CVE-2018-1189
published 2018-03-26CVE-2018-1189: Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a…
PriorityP433medium4.8CVSS 3.0
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
28.70%
97.9th percentile
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_isilon | — | — |
| dell | emc_isilon | 7.2.1.0 – 7.2.1.6 | — |
| dell | emc_isilon | 8.0.0.0 – 8.0.0.6 | — |
| dell | emc_isilon | 8.0.1.0 – 8.0.1.2 | — |
| dell | emc_isilon | 8.1.0.0 – 8.1.0.1 | — |
| dell_emc | isilon_onefs | — | — |
CVSS provenance
nvdv3.04.8MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qq26-cc34-x2q4: Dell EMC Isilon versions between 8
ghsa_unreviewed·2022-05-14
CVE-2018-1189 [MEDIUM] CWE-79 GHSA-qq26-cc34-x2q4: Dell EMC Isilon versions between 8
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
Red Hat
Kernel: hw: cpu: userspace-userspace spectreRSB attack
vendor_redhat·2018-07-20·CVSS 6.5
CVE-2018-15572 [MEDIUM] CWE-1189 Kernel: hw: cpu: userspace-userspace spectreRSB attack
Kernel: hw: cpu: userspace-userspace spectreRSB attack
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
An issue was found in the way modern x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) and prediction of return addresses via Return Stack Buffer (RSB). RSB is a small on chip structure that holds list of return addresses, used to predict function return addresses. An unprivileged attacker could use this flaw to cross the syscall or process boundary and read privileged memory by conducting targeted cache side-channel attack
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2018/Mar/50http://www.securityfocus.com/bid/103033https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44039/http://seclists.org/fulldisclosure/2018/Mar/50http://www.securityfocus.com/bid/103033https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44039/
2018-03-26
Published