- Synchronized data.

This commit is contained in:
CVE Team 2018-09-18 18:05:08 -04:00
parent af10091ba3
commit 29e8e4adb3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 176 additions and 176 deletions

View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "psirt@mcafee.com", "ASSIGNER" : "psirt@mcafee.com",
"ID": "CVE-2017-3912", "ID" : "CVE-2017-3912",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass " "TITLE" : "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": "McAfee Application Control and Change Control (MACC)", "product_name" : "McAfee Application Control and Change Control (MACC)",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"affected": "=", "affected" : "=",
"platform": "x86", "platform" : "x86",
"version_name": "7.0.1", "version_name" : "7.0.1",
"version_value": "7.0.1" "version_value" : "7.0.1"
}, },
{ {
"affected": "=", "affected" : "=",
"version_name": "6.2.0", "version_name" : "6.2.0",
"version_value": "6.2.0" "version_value" : "6.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "McAfee" "vendor_name" : "McAfee"
} }
] ]
} }
}, },
"credit": [ "credit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw." "value" : "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
} }
], ],
"data_format": "MITRE", "data_format" : "MITRE",
"data_type": "CVE", "data_type" : "CVE",
"data_version": "4.0", "data_version" : "4.0",
"description": { "description" : {
"description_data": [ "description_data" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility." "value" : "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
} }
] ]
}, },
"impact": { "impact" : {
"cvss": { "cvss" : {
"attackComplexity": "LOW", "attackComplexity" : "LOW",
"attackVector": "LOCAL", "attackVector" : "LOCAL",
"availabilityImpact": "NONE", "availabilityImpact" : "NONE",
"baseScore": 4.4, "baseScore" : 4.4,
"baseSeverity": "MEDIUM", "baseSeverity" : "MEDIUM",
"confidentialityImpact": "NONE", "confidentialityImpact" : "NONE",
"integrityImpact": "HIGH", "integrityImpact" : "HIGH",
"privilegesRequired": "HIGH", "privilegesRequired" : "HIGH",
"scope": "UNCHANGED", "scope" : "UNCHANGED",
"userInteraction": "NONE", "userInteraction" : "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0" "version" : "3.0"
} }
}, },
"problemtype": { