CVE-2018-6225
published 2018-03-15CVE-2018-6225: An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally…
PriorityP431medium4.3CVSS 3.0
AVNACLPRLUINSUCLINAN
EXPLOIT
EPSS
4.13%
89.6th percentile
An XML external entity injection (XXE) vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an authenticated user to expose a normally protected configuration script.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| trend_micro | trend_micro_email_encryption_gateway | — | — |
| trendmicro | email_encryption_gateway | — | — |
CVSS provenance
nvdv3.04.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
exploitdb·2019-01-25·CVSS 7.8
CVE-2019-6225 [HIGH] iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free
---
/*
* voucher_swap-poc.c
* Brandon Azad
*/
#if 0
iOS/macOS: task_swap_mach_voucher() does not respect MIG semantics leading to use-after-free
The dangers of not obeying MIG semantics have been well documented: see issues 926 (CVE-2016-7612),
954 (CVE-2016-7633), 1417 (CVE-2017-13861, async_wake), 1520 (CVE-2018-4139), 1529 (CVE-2018-4206),
and 1629 (no CVE), as well as CVE-2018-4280 (blanket). However, despite numerous fixes and
mitigations, MIG issues persist and offer incredibly powerful exploit primitives. Part of the
problem is that MIG semantics are complicated and unintuitive and do not align well with the
kernel's abstractions.
Consider the MIG routine task_swap_mach_voucher():
routine task_swap_mach_voucher(
task : task_
Exploit-DB
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
exploitdb·2018-02-22·CVSS 6.5
CVE-2018-6230 [MEDIUM] Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Trend Micro Email Encryption Gateway Multiple Vulnerabilities
1. *Advisory Information*
Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities
Advisory ID: CORE-2017-0006
Advisory URL:
http://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilities
Date published: 2018-02-21
Date of last update: 2018-02-21
Vendors contacted: Trend Micro
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cleartext Transmission of Sensitive Information [CWE-319],
External Control of File Name or Path [CWE-73], Insufficient
Verification of Data Authenticity [CWE-345], External C
No writeups or analysis indexed.
https://success.trendmicro.com/solution/1119349https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44166/https://success.trendmicro.com/solution/1119349https://www.coresecurity.com/advisories/trend-micro-email-encryption-gateway-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/44166/
2018-03-15
Published