admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-18 18:06:40 -04:00
parent 980a510af0
commit 1e99372968
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 269 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2018/11xxx/CVE-2018-11079.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11079",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-15T07:10:00.000Z",
"ID" : "CVE-2018-11079",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
"product_name" : "ESRS Virtual Edition",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.32.00.08"
"affected" : "<",
"version_value" : "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
"vendor_name" : "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability.Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
"lang" : "eng",
"value" : "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authenticated malicious user with access to the configuration file may obtain the exposed password to gain access to the application database."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 5.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Plaintext Password Storage Vulnerability"
"lang" : "eng",
"value" : "Plaintext Password Storage Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
"name" : "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/35"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

99
2018/11xxx/CVE-2018-11080.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-11080",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-15T07:10:00.000Z",
"ID" : "CVE-2018-11080",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
"product_name" : "ESRS Virtual Edition",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.32.00.08"
"affected" : "<",
"version_value" : "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
"vendor_name" : "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
"lang" : "eng",
"value" : "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions that could allow an authenticated malicious user to utilize the file contents to potentially elevate their privileges."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.3,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper File Permissions Vulnerability"
"lang" : "eng",
"value" : "Improper File Permissions Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
"name" : "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/35"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

115
2018/15xxx/CVE-2018-15756.json
View File

@ -1,94 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-16T07:00:00.000Z",
"ID": "CVE-2018-15756",
"STATE": "PUBLIC",
"TITLE": "DoS Attack via Range Requests"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-16T07:00:00.000Z",
"ID" : "CVE-2018-15756",
"STATE" : "PUBLIC",
"TITLE" : "DoS Attack via Range Requests"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Spring framework",
"version": {
"version_data": [
"product_name" : "Spring framework",
"version" : {
"version_data" : [
{
"affected": "=",
"version_name": "5.1",
"version_value": "5.1"
"affected" : "=",
"version_name" : "5.1",
"version_value" : "5.1"
},
{
"affected": "<=",
"version_name": "5.0.0",
"version_value": "5.0.9"
"affected" : "<=",
"version_name" : "5.0.0",
"version_value" : "5.0.9"
},
{
"affected": "<=",
"version_name": "4.3",
"version_value": "4.3.19"
"affected" : "<=",
"version_name" : "4.3",
"version_value" : "4.3.19"
}
]
}
}
]
},
"vendor_name": "Pivotal"
"vendor_name" : "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack.\n\nThis vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource.\n\nSpring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
"lang" : "eng",
"value" : "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Numeric Range Comparison Without Minimum Check"
"lang" : "eng",
"value" : "Numeric Range Comparison Without Minimum Check"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15756"
"name" : "https://pivotal.io/security/cve-2018-15756",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15756"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

121
2018/15xxx/CVE-2018-15758.json
View File

@ -1,99 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-16T07:00:00.000Z",
"ID": "CVE-2018-15758",
"STATE": "PUBLIC",
"TITLE": "Privilege Escalation in spring-security-oauth2"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-16T07:00:00.000Z",
"ID" : "CVE-2018-15758",
"STATE" : "PUBLIC",
"TITLE" : "Privilege Escalation in spring-security-oauth2"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Spring Security OAuth",
"version": {
"version_data": [
"product_name" : "Spring Security OAuth",
"version" : {
"version_data" : [
{
"affected": "<=",
"version_name": "2.3",
"version_value": "2.3.3"
"affected" : "<=",
"version_name" : "2.3",
"version_value" : "2.3.3"
},
{
"affected": "<=",
"version_name": "2.2",
"version_value": "2.2.2"
"affected" : "<=",
"version_name" : "2.2",
"version_value" : "2.2.2"
},
{
"affected": "<=",
"version_name": "2.1",
"version_value": "2.1.2"
"affected" : "<=",
"version_name" : "2.1",
"version_value" : "2.1.2"
},
{
"affected": "<=",
"version_name": "2.0",
"version_value": "2.0.15"
"affected" : "<=",
"version_name" : "2.0",
"version_value" : "2.0.15"
}
]
}
}
]
},
"vendor_name": "Pivotal"
"vendor_name" : "Pivotal"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument.\n\nThis vulnerability exposes applications that meet all of the following requirements:\n\nAct in the role of an Authorization Server (e.g. @EnableAuthorizationServer)\nUse a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument\nThis vulnerability does not expose applications that:\n\nAct in the role of an Authorization Server and use the default Approval Endpoint\nAct in the role of a Resource Server only (e.g. @EnableResourceServer)\nAct in the role of a Client only (e.g. @EnableOAuthClient)"
"lang" : "eng",
"value" : "Spring Security OAuth, versions 2.3 prior to 2.3.4, and 2.2 prior to 2.2.3, and 2.1 prior to 2.1.3, and 2.0 prior to 2.0.16, and older unsupported versions could be susceptible to a privilege escalation under certain conditions. A malicious user or attacker can craft a request to the approval endpoint that can modify the previously saved authorization request and lead to a privilege escalation on the subsequent approval. This scenario can happen if the application is configured to use a custom approval endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and use a custom Approval Endpoint that declares AuthorizationRequest as a controller method argument. This vulnerability does not expose applications that: Act in the role of an Authorization Server and use the default Approval Endpoint, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient)."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 9.6,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Privilege Management"
"lang" : "eng",
"value" : "Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15758"
"name" : "https://pivotal.io/security/cve-2018-15758",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15758"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}

99
2018/15xxx/CVE-2018-15765.json
View File

@ -1,82 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-15765",
"STATE": "PUBLIC"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-15T07:10:00.000Z",
"ID" : "CVE-2018-15765",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
"product_name" : "ESRS Virtual Edition",
"version" : {
"version_data" : [
{
"affected": "<",
"version_value": "3.32.00.08"
"affected" : "<",
"version_value" : "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
"vendor_name" : "DELL EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log \nfile contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
"lang" : "eng",
"value" : "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.4,
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Information Exposure Vulnerability"
"lang" : "eng",
"value" : "Information Exposure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
"name" : "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/35"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}
}