Filtering the Threat Intelligence Tsunami

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2018-15473
PUBLISHED: 2018-08-17

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

CVE-2018-15471
PUBLISHED: 2018-08-17

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or c…

CVE-2018-6622
PUBLISHED: 2018-08-17

An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can…

CVE-2018-14057
PUBLISHED: 2018-08-17

Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / Roles" function.

CVE-2018-14058
PUBLISHED: 2018-08-17

Pimcore before 5.3.0 allows SQL Injection via the REST web service API.

Read More HERE

Leave a Reply