
MISC
MISC
dell — wyse_management_suite Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges. 2018-08-10 not yet calculated CVE-2018-11063
MISC
dell_emc — data_protection_advisor_and_data_protection_appliance Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type Definitions (DTDs) in an XML request. 2018-08-10 not yet calculated CVE-2018-11048
FULLDISC
SECTRACK
dilawar — sound An issue has been found in dilawar sound through 2017-11-27. The end of openWavFile in wav-file.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). 2018-08-05 not yet calculated CVE-2018-14948
MISC
MISC
django — django
 
django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect. 2018-08-03 not yet calculated CVE-2018-14574
BID
SECTRACK
UBUNTU
DEBIAN
CONFIRM
drupal — drupal
 
Drupal core 8 before versions 8.3.4 allows remote attackers to execute arbitrary code due to the PECL YAML parser not handling PHP objects safely during certain operations. 2018-08-06 not yet calculated CVE-2017-6920
BID
SECTRACK
CONFIRM
emlsoft — emlsoft An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=user&do=add page allows CSRF. 2018-08-06 not yet calculated CVE-2018-14966
MISC
emlsoft — emlsoft An issue was discovered in EMLsoft 5.4.5. The eml/upload/eml/?action=address&do=add page allows CSRF. 2018-08-06 not yet calculated CVE-2018-14965
MISC
emlsoft — emlsoft An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.address.php has SQL Injection via the numPerPage parameter. 2018-08-06 not yet calculated CVE-2018-14968
MISC
emlsoft — emlsoft An issue was discovered in EMLsoft 5.4.5. uploademlactionaction.user.php has SQL Injection via the numPerPage parameter. 2018-08-06 not yet calculated CVE-2018-14967
MISC
emlsoft — emlsoft An issue was discovered in EMLsoft 5.4.5. XSS exists via the eml/upload/eml/?action=address&do=edit page. 2018-08-06 not yet calculated CVE-2018-14964
MISC
ethereum — eether_token An integer overflow in the unprotected distributeToken function of a smart contract implementation for EETHER (EETHER), an Ethereum ERC20 token, will lead to an unauthorized increase of an attacker’s digital assets. 2018-08-08 not yet calculated CVE-2018-11561
MISC
ethereum — megacryptopolis The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always causing exceptions buys a land, users cannot buy lands near that contract’s land, because those purchase attempts will not be completed unless the doPayouts() function successfully sends Ether to certain neighbors. 2018-08-06 not yet calculated CVE-2018-13877
MISC
ethereum — mycryptochamp The randMod() function of the smart contract implementation for MyCryptoChamp, an Ethereum game, generates a random value with publicly readable variables such as the current block information and a private variable, (which can be read with a getStorageAt call). Therefore, attackers can get powerful champs/items and get rewards. 2018-08-07 not yet calculated CVE-2018-12885
MISC
MISC
MISC
ethereum — smartmesh_token The transferProxy and approveProxy functions of a smart contract implementation for SmartMesh (SMT), an Ethereum ERC20 token, allow attackers to accomplish an unauthorized transfer of digital assets because replay attacks can occur with the same-named functions (with the same signatures) in other tokens: First (FST), GG Token (GG), M2C Mesh Network (MTC), M2C Mesh Network (mesh), and UG Token (UGT). 2018-08-10 not yet calculated CVE-2018-10769
MISC
freebsd — freebsd One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system’s network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost. 2018-08-09 not yet calculated CVE-2018-6922
SECTRACK
FREEBSD
gitea_and_gogs — gitea_and_gogs
 
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. 2018-08-07 not yet calculated CVE-2018-15192
MISC
MISC
gogs — gogs A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link. 2018-08-07 not yet calculated CVE-2018-15193
MISC
gogs — gogs
 
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial / substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go. 2018-08-07 not yet calculated CVE-2018-15178
MISC
MISC
gxlcms — gxlcms
 
In Gxlcms 2.0, a news/index.php?s=Admin-Admin-Insert CSRF attack can add an administrator account. 2018-08-07 not yet calculated CVE-2018-15177
MISC
harmonic — nsg_9000_devices Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account. 2018-08-05 not yet calculated CVE-2018-14943
MISC
harmonic — nsg_9000_devices Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI. 2018-08-05 not yet calculated CVE-2018-14941
MISC
harmonic — nsg_9000_devices Harmonic NSG 9000 devices allow remote authenticated users to conduct directory traversal attacks, as demonstrated by “POST /PY/EMULATION_GET_FILE” or “POST /PY/EMULATION_EXPORT” with FileName=../../../passwd in the POST data. 2018-08-05 not yet calculated CVE-2018-14942
MISC

hewlett_packard_enterprise — arcsight_winc_connector

A remote code execution security vulnerability has been identified in all versions of the HP ArcSight WINC Connector prior to v7.3.0. 2018-08-06 not yet calculated CVE-2016-4391
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — business_service_management A remote code execution vulnerability was identified in HP Business Service Management (BSM) using Apache Commons Collection Java Deserialization versions v9.20-v9.26 2018-08-06 not yet calculated CVE-2016-4405
BID
CONFIRM
hewlett_packard_enterprise — business_service_management A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 – v9.25IP1. 2018-08-06 not yet calculated CVE-2016-4392
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management HPE has identified a remote privilege escalation vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version. 2018-08-06 not yet calculated CVE-2017-8992
CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version. 2018-08-06 not yet calculated CVE-2018-7070
CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management
 
HPE has identified a remote HOST header attack vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version. 2018-08-06 not yet calculated CVE-2018-7068
CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management
 
HPE has identified a remote unauthenticated access to files vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version. 2018-08-06 not yet calculated CVE-2018-7069
CONFIRM
hewlett_packard_enterprise — centralview_fraud_risk_management
 
HPE has identified a cross site scripting (XSS) vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This isssue is resolved in HF16 for HPE CV 6.1 or subsequent version. 2018-08-06 not yet calculated CVE-2017-8991
CONFIRM
hewlett_packard_enterprise — icewall_sso_dfw
 
A security vulnerability in HPE IceWall SSO Dfw 10.0 and 11.0 on RHEL, HP-UX, and Windows could be exploited remotely to allow URL Redirection. 2018-08-06 not yet calculated CVE-2017-8989
CONFIRM
hewlett_packard_enterprise — integrated_lights_out A Unauthenticated Remote Denial of Service vulnerability was identified in HPE Integrated Lights-Out 3 (iLO 3) version v1.88 only. The vulnerability is resolved in iLO3 v1.89 or subsequent versions. 2018-08-06 not yet calculated CVE-2017-8987
SECTRACK
CONFIRM
hewlett_packard_enterprise — integrated_lights_out A remote code execution was identified in HPE Integrated Lights-Out 4 (iLO 4) earlier than version v2.60 and HPE Integrated Lights-Out 5 (iLO 5) earlier than version v1.30. 2018-08-06 not yet calculated CVE-2018-7078
SECTRACK
CONFIRM
hewlett_packard_enterprise — integrated_lights_out
 
A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. 2018-08-06 not yet calculated CVE-2016-4406
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — intelligent_management_center A potential security vulnerability has been identified in HPE Intelligent Management Center Platform (IMC Plat) 7.3 E0506P09. The vulnerability could be remotely exploited to allow for remote directory traversal leading to arbitrary file deletion. 2018-08-06 not yet calculated CVE-2018-7092
SECTRACK
CONFIRM
hewlett_packard_enterprise — intelligent_management_center_wireless_service_manager
 
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Service Manager (WSM) Software earlier than version WSM 7.3 (E0506). This issue was resolved in HPE IMC Wireless Services Manager Software IMC WSM 7.3 E0506P01 or subsequent version. 2018-08-06 not yet calculated CVE-2017-8990
SECTRACK
CONFIRM
hewlett_packard_enterprise — intelligent_management_center
 
A remote code execution vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT 7.3 E0506P07. The vulnerability was resolved in iMC PLAT 7.3 E0605P04 or subsequent version. 2018-08-06 not yet calculated CVE-2018-7074
SECTRACK
CONFIRM
hewlett_packard_enterprise — intelligent_management_center
 
A remote cross-site scripting (XSS) vulnerability was identified in HPE Intelligent Management Center (iMC) PLAT version v7.3 (E0506). The vulnerability is fixed in Intelligent Management Center PLAT 7.3 E0605P04 or subsequent version. 2018-08-06 not yet calculated CVE-2018-7075
CONFIRM
hewlett_packard_enterprise — keyview A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via a memory allocation issue. 2018-08-06 not yet calculated CVE-2016-4404
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — keyview A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via buffer overflow. 2018-08-06 not yet calculated CVE-2016-4402
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — keyview A security vulnerability was identified in the Filter SDK component of HP KeyView earlier than v11.2. The vulnerability could be exploited remotely to allow code execution via memory corruption. 2018-08-06 not yet calculated CVE-2016-4403
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — moonshot_provisioning_manager
 
A remote bypass of security restrictions vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. 2018-08-06 not yet calculated CVE-2018-7072
CONFIRM
MISC
hewlett_packard_enterprise — moonshot_provisioning_manager
 
A local arbitrary file modification vulnerability was identified in HPE Moonshot Provisioning Manager prior to v1.24. 2018-08-06 not yet calculated CVE-2018-7073
CONFIRM
UBUNTU
MISC
hewlett_packard_enterprise — network_function_virtualization_director
 
HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3. 2018-08-06 not yet calculated CVE-2018-7071
CONFIRM
hewlett_packard_enterprise — network_node_manager_i A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). 2018-08-06 not yet calculated CVE-2016-4400
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — network_node_manager_i A local code execution security vulnerability was identified in HP Network Node Manager i (NNMi) v10.00, v10.10 and v10.20 Software. 2018-08-06 not yet calculated CVE-2016-4397
BID
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — network_node_manager_i A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). 2018-08-06 not yet calculated CVE-2016-4399
BID
SECTRACK
CONFIRM
hewlett_packard_enterprise — network_node_manager_i A remote arbitrary code execution vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10 using Java Deserialization. 2018-08-06 not yet calculated CVE-2016-4398
BID
CONFIRM
hewlett_packard_enterprise — restful_interface_tool A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions. 2018-08-06 not yet calculated CVE-2017-8968
CONFIRM
hewlett_packard_enterprise — xp_command_view_advanced_edition
 
A Remote Bypass of Security Restrictions vulnerability was identified in HPE XP Command View Advanced Edition Software Earlier than 8.5.3-00. The vulnerability impacts DevMgr Earlier than 8.5.3-00 (for Windows, Linux), RepMgr earlier than 8.5.3-00 (for Windows, Linux) and HDLM earlier than 8.5.3-00 (for Windows, Linux, Solaris, AIX). 2018-08-06 not yet calculated CVE-2017-8988
CONFIRM
hewlett_packard_enterprise — xp_p9000_command_view_advanced_edition
 
HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. 2018-08-06 not yet calculated CVE-2018-7091
CONFIRM
hewlett_packard_enterprise — xp_p9000_command_view_advanced_edition
 
HPE XP P9000 Command View Advanced Edition Software (CVAE) has local and remote cross site scripting vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr. 2018-08-06 not yet calculated CVE-2018-7090
CONFIRM
hitachi — command_suite An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message. 2018-08-09 not yet calculated CVE-2018-14735
CONFIRM
ibm — jazz_foundation_products IBM Jazz Foundation products (IBM Rational DOORS Next Generation 5.0 through 5.0.2 and 6.0 through 6.0.5) are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 139025. 2018-08-06 not yet calculated CVE-2018-1422
CONFIRM
BID
XF
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 installs with a default administrator account that a remote intruder could use to gain administrator access to the system. This vulnerability is due to an incomplete fix for CVE-2015-4966. IBM X-Force ID: 142116. 2018-08-03 not yet calculated CVE-2018-1524
XF
CONFIRM
ibm — maximo_asset_management IBM Maximo Asset Management 7.6 through 7.6.3 could allow an authenticated user to obtain sensitive information from the WhoAmI API. IBM X-Force ID: 142290. 2018-08-06 not yet calculated CVE-2018-1528
BID
XF
CONFIRM
ibm — rhapsody_model_manager IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510. 2018-08-07 not yet calculated CVE-2018-1690
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859. 2018-08-06 not yet calculated CVE-2017-1366
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400. 2018-08-06 not yet calculated CVE-2017-1412
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 could allow a local attacker to inject commands into malicious files that could be executed by the administrator. IBM X-Force ID: 135855. 2018-08-06 not yet calculated CVE-2017-1755
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861. 2018-08-06 not yet calculated CVE-2017-1368
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399. 2018-08-06 not yet calculated CVE-2017-1411
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342. 2018-08-06 not yet calculated CVE-2017-1396
CONFIRM
XF
ibm — security_identity_governance_virtual_appliance IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396. 2018-08-06 not yet calculated CVE-2017-1409
CONFIRM
XF
ibm — websphere_mq IBM WebSphere MQ 8.0.0.2 through 8.0.0.8 and 9.0.0.0 through 9.0.0.3 could allow users to have more authority than they should have if an MQ administrator creates an invalid user group name. IBM X-Force ID: 142888. 2018-08-06 not yet calculated CVE-2018-1551
BID
XF
CONFIRM
ignited — cms An issue was discovered in Ignited CMS through 2017-02-19. ign/index.php/admin/pages/add_page allows a CSRF attack to add pages. 2018-08-08 not yet calculated CVE-2018-15203
MISC
insteon — hub Specially crafted commands sent through the PubNub service in Insteon Hub 2245-222 with firmware version 1012 can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability.At 0x9d014cc0 the value for the cmd key is copied using strcpy to the buffer at $sp+0x11c. This buffer is 20 bytes large, sending anything longer will cause a buffer overflow. 2018-08-06 not yet calculated CVE-2017-16252
MISC
insteon — hub An exploitable buffer overflow vulnerability exists in the PubNub message handler for the ‘ad’ channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. 2018-08-06 not yet calculated CVE-2017-14447
MISC
jenkins — jenkins
 
jenkins-email-ext before version 2.57.1 is vulnerable to an Information Exposure. The Email Extension Plugins is able to send emails to a dynamically created list of users based on the changelogs, like authors of SCM changes since the last successful build. This could in some cases result in emails being sent to people who have no user account in Jenkins, and in rare cases even people who were not involved in whatever project was being built, due to some mapping based on the local-part of email addresses. 2018-08-06 not yet calculated CVE-2017-2654
CONFIRM
CONFIRM
jiofi — 4g_hotspot_m2s_devices JioFi 4G Hotspot M2S devices allow attackers to cause a denial of service (secure configuration outage) via an XSS payload in the SSID name and Security Key fields. 2018-08-09 not yet calculated CVE-2018-15181
MISC
jpeg_encoder — jpeg_encoder An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp. 2018-08-05 not yet calculated CVE-2018-14945
MISC
MISC
jpeg_encoder — jpeg_encoder
 
An issue has been found in jpeg_encoder through 2015-11-27. It is a SEGV in the function readFromBMP in jpeg_encoder.cpp. The signal is caused by an out-of-bounds write. 2018-08-05 not yet calculated CVE-2018-14944
MISC
MISC
juunan06 — ecommerce An issue was discovered in Juunan06 eCommerce through 2018-08-05. There is a CSRF vulnerability in ee/eBoutique/app/template/includes/crudTreatment.php that can add new users and add products. 2018-08-08 not yet calculated CVE-2018-15202
MISC
laravel — framework In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack. 2018-08-09 not yet calculated CVE-2018-15133
CONFIRM
libpq — libpq
 
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with “host” or “hostaddr” connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected. 2018-08-09 not yet calculated CVE-2018-10915
CONFIRM
DEBIAN
CONFIRM
libreoffice — libreoffice The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact if LibreOffice is automatically launched during web browsing with pathnames controlled by a remote web site. 2018-08-05 not yet calculated CVE-2018-14939
BID
MISC
libtiff — libtiff
 
ChopUpSingleUncompressedStrip in tif_dirread.c in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file, as demonstrated by tiff2pdf. 2018-08-08 not yet calculated CVE-2018-15209
MISC
linux — kernel The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a “software IO TLB” printk call. 2018-08-07 not yet calculated CVE-2018-5953
BID
MISC
linux — kernel The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a “pages/cpu” printk call. 2018-08-07 not yet calculated CVE-2018-5995
BID
MISC
linux — kernel
 
The aoedisk_debugfs_show function in drivers/block/aoe/aoeblk.c in the Linux kernel through 4.16.4rc4 allows local users to obtain sensitive address information by reading “ffree: ” lines in a debugfs file. 2018-08-10 not yet calculated CVE-2018-7754
CONFIRM
MISC
linux — kernel
 
Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service. 2018-08-06 not yet calculated CVE-2018-5390
BID
SECTRACK
SECTRACK
CONFIRM
UBUNTU
UBUNTU
DEBIAN
CERT-VN
CONFIRM
lxc-user-nic — lxc-user-nic
 
lxc-user-nic when asked to delete a network interface will unconditionally open a user provided path. This code path may be used by an unprivileged user to check for the existence of a path which they wouldn’t otherwise be able to reach. It may also be used to trigger side effects by causing a (read-only) open of special kernel files (ptmx, proc, sys). Affected releases are LXC: 2.0 versions above and including 2.0.9; 3.0 versions above and including 3.0.0, prior to 3.0.2. 2018-08-10 not yet calculated CVE-2018-6556
CONFIRM
CONFIRM
UBUNTU
medtronic — mycarelink_and_patient_monitor A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. 2018-08-10 not yet calculated CVE-2018-10626
BID
MISC
medtronic — mycarelink_and_patient_monitor A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. 2018-08-10 not yet calculated CVE-2018-10622
BID
MISC
multiple_vendors — bluetooth_firmware_and_operating_system_software_drivers
 
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. 2018-08-07 not yet calculated CVE-2018-5383
MISC
BID
SECTRACK
CONFIRM
CERT-VN
netcomm_wireless — 4g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. 2018-08-10 not yet calculated CVE-2018-14785
MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. 2018-08-10 not yet calculated CVE-2018-14783
MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. 2018-08-10 not yet calculated CVE-2018-14784
MISC
netcomm_wireless — 4g_lte_light_industrial_m2m_router NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. 2018-08-10 not yet calculated CVE-2018-14782
MISC
netiq — edirectory Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1. 2018-08-09 not yet calculated CVE-2018-7692
MISC
netiq — edirectory Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage. 2018-08-09 not yet calculated CVE-2018-7686
MISC
nmap — nmap
 
