admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-09 16:04:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-18 18:05:08 -04:00
parent af10091ba3
commit 29e8e4adb3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 176 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
2017/3xxx/CVE-2017-3912.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2017-3912",
"STATE": "PUBLIC",
"TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2017-3912",
"STATE" : "PUBLIC",
"TITLE" : "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "McAfee Application Control and Change Control (MACC)",
"version": {
"version_data": [
"product_name" : "McAfee Application Control and Change Control (MACC)",
"version" : {
"version_data" : [
{
"affected": "=",
"platform": "x86",
"version_name": "7.0.1",
"version_value": "7.0.1"
"affected" : "=",
"platform" : "x86",
"version_name" : "7.0.1",
"version_value" : "7.0.1"
},
{
"affected": "=",
"version_name": "6.2.0",
"version_value": "6.2.0"
"affected" : "=",
"version_name" : "6.2.0",
"version_value" : "6.2.0"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
"lang" : "eng",
"value" : "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
"lang" : "eng",
"value" : "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 4.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Privilege Escalation (CWE-274)"
"lang" : "eng",
"value" : "Privilege Escalation (CWE-274)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"
}
]
},
"source": {
"advisory": "SB10224",
"discovery": "EXTERNAL"
"source" : {
"advisory" : "SB10224",
"discovery" : "EXTERNAL"
}
}

108
2018/6xxx/CVE-2018-6690.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6690",
"STATE": "PUBLIC",
"TITLE": "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6690",
"STATE" : "PUBLIC",
"TITLE" : "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "McAfee Application Control (MAC)",
"version": {
"version_data": [
"product_name" : "McAfee Application Control (MAC)",
"version" : {
"version_data" : [
{
"affected": "<=",
"platform": "x86",
"version_name": "8.0.0 HF 4",
"version_value": "8.0.0 HF 4"
"affected" : "<=",
"platform" : "x86",
"version_name" : "8.0.0 HF 4",
"version_value" : "8.0.0 HF 4"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "McAfee credits Paul W for reporting this flaw."
"lang" : "eng",
"value" : "McAfee credits Paul W for reporting this flaw."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier. Allows authenticated users to execute arbitrary code via file transfer from external system."
"lang" : "eng",
"value" : "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Whitelist bypass"
"lang" : "eng",
"value" : "Whitelist bypass"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250"
}
]
},
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}

128
2018/6xxx/CVE-2018-6693.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6693",
"STATE": "PUBLIC",
"TITLE": " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6693",
"STATE" : "PUBLIC",
"TITLE" : " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": " Endpoint Security for Linux Threat Prevention (ENSLTP)",
"version": {
"version_data": [
"product_name" : " Endpoint Security for Linux Threat Prevention (ENSLTP)",
"version" : {
"version_data" : [
{
"affected": "=",
"platform": "x86",
"version_name": "10.5.0",
"version_value": "10.5.0"
"affected" : "=",
"platform" : "x86",
"version_name" : "10.5.0",
"version_value" : "10.5.0"
},
{
"affected": "=",
"platform": "x86",
"version_name": "10.5.1",
"version_value": "10.5.0"
"affected" : "=",
"platform" : "x86",
"version_name" : "10.5.1",
"version_value" : "10.5.0"
},
{
"affected": "<=",
"platform": "x86",
"version_name": "10.2.3 Hotfix 1246778",
"version_value": "10.2.3 Hotfix 1246778"
"affected" : "<=",
"platform" : "x86",
"version_name" : "10.2.3 Hotfix 1246778",
"version_value" : "10.2.3 Hotfix 1246778"
}
]
}
}
]
},
"vendor_name": "McAfee"
"vendor_name" : "McAfee"
}
]
}
},
"credit": [
"credit" : [
{
"lang": "eng",
"value": "RACK911Labs.com"
"lang" : "eng",
"value" : "RACK911Labs.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."
"lang" : "eng",
"value" : "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 5.6,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Race Condition Enabling Link Following (CWE-363)"
"lang" : "eng",
"value" : "Race Condition Enabling Link Following (CWE-363)"
},
{
"lang": "eng",
"value": "Privilege Escalation (CWE-274)"
"lang" : "eng",
"value" : "Privilege Escalation (CWE-274)"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"
}
]
},
"source": {
"discovery": "EXTERNAL"
"source" : {
"discovery" : "EXTERNAL"
}
}