admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-10 02:04:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-05-02 09:04:42 -04:00
parent f7a2f49943
commit 08c07d6220
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
11 changed files with 129 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
2017/1xxx/CVE-2017-1255.json
View File

@ -1,39 +1,14 @@
{ {
"data_version" : "4.0", "CVE_data_meta" : {
"problemtype" : { "ASSIGNER" : "psirt@us.ibm.com",
"problemtype_data" : [ "DATE_PUBLIC" : "2018-04-30T00:00:00",
{ "ID" : "CVE-2017-1255",
"description" : [ "STATE" : "PUBLIC"
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
}, },
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2014537 (Security Guardium)",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537"
},
{
"name" : "ibm-guardium-cve20171255-info-disc(124675)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675",
"title" : "X-Force Vulnerability Report",
"refsource" : "XF"
}
]
},
"data_format" : "MITRE",
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
@ -62,24 +37,47 @@
} }
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
}, },
"CVE_data_meta" : { "data_format" : "MITRE",
"DATE_PUBLIC" : "2018-04-30T00:00:00", "data_type" : "CVE",
"STATE" : "PUBLIC", "data_version" : "4.0",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2017-1255"
},
"description" : { "description" : {
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675." "value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675."
} }
] ]
}, },
"data_type" : "CVE" "problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537"
},
{
"name" : "ibm-guardium-cve20171255-info-disc(124675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675"
}
]
}
} }

52
2017/1xxx/CVE-2017-1601.json
View File

@ -1,15 +1,9 @@
{ {
"problemtype" : { "CVE_data_meta" : {
"problemtype_data" : [ "ASSIGNER" : "psirt@us.ibm.com",
{ "DATE_PUBLIC" : "2018-04-30T00:00:00",
"description" : [ "ID" : "CVE-2017-1601",
{ "STATE" : "PUBLIC"
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
@ -18,6 +12,7 @@
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
"product_name" : "Security Guardium",
"version" : { "version" : {
"version_data" : [ "version_data" : [
{ {
@ -39,8 +34,7 @@
"version_value" : "10.1.4" "version_value" : "10.1.4"
} }
] ]
}, }
"product_name" : "Security Guardium"
} }
] ]
}, },
@ -49,36 +43,40 @@
] ]
} }
}, },
"CVE_data_meta" : {
"DATE_PUBLIC" : "2018-04-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC",
"ID" : "CVE-2017-1601"
},
"data_format" : "MITRE", "data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"description" : { "description" : {
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624." "value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 132624."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
} }
] ]
}, },
"data_type" : "CVE",
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014230",
"refsource" : "CONFIRM", "refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2014230 (Security Guardium)", "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014230"
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22014230",
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22014230"
}, },
{ {
"name" : "ibm-guardium-cve20171601-info-disc(132624)",
"refsource" : "XF", "refsource" : "XF",
"title" : "X-Force Vulnerability Report", "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624"
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/132624",
"name" : "ibm-guardium-cve20171601-info-disc(132624)"
} }
] ]
} }

88
2018/1xxx/CVE-2018-1468.json
View File

@ -1,55 +1,18 @@
{ {
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015968",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015968",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 2015968 (API Connect)"
},
{
"title" : "X-Force Vulnerability Report",
"refsource" : "XF",
"name" : "ibm-api-cve20181468-info-disc(140399)",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140399"
}
]
},
"data_type" : "CVE",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399."
}
]
},
"CVE_data_meta" : { "CVE_data_meta" : {
"DATE_PUBLIC" : "2018-04-30T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC", "DATE_PUBLIC" : "2018-04-30T00:00:00",
"ID" : "CVE-2018-1468" "ID" : "CVE-2018-1468",
"STATE" : "PUBLIC"
}, },
"affects" : { "affects" : {
"vendor" : { "vendor" : {
"vendor_data" : [ "vendor_data" : [
{ {
"vendor_name" : "IBM",
"product" : { "product" : {
"product_data" : [ "product_data" : [
{ {
"product_name" : "API Connect",
"version" : { "version" : {
"version_data" : [ "version_data" : [
{ {
@ -59,15 +22,50 @@
"version_value" : "5.0.8.2" "version_value" : "5.0.8.2"
} }
] ]
}, }
"product_name" : "API Connect"
} }
] ]
} },
"vendor_name" : "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0", "data_version" : "4.0",
"data_format" : "MITRE" "description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access to internal environment and sensitive API details to which they are not authorized. IBM X-Force ID: 140399."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015968",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015968"
},
{
"name" : "ibm-api-cve20181468-info-disc(140399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/140399"
}
]
}
} }

4
2018/5xxx/CVE-2018-5512.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart." "value" : "On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN cookies are enabled (default settings), undisclosed traffic patterns may cause TMM to restart."
} }
] ]
}, },
@ -54,6 +54,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K51754851",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K51754851" "url" : "https://support.f5.com/csp/article/K51754851"
} }
] ]

4
2018/5xxx/CVE-2018-5514.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue." "value" : "On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request frames can lead to denial of service. There is data plane exposure for virtual servers when the HTTP2 profile is enabled. There is no control plane exposure to this issue."
} }
] ]
}, },
@ -54,6 +54,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K45320419",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K45320419" "url" : "https://support.f5.com/csp/article/K45320419"
} }
] ]

4
2018/5xxx/CVE-2018-5515.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event." "value" : "On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses from a RADIUS server with IPv6 addresses may cause TMM to crash, leading to a failover event."
} }
] ]
}, },
@ -54,6 +54,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K62750376",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K62750376" "url" : "https://support.f5.com/csp/article/K62750376"
} }
] ]

4
2018/5xxx/CVE-2018-5516.json
View File

@ -84,7 +84,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0. or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed." "value" : "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, Enterprise Manager 3.1.1, BIG-IQ Centralized Management 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, or F5 iWorkflow 2.0.2-2.3.0, authenticated users granted TMOS Shell (tmsh) access can access objects on the file system which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to exfiltrate objects on the file system which should not be allowed."
} }
] ]
}, },
@ -103,6 +103,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K37442533",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K37442533" "url" : "https://support.f5.com/csp/article/K37442533"
} }
] ]

4
2018/5xxx/CVE-2018-5517.json
View File

@ -35,7 +35,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs." "value" : "On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP address or a FastL4 virtual server may cause an interruption of service. The control plane is not exposed to this issue. This issue impacts the data plane virtual servers and self IPs."
} }
] ]
}, },
@ -54,6 +54,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K25573437",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K25573437" "url" : "https://support.f5.com/csp/article/K25573437"
} }
] ]

4
2018/5xxx/CVE-2018-5518.json
View File

@ -38,7 +38,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in \"host-only\" or \"bridged\" mode. VCMP guests which are \"isolated\" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in \"Appliance Mode\" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as \"host-only\" or \"bridged\" mode is required." "value" : "On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users with access to a VCMP guest can cause a disruption of service on adjacent VCMP guests running on the same host. Exploiting this vulnerability causes the vCMPd process on the adjacent VCMP guest to restart and produce a core file. This issue is only exploitable on a VCMP guest which is operating in \"host-only\" or \"bridged\" mode. VCMP guests which are \"isolated\" are not impacted by this issue and do not provide mechanism to exploit the vulnerability. Guests which are deployed in \"Appliance Mode\" may be impacted however the exploit is not possible from an Appliance Mode guest. To exploit this vulnerability root access on a guest system deployed as \"host-only\" or \"bridged\" mode is required."
} }
] ]
}, },
@ -57,6 +57,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K03165684",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K03165684" "url" : "https://support.f5.com/csp/article/K03165684"
} }
] ]

4
2018/5xxx/CVE-2018-5519.json
View File

@ -41,7 +41,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended." "value" : "On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, administrative users by way of undisclosed methods can exploit the ssldump utility to write to arbitrary file paths. For users who do not have Advanced Shell access (for example, any user when licensed for Appliance Mode), this allows more permissive file access than intended."
} }
] ]
}, },
@ -60,6 +60,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K46121888",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K46121888" "url" : "https://support.f5.com/csp/article/K46121888"
} }
] ]

4
2018/5xxx/CVE-2018-5520.json
View File

@ -41,7 +41,7 @@
"description_data" : [ "description_data" : [
{ {
"lang" : "eng", "lang" : "eng",
"value" : "On a BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources." "value" : "On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 system configured in Appliance mode, the TMOS Shell (tmsh) may allow an administrative user to use the dig utility to gain unauthorized access to file system resources."
} }
] ]
}, },
@ -60,6 +60,8 @@
"references" : { "references" : {
"reference_data" : [ "reference_data" : [
{ {
"name" : "https://support.f5.com/csp/article/K02043709",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K02043709" "url" : "https://support.f5.com/csp/article/K02043709"
} }
] ]