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted TCP-based service. 2018-08-07 not yet calculated CVE-2018-15173
MISC
MISC
ocs_inventory_ng — ocs_inventory_server Unrestricted file upload (with remote code execution) in require/mail/NotificationMail.php in Webconsole in OCS Inventory NG OCS Inventory Server through 2.5 allows a privileged user to gain access to the server via a template file containing PHP code, because file extensions other than .html are permitted. 2018-08-06 not yet calculated CVE-2018-14857
FULLDISC
SECTRACK
CONFIRM
onethink — onethink An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/User/add.html that can add a user. 2018-08-07 not yet calculated CVE-2018-15198
MISC
onethink — onethink
 
An issue was discovered in OneThink v1.1. There is a CSRF vulnerability in admin.php?s=/AuthManager/addToGroup.html that can endow administrator privileges. 2018-08-07 not yet calculated CVE-2018-15197
MISC
oracle — database_server A vulnerability was discovered in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java VM. CVSS 3.0 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). 2018-08-10 not yet calculated CVE-2018-3110
CONFIRM
pdf2json — pdf2json An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete). 2018-08-05 not yet calculated CVE-2018-14946
MISC
MISC
pdf2json — pdf2json An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). 2018-08-05 not yet calculated CVE-2018-14947
MISC
MISC
php — php
 
An issue was discovered in ext/standard/link_win32.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. The linkinfo function on Windows doesn’t implement the open_basedir check. This could be abused to find files on paths outside of the allowed directories. 2018-08-07 not yet calculated CVE-2018-15132
MISC
MISC
MISC
MISC
phpcms — phpcms
 
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. 2018-08-05 not yet calculated CVE-2018-14940
MISC
phpscriptsmall.com — advanced_real_estate_script PHP Scripts Mall advanced-real-estate-script 4.0.9 has CSRF via edit-profile.php. 2018-08-10 not yet calculated CVE-2018-15187
MISC
phpscriptsmall.com — advanced_real_estate_script PHP Scripts Mall advanced-real-estate-script has XSS via the Name field of a profile. 2018-08-10 not yet calculated CVE-2018-15189
MISC
phpscriptsmall.com — advanced_real_estate_script PHP Scripts Mall advanced-real-estate-script 4.0.9 allows remote attackers to cause a denial of service (page structure loss) via crafted JavaScript code in the Name field of a profile. 2018-08-10 not yet calculated CVE-2018-15188
MISC
phpscriptsmall.com — basic_b2b_script PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields. 2018-08-03 not yet calculated CVE-2018-14541
MISC
EXPLOIT-DB
phpscriptsmall.com — car_rental_script PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. 2018-08-09 not yet calculated CVE-2018-15182
MISC
phpscriptsmall.com — cms_auditor_website PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has CSRF via client/auditor/updprofile.php. 2018-08-10 not yet calculated CVE-2018-15186
MISC
phpscriptsmall.com — hotel_booking_script PHP Scripts Mall hotel-booking-script 2.0.4 allows XSS via the First Name, Last Name, or Address field. 2018-08-10 not yet calculated CVE-2018-15190
MISC
phpscriptsmall.com — hotel_booking_script PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field. 2018-08-10 not yet calculated CVE-2018-15191
MISC
phpscriptsmall.com — naukri_clone_script PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 has Stored XSS via the USERNAME field, a related issue to CVE-2018-6795. 2018-08-09 not yet calculated CVE-2018-15184
MISC
phpscriptsmall.com — naukri_clone_script PHP Scripts Mall Naukri / Shine / Jobsite Clone Script 3.0.4 allows remote attackers to cause a denial of service (page update outage) via crafted PHP and JavaScript code in the “Current Position” field. 2018-08-10 not yet calculated CVE-2018-15185
MISC
phpscriptsmall.com — php_template_store_script PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile. 2018-08-06 not yet calculated CVE-2018-14869
MISC
EXPLOIT-DB
phpscriptsmall.com — resume_builder_script PHP Scripts Mall Myperfectresume / JobHero / Resume Clone Script 2.0.6 has Stored XSS via the Full Name and Title fields. 2018-08-09 not yet calculated CVE-2018-15183
MISC
postgresql — postgresql It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with “INSERT … ON CONFLICT DO UPDATE”. An attacker with “CREATE TABLE” privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain “INSERT” and limited “UPDATE” privileges to a particular table, they could exploit this to update other columns in the same table. 2018-08-09 not yet calculated CVE-2018-10925
CONFIRM
DEBIAN
CONFIRM
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS. 2018-08-06 not yet calculated CVE-2018-14973
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS. 2018-08-06 not yet calculated CVE-2018-14971
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS. 2018-08-06 not yet calculated CVE-2018-14976
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS. 2018-08-06 not yet calculated CVE-2018-14972
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS. 2018-08-06 not yet calculated CVE-2018-14970
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS. 2018-08-06 not yet calculated CVE-2018-14975
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070. 2018-08-06 not yet calculated CVE-2018-14977
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI. 2018-08-06 not yet calculated CVE-2018-14978
MISC
qcms — qcms An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS. 2018-08-06 not yet calculated CVE-2018-14974
MISC
qcms — qcms
 
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS. 2018-08-06 not yet calculated CVE-2018-14969
MISC
responsive_filemanager — responsive_filemanager upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter. 2018-08-03 not yet calculated CVE-2018-14728
MISC
EXPLOIT-DB
rubygems — active-support_gem active-support ruby gem 5.2.0 could allow a remote attacker to execute arbitrary code on the system, caused by containing a malicious backdoor. An attacker could exploit this vulnerability to execute arbitrary code on the system. 2018-08-10 not yet calculated CVE-2018-3779
MISC
siemens — automation_license_manager A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4). An attacker with network access to the device could send specially crafted network packets to determine whether or not a network port on another remote system is accessible or not. This allows the attacker to do basic network scanning using the victims machine. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges, no user interaction is required. The impact is limited to determining whether or not a port on a target system is accessible by the affected device. 2018-08-07 not yet calculated CVE-2018-11456
CONFIRM
siemens — automation_license_manager A vulnerability has been identified in Automation License Manager 5 (All versions < 5.3.4.4), Automation License Manager 6 (All versions < 6.0.1). A directory traversal vulnerability could allow a remote attacker to move arbitrary files, which can result in code execution, compromising confidentiality, integrity and availability of the system. Successful exploitation requires a network connection to the affected device. The attacker does not need privileges or special conditions of the system, but user interaction is required. 2018-08-07 not yet calculated CVE-2018-11455
CONFIRM
siemens — simatic_step_7_and_simatic_wincc A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to insert specially crafted files which may prevent TIA Portal startup (Denial-of-Service) or lead to local code execution. No special privileges are required, but the victim needs to attempt to start TIA Portal after the manipulation. 2018-08-07 not yet calculated CVE-2018-11453
CONFIRM
siemens — simatic_step_7_and_simatic_wincc A vulnerability has been identified in SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V10, V11, V12 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V13 (All versions), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V14 (All versions < V14 SP1 Update 6), SIMATIC STEP 7 (TIA Portal) and WinCC (TIA Portal) V15 (All versions < V15 Update 2). Improper file permissions in the default installation of TIA Portal may allow an attacker with local file system access to manipulate resources which may be transferred to devices and executed there by a different user. No special privileges are required, but the victim needs to transfer the manipulated files to a device. Execution is caused on the target device rather than on the PG device. 2018-08-07 not yet calculated CVE-2018-11454
CONFIRM
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<svg><a xlink:href=”https://www.us-cert.gov attack. 2018-08-05 not yet calculated CVE-2018-14950
MISC
MISC
MISC
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<form action=’data:text” attack. 2018-08-05 not yet calculated CVE-2018-14951
MISC
MISC
MISC
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. 2018-08-05 not yet calculated CVE-2018-14954
MISC
MISC
MISC
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<math xlink:href=”https://www.us-cert.gov attack. 2018-08-05 not yet calculated CVE-2018-14953
MISC
MISC
MISC
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via a “<math><maction xlink:href=”https://www.us-cert.gov attack. 2018-08-05 not yet calculated CVE-2018-14952
MISC
MISC
MISC
squirrelmail — squirrelmail The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). 2018-08-05 not yet calculated CVE-2018-14955
MISC
MISC
MISC
symfony — symfony An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The Intl component includes various bundle readers that are used to read resource bundles from the local filesystem. The read() methods of these classes use a path and a locale to determine the language bundle to retrieve. The locale argument value is commonly retrieved from untrusted user input (like a URL parameter). An attacker can use this argument to navigate to arbitrary directories via the dot-dot-slash attack, aka Directory Traversal. 2018-08-06 not yet calculated CVE-2017-16654
CONFIRM
CONFIRM
DEBIAN
symfony — symfony An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. When a form is submitted by the user, the request handler classes of the Form component merge POST data and uploaded files data into one array. This big array forms the data that are then bound to the form. At this stage there is no difference anymore between submitted POST data and uploaded files. A user can send a crafted HTTP request where the value of a “FileType” is sent as normal POST data that could be interpreted as a local file path on the server-side (for example, “file:///etc/passwd”). If the application did not perform any additional checks about the value submitted to the “FileType”, the contents of the given file on the server could have been exposed to the attacker. 2018-08-06 not yet calculated CVE-2017-16790
CONFIRM
DEBIAN
symfony — symfony An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3.13, 3.4-BETA5, and 4.0-BETA5. The current implementation of CSRF protection in Symfony (Version >=2) does not use different tokens for HTTP and HTTPS; therefore the token is subject to MITM attacks on HTTP and can then be used in an HTTPS context to do CSRF attacks. 2018-08-06 not yet calculated CVE-2017-16653
CONFIRM
CONFIRM
DEBIAN
thinksaas — thinksaas ThinkSAAS through 2018-07-25 has XSS via the index.php?app=group&ac=create&ts=do groupdesc parameter. 2018-08-07 not yet calculated CVE-2018-15130
MISC
thinksaas — thinksaas ThinkSAAS through 2018-07-25 has XSS via the index.php?app=article&ac=comment&ts=do content parameter. 2018-08-07 not yet calculated CVE-2018-15129
MISC
tibco — activematrix_businessworks The BusinessWorks engine component of TIBCO Software Inc.’s TIBCO ActiveMatrix BusinessWorks, TIBCO ActiveMatrix BusinessWorks for z/Linux, and TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric contains a vulnerability that may allow XML eXternal Entity (XXE) attacks via incoming network messages, and may disclose the contents of files accessible to a running BusinessWorks engine Affected releases are TIBCO Software Inc. TIBCO ActiveMatrix BusinessWorks: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks for z/Linux: versions up to and including 5.13.0, TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric: versions up to and including 5.13.0. 2018-08-08 not yet calculated CVE-2018-12408
BID
MISC
CONFIRM
ubuntu — ubuntu
 
The CUPS AppArmor profile incorrectly confined the dnssd backend due to use of hard links. A local attacker could possibly use this issue to escape confinement. This flaw affects versions prior to 2.2.7-1ubuntu2.1 in Ubuntu 18.04 LTS, prior to 2.2.4-7ubuntu3.1 in Ubuntu 17.10, prior to 2.1.3-4ubuntu0.5 in Ubuntu 16.04 LTS, and prior to 1.7.2-0ubuntu1.10 in Ubuntu 14.04 LTS. 2018-08-10 not yet calculated CVE-2018-6553
MLIST
UBUNTU
DEBIAN
vdsm — vdsm
 
It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host. 2018-08-09 not yet calculated CVE-2018-10908
MISC
CONFIRM
MISC
weaselcms — weaselcms An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php. 2018-08-05 not yet calculated CVE-2018-14958
MISC
weaselcms — weaselcms An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages&a=new URI. 2018-08-05 not yet calculated CVE-2018-14959
MISC
wolf — cms
 
Wolf CMS 0.8.3.1 has XSS in the Snippets tab, as demonstrated by a ?/admin/snippet/edit/1 URI. 2018-08-10 not yet calculated CVE-2018-14837
MISC
wordpress — wordpress
 
In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine’s wp-content/plugins directory permissions were set up to block all new plugins. 2018-08-10 not yet calculated CVE-2018-14028
MISC
MISC
MISC
wpa_supplicant — wpa_supplicant
 
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information. 2018-08-08 not yet calculated CVE-2018-14526
SECTRACK
MLIST
MISC
MISC
xiao5ucompany — xiao5ucompany Xiao5uCompany 1.7 has CSRF via admin/Admin.asp. 2018-08-06 not yet calculated CVE-2018-14960
MISC
MISC
xnview — xnview XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at MSVCR120!memcpy+0x0000000000000074 and application crash) or possibly have unspecified other impact via a crafted RLE file. 2018-08-07 not yet calculated CVE-2018-15176
MISC
xnview — xnview XnView 2.45 allows remote attackers to cause a denial of service (User Mode Write AV starting at Qt5Core!QVariant::~QVariant+0x0000000000000014 and application crash) or possibly have unspecified other impact via a crafted RLE file. 2018-08-07 not yet calculated CVE-2018-15175
MISC
xnview — xnview
 
XnView 2.45 allows remote attackers to cause a denial of service (Read Access Violation at the Instruction Pointer and application crash) or possibly have unspecified other impact via a crafted ICO file. 2018-08-07 not yet calculated CVE-2018-15174
MISC
zoho_manageengine — applications_manager A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. 2018-08-07 not yet calculated CVE-2018-15168
MISC
MISC
zoho_manageengine — applications_manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter. 2018-08-07 not yet calculated CVE-2018-15169
MISC
MISC
zzcms —  zzcms zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. 2018-08-06 not yet calculated CVE-2018-14963
MISC
zzcms —  zzcms zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. 2018-08-06 not yet calculated CVE-2018-14962
MISC
zzcms —  zzcms
 
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. 2018-08-06 not yet calculated CVE-2018-14961
MISC
MISC

Back to top


This product is provided subject to this Notification and this Privacy & Use policy.

PowerShell Module Exporting Functions in Constrained Language

This post was originally published on this site

PowerShell Module Exporting Functions in Constrained Language

PowerShell offers a number of ways to expose functions in a script module. But some options have serious performance or security drawbacks. In this blog I describe these issues and provide simple guidance for creating performant and secure script modules. Look for a module soon in PSGallery that helps you update your modules to be compliant with this guidance.

When PowerShell is running in Constrained Language mode it adds some restrictions in how module functions can be exported. Normally, when PowerShell is not running in Constrained Language, all script functions defined in the module are exported by default.

# TestModule.psm1
function F1 { }
function F2 { }
function F3 { }

# TestModule.psd1
@{ ModuleVersion = '1.0'; RootModule = 'TestModule.psm1' }

# All functions (Function1, Function2, Function3) are exported and available
Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

F1
F2
F3

This is handy and works well for simple modules. However, it can cause problems for more complex modules.

Performance Degradation

Command discovery is much slower when script functions are exported implicitly or explicitly using wildcard characters. This is because PowerShell has to parse all module script content to look for available functions and then match the found function names with a wildcard pattern. If the module uses explicit function export lists, then this parsing during discovery is not necessary. If you have a lot of custom script modules with many functions, the performance hit can become very noticeable. This principal also applies to exporting any other script element such as cmdlets, variables, aliases, and DSC resources.

# TestModule.psm1
function F1 { }
function F2 { }
function F3 { }
...
# This wildcard function export has the same behavior as the default behavior, all module functions are exported and PowerShell has to parse all script to discover available functions
Export-ModuleMember -Function '*'

Confused Intent

For large complex modules, exporting all defined functions is confusing to users as to how the module is intended to be used. The number of defined functions can be very large and the handful of user cmdlets can get lost in the noise. It is much better to export just the functions intended for the user and hide all helper functions.

# TestModule.psm1
function Invoke-Program { }
function F1 { }
function F2 { }
...
function F100 { }

# TestModule.psd1
@{ ModuleVersion = '1.0'; RootModule = 'TestModule.psm1'; FunctionsToExport = 'Invoke-Program' }

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

Invoke-Program

Security

PowerShell runs in Constrained Language mode when a DeviceGuard or AppLocker policy is enforced on the system. This provides a good user shell experience while allowing trusted script modules to run in Full Language so that system management can still be done. For example, a user from the command line cannot use Add-Type to create and run arbitrary C# types, but a trusted script can.

So, it is important that a trusted script does not expose any vulnerabilities such as script injection or arbitrary code execution. Another type of vulnerability is leaking dangerous module functions not intended for public use. A helper function might take arbitrary source code and create a type intended to be used privately in a trusted context. But, if that helper function becomes publically available it exposes a code execution vulnerability.

# TestModule.psm1
function Invoke-Program { }
# Private helper function
function Get-Type
{
    param( [string] $source )
    Add-Type -TypeDefinition $source -PassThru
}

# Exposes *all* module functions!
Export-ModuleMember -Function '*'

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions

Invoke-Program
Get-Type

In the above example, Get-Type module helper function is exported via wildcard along with the intended Invoke-Program function. Since this is a trusted module Get-Type runs in Full Language and exposes the ability to create arbitrary types.

Unintended Consequences

A major problem with exporting module functions using wildcards is that you may end up exporting functions unintentionally. For example, your module may specify other nested modules, or it may explicitly import other modules, or it may dot source script files into the module scope. All of those script functions will become publicly available if wild cards are used to export module functions.

# TestModule.psm1
import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }

# Exposes *all* module functions!
Export-ModuleMember -Function '*'

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions
Invoke-Program
HelperFn1
HelperFn2
Compile-CSharp

Module Function Export Restrictions

When PowerShell detects that an application whitelisting policy is enforced it runs in Constrained Language mode as mentioned previously, but it also applies some function export restrictions for imported modules. Remember that these restrictions only apply when PowerShell is running under DeviceGuard or AppLocker policy enforcement mode. Otherwise module function export works as before.

  • Wildcards are not allowed with the FunctionsToExport keyword in a module manifest (.psd1 file). If a wildcard is found in the keyword argument then no functions are exported in that module.
  • Wildcards are allowed in a module script file (.psm1). This is to provide backward compatibility but we strongly discourage it.
  • A module that uses wildcards to export functions, and at the same time dot sources script files into the module scope, will throw an error during module loading time. Note that if a psm1 file exports functions via wildcard, but it is imported under a manifest (psd1 file) that exports functions explicitly by name, then no error is thrown because the psd1 overrides any function export done within a psm1 file associated with the manifest. But if the psm1 file is imported directly (without the psd1 manifest file) then the error is thrown (see example below). Basically, the dot source operator cannot be used in module script along with wildcard based function export. It is too easy to inadvertently expose unwanted functions.

These restrictions are to help prevent inadvertent exposure of functions. By using wildcard based function export, you may be exposing dangerous functions without knowing it.

# TestModule.psm1
Import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }
Export-ModuleMember -Function '*'

# TestModule.psd1
@{ ModuleVersion='1.0'; RootModule='TestModule.psm1'; FunctionsToExport='Invoke-Program' }

# Importing the psm1 file directly results in error because of the wildcard function export and use of dot source operator
Import-Module -Name TestModuleTestModule.psm1
Error:
'This module uses the dot-source operator while exporting functions using wildcard characters, and this is disallowed when the system is under application verification enforcement.'

# But importing using the module manifest succeeds since the manifest explicitly exports functions by name without wildcards
Import-Module TestModule
Get-Module -Name TestModule | Select -ExpandProperty ExportedFunctions
Invoke-Program

Module Function Export Best Practices

Best practices for module function exporting is pretty simple. Always export module functions explicitly by name. Never export using wild card names. This will yield the best performance and ensure you don’t expose functions you don’t intend to expose. It makes your module safer to use as trusted in a DeviceGuard policy enforcement environment.

# TestModule.psm1
Import-Module HelperMod1
. .CSharpHelpers.ps1
function Invoke-Program { }

# TestModule.psd1
@ { ModuleVersion='1.0'; RootModule='TestModule.psm1'; FunctionsToExport='Invoke-Program' }

Get-Module -Name TestModule -List | Select -ExpandProperty ExportedFunctions
Invoke-Program

Paul Higinbotham
Senior Software Engineer
PowerShell Team

HPe Gen10 DL360 servers networking failing

This post was originally published on this site

We have 4 new DL360’s GEN10, and we’re having issues with the switch ARP table not following what the servers have going on, and we’re seeing it seems to be mostly on the 10GBC ports.

 

I’ve ran this up with HPE and Aruba(switch) and they’re pointing at the OS (ESXI 6.5) as being the issue.

 

We have ISCSI and its running on the second SFP+ port going into a separate switch with Nimble storage, thats working great. No issues i’m aware of.

 

The VM’s will randomly drop off, and i’m stuck moving them to 1GB ports, or VMotion to another server. The switch will show all 0’s for a mac, and not list a port, but have the IP in the arp table. This seems to be only happening on the VMS on the new environment, and they all came from a 6.0 version of vmware, and we migrated them over. We haven’t had as many problems on the 1GB ports, but a few other people involved have told me we have. This was running from Friday until this morning with no problems, and today at 8 am it died. We moved the servers onto the 1GB and vmotion to another host and seems to be fine. This randomly happens across all the hosts, and we’ve not found anything to be strange, and the ISCSI doesn’t skip a beat.

 

Suggestions?

PowerShell Standard Library: Build single module that works across Windows PowerShell and PowerShell Core

This post was originally published on this site

This is the first of a series of blog posts that will help you take advantage of a new NuGet package PowerShellStandard Library 5.1.0. This package allows developers to create modules that are portable between Windows PowerShell 5.1 and PowerShell Core 6.0. This means that you can create PowerShell modules that run on Windows, Linux, and macOS with a single binary!

The version of PowerShell Standard Library indicates the lowest version of PowerShell that it is compatible with. The community promise is that it is always forward compatible. So a module built against PowerShell Standard Library v3 is compatible with Windows PowerShell v3, v4, v5.1, PowerShell Core 6, and the upcoming PowerShell Core 6.1. Compatibility is achieved by providing a subset of the APIs common across all those versions of PowerShell. This reference assembly is the equivalent to a header file for C/C++ where it has the APIs defined, but no implementation. During runtime, the module would use the version of System.Management.Automation.dll that is used by the PowerShell host.

Creating a PowerShell Module

In this post, I’ll walk through the steps for creating a simple C# module with a single cmdlet. I will also be using the DotNet CLI tools for creating everything I need.

Installing the PowerShell Standard Module Template

First, we can leverage a new template that we published for DotNet CLI, but we need to install it first:

PS> dotnet new -i Microsoft.PowerShell.Standard.Module.Template
  Restoring packages for C:UsersJames.templateenginedotnetcliv2.1.302scratchrestore.csproj...
  Installing Microsoft.PowerShell.Standard.Module.Template 0.1.3.
  Generating MSBuild file C:UsersJames.templateenginedotnetcliv2.1.302scratchobjrestore.csproj.nuget.g.props.
  Generating MSBuild file C:UsersJames.templateenginedotnetcliv2.1.302scratchobjrestore.csproj.nuget.g.targets.
  Restore completed in 1.66 sec for C:UsersJames.templateenginedotnetcliv2.1.302scratchrestore.csproj.

Usage: new [options]

Options:
  -h, --help          Displays help for this command.
  -l, --list          Lists templates containing the specified name. If no name is specified, lists all templates.
  -n, --name          The name for the output being created. If no name is specified, the name of the current directory is used.
  -o, --output        Location to place the generated output.
  -i, --install       Installs a source or a template pack.
  -u, --uninstall     Uninstalls a source or a template pack.
  --nuget-source      Specifies a NuGet source to use during install.
  --type              Filters templates based on available types. Predefined values are "project", "item" or "other".
  --force             Forces content to be generated even if it would change existing files.
  -lang, --language   Filters templates based on language and specifies the language of the template to create.


Templates                                         Short Name         Language          Tags                             
----------------------------------------------------------------------------------------------------------------------------
Console Application                               console            [C#], F#, VB      Common/Console                   
Class library                                     classlib           [C#], F#, VB      Common/Library                   
PowerShell Standard Module                        psmodule           [C#]              Library/PowerShell/Module    
...

A new template called psmodule is now available making it easy to start a new C# based PowerShell module. Any issues, feedback, or suggestions for this template should be opened in the PowerShell Standard repo.

Creating a new project

We need to create a location for our new project and then use the template to create the project:

PS> mkdir myModule
Directory: C:UsersJames
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 8/3/2018 2:41 PM myModule
PS> cd myModule
PS C:UsersJamesmyModule> dotnet new psmodule
The template "PowerShell Standard Module" was created successfully.

Processing post-creation actions...
Running 'dotnet restore' on C:UsersJamesmyModulemyModule.csproj...
  Restoring packages for C:UsersJamesmyModulemyModule.csproj...
  Installing PowerShellStandard.Library 5.1.0-preview-06.
  Generating MSBuild file C:UsersJamesmyModuleobjmyModule.csproj.nuget.g.props.
  Generating MSBuild file C:UsersJamesmyModuleobjmyModule.csproj.nuget.g.targets.
  Restore completed in 1.76 sec for C:UsersJamesmyModulemyModule.csproj.

Restore succeeded.

You can see that the dotnet cli has created a source file and .csproj file for my project:

PS C:UsersJamesmyModule> dir


    Directory: C:UsersJamesmyModule


Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----         8/3/2018   1:48 PM                obj
-a----         8/3/2018   1:48 PM            376 myModule.csproj
-a----         8/3/2018   1:48 PM           1698 TestSampleCmdletCommand.cs

The sample from the template demonstrates a simple cmdlet with two parameters that outputs results with a custom class.

Building the module

Building the sample is code is easy with DotNet CLI:

PS C:UsersJamesmyModule> dotnet build
Microsoft (R) Build Engine version 15.7.179.6572 for .NET Core
Copyright (C) Microsoft Corporation. All rights reserved.

  Restore completed in 76.85 ms for C:UsersJamesmyModulemyModule.csproj.
  myModule -> C:UsersJamesmyModulebinDebugnetstandard2.0myModule.dll

Build succeeded.
    0 Warning(s)
    0 Error(s)

Time Elapsed 00:00:05.40

Testing the built module

To test this sample module, we just need to import it. We can check to see what it supports and try running it:

PS C:UsersJamesmyModule> ipmo .binDebugnetstandard2.0myModule.dll
PS C:UsersJamesmyModule> Test-SampleCmdlet -?

NAME
    Test-SampleCmdlet

SYNTAX
    Test-SampleCmdlet [-FavoriteNumber] <int> [[-FavoritePet] {Cat | Dog | Horse}] [<CommonParameters>]


ALIASES
    None


REMARKS
    None



PS C:UsersJamesmyModule> Test-SampleCmdlet -FavoriteNumber 7 -FavoritePet Cat

FavoriteNumber FavoritePet
-------------- -----------
             7 Cat

This sample is pretty simple as it’s intended to just show how to get started on writing a PowerShell module from scratch. The important point is that using PowerShell Standard Library, this assembly can be used in both PowerShell Core 6 as well as Windows PowerShell. This sample will even work on Windows, Linux, or macOS without any changes.

In the next part of this series, I’ll cover other aspects of PowerShell module authoring such as module manifests and writing Pester tests.

James Truher
Senior Software Engineer
PowerShell Team

PowerShell Injection Hunter: Security Auditing for PowerShell Scripts

This post was originally published on this site

At the DEFCON security conference last year, we presented the session: “Get $pwnd: Attacking Battle Hardened Windows Server“.

In this talk, we went through some of the incredibly powerful ways that administrators can secure their high-value systems (for example, Just Enough Administration) and also dove into some of the mistakes that administrators sometimes make when exposing their their PowerShell code to an attacker. The most common form of mistake is script injection, where a script author takes a parameter value (supplied by an attacker) and runs it in a trusted context (such as a function exposed in a Just Enough Administration endpoint). Here’s an example:

 

There are many coding patterns that can introduce security flaws like this, all of which have secure alternatives. The presentation goes into these in great detail, and what we also promised to release is a tool to help you detect them as you are writing the scripts. We’ve now released this tool, and you can download it from the PowerShell Gallery:

Using it this way from the command line is an excellent way to automate security analysis during builds, continuous integration processes, deployments, and more.

Wouldn’t it be REALLY cool if you could detect these dangers while writing your scripts? I’m glad you asked!

PowerShell’s Visual Studio Code plugin already does live script analysis to help you discover issues like unassigned variables, and we can customize that rule set to include InjectionHunter capabilities. Here’s what Visual Studio Code looks like with this running:

Here’s how to get this on your system:

First, find out the location of the InjectionHunter module. You can do this by typing:

Get-Module InjectionHunter -List | Foreach-Object Path

On my system, this returns:

D:LeeWindowsPowerShellModulesInjectionHunter1.0.0InjectionHunter.psd1

Next, create a file – ‘PSScriptAnalyzerSettings.psd1’ in a location of your choice. Use the following for the content – replacing the path to InjectionHunter with the one on your system.

@{
 IncludeDefaultRules = $true
 CustomRulePath = "D:LeeWindowsPowerShellModulesInjectionHunter1.0.0InjectionHunter.psd1"
}
Finally, update your Visual Studio Code user settings to tell the PowerShell plugin to use your custom settings. You can get to these by typing Control+Comma, or through File | Preferences | Settings.
I’ve got some settings that match my personal preferences already, so the critical line to add is:
"powershell.scriptAnalysis.settingsPath""c:/users/lee/PSScriptAnalyzerSettings.psd1"
Where the path to PSScriptAnalyzerSettings.psd1 is the path that you saved your file earlier. When you open a PowerShell script with possible code injection risks, you should now see Script Analyzer warnings that highlight what they are and how to fix them.
Happy hunting!

6.5 shows warning for hardware

This post was originally published on this site

We’re updating our GEN10 HPe servers and we’re getting errors now.

 

I’ve attached a screen shot, but we’re seeing

 

[device] I/O module 1 ALOM_Link_P4

 

 

This wasn’t here until we did the firmware upgrade on the server, and we had nothing but problems with the old firmware dropping connections to VMs, and causing network hell.

 

We obviously don’t want warnings showing up, suggestions?