From 01c9c568e8347f5e4d0c87a3ac8d592c2211bb7c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 8 Nov 2018 15:05:23 -0500 Subject: [PATCH] - Synchronized data. --- 2018/15xxx/CVE-2018-15450.json | 166 ++++++++++++++++----------------- 2018/15xxx/CVE-2018-15451.json | 166 ++++++++++++++++----------------- 2018/19xxx/CVE-2018-19044.json | 58 +++++++++++- 2018/19xxx/CVE-2018-19045.json | 63 ++++++++++++- 2018/19xxx/CVE-2018-19046.json | 53 ++++++++++- 2018/19xxx/CVE-2018-19115.json | 72 ++++++++++++++ 6 files changed, 406 insertions(+), 172 deletions(-) create mode 100644 2018/19xxx/CVE-2018-19115.json diff --git a/2018/15xxx/CVE-2018-15450.json b/2018/15xxx/CVE-2018-15450.json index e87b29657aa..f71650e3c1c 100644 --- a/2018/15xxx/CVE-2018-15450.json +++ b/2018/15xxx/CVE-2018-15450.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2018-11-07T16:00:00-0600", - "ID": "CVE-2018-15450", - "STATE": "PUBLIC", - "TITLE": "Cisco Prime Collaboration Assurance File Overwrite Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Prime Collaboration Assurance ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", + "ID" : "CVE-2018-15450", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Prime Collaboration Assurance File Overwrite Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Prime Collaboration Assurance ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "6.5", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "6.5", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20181107 Cisco Prime Collaboration Assurance File Overwrite Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-pca-overwrite" - } - ] - }, - "source": { - "advisory": "cisco-sa-20181107-pca-overwrite", - "defect": [ - [ - "CSCvj07247" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181107 Cisco Prime Collaboration Assurance File Overwrite Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-pca-overwrite" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20181107-pca-overwrite", + "defect" : [ + [ + "CSCvj07247" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/15xxx/CVE-2018-15451.json b/2018/15xxx/CVE-2018-15451.json index b9c9e84ec60..ffcdfd37f42 100644 --- a/2018/15xxx/CVE-2018-15451.json +++ b/2018/15xxx/CVE-2018-15451.json @@ -1,86 +1,86 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@cisco.com", - "DATE_PUBLIC": "2018-11-07T16:00:00-0600", - "ID": "CVE-2018-15451", - "STATE": "PUBLIC", - "TITLE": "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Cisco Prime Service Catalog ", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "Cisco" - } + "CVE_data_meta" : { + "ASSIGNER" : "psirt@cisco.com", + "DATE_PUBLIC" : "2018-11-07T16:00:00-0600", + "ID" : "CVE-2018-15451", + "STATE" : "PUBLIC", + "TITLE" : "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Cisco Prime Service Catalog ", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "Cisco" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information." + } + ] + }, + "exploit" : [ + { + "lang" : "eng", + "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact" : { + "cvss" : { + "baseScore" : "5.4", + "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", + "version" : "3.0" + } + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-79" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. " - } - ] - }, - "exploit": [ - { - "lang": "eng", - "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact": { - "cvss": { - "baseScore": "5.4", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ", - "version": "3.0" - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-79" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "name": "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability", - "refsource": "CISCO", - "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss" - } - ] - }, - "source": { - "advisory": "cisco-sa-20181107-psc-xss", - "defect": [ - [ - "CSCvm48196" - ] - ], - "discovery": "INTERNAL" - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability", + "refsource" : "CISCO", + "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss" + } + ] + }, + "source" : { + "advisory" : "cisco-sa-20181107-psc-xss", + "defect" : [ + [ + "CSCvm48196" + ] + ], + "discovery" : "INTERNAL" + } } diff --git a/2018/19xxx/CVE-2018-19044.json b/2018/19xxx/CVE-2018-19044.json index c68af14b91a..55ae07d6df6 100644 --- a/2018/19xxx/CVE-2018-19044.json +++ b/2018/19xxx/CVE-2018-19044.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19044", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "keepalived 2.0.8 didn't check for pathnames with symlinks when writing data to a temporary file upon a call to PrintData or PrintStats. This allowed local users to overwrite arbitrary files if fs.protected_symlinks is set to 0, as demonstrated by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to /etc/passwd." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141", + "refsource" : "MISC", + "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141" + }, + { + "name" : "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306" + }, + { + "name" : "https://github.com/acassen/keepalived/issues/1048", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/issues/1048" } ] } diff --git a/2018/19xxx/CVE-2018-19045.json b/2018/19xxx/CVE-2018-19045.json index c2c7cfcd38b..7d9b377ce2c 100644 --- a/2018/19xxx/CVE-2018-19045.json +++ b/2018/19xxx/CVE-2018-19045.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19045", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "keepalived 2.0.8 used mode 0666 when creating new temporary files upon a call to PrintData or PrintStats, potentially leaking sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141", + "refsource" : "MISC", + "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141" + }, + { + "name" : "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6" + }, + { + "name" : "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067" + }, + { + "name" : "https://github.com/acassen/keepalived/issues/1048", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/issues/1048" } ] } diff --git a/2018/19xxx/CVE-2018-19046.json b/2018/19xxx/CVE-2018-19046.json index c6e46b4647f..1dc92f15f57 100644 --- a/2018/19xxx/CVE-2018-19046.json +++ b/2018/19xxx/CVE-2018-19046.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-19046", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "keepalived 2.0.8 didn't check for existing plain files when writing data to a temporary file upon a call to PrintData or PrintStats. If a local attacker had previously created a file with the expected name (e.g., /tmp/keepalived.data or /tmp/keepalived.stats), with read access for the attacker and write access for the keepalived process, then this potentially leaked sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141", + "refsource" : "MISC", + "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141" + }, + { + "name" : "https://github.com/acassen/keepalived/issues/1048", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/issues/1048" } ] } diff --git a/2018/19xxx/CVE-2018-19115.json b/2018/19xxx/CVE-2018-19115.json new file mode 100644 index 00000000000..2c7121f8c81 --- /dev/null +++ b/2018/19xxx/CVE-2018-19115.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-19115", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "keepalived through 2.0.8 has a heap-based buffer overflow when parsing HTTP status codes resulting in DoS or possibly unspecified other impact, because extract_status_code in lib/html.c has no validation of the status code and instead writes an unlimited amount of data to the heap." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141", + "refsource" : "MISC", + "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1015141" + }, + { + "name" : "https://github.com/acassen/keepalived/pull/961", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/pull/961" + }, + { + "name" : "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9", + "refsource" : "MISC", + "url" : "https://github.com/acassen/keepalived/pull/961/commits/f28015671a4b04785859d1b4b1327b367b6a10e9" + } + ] + } +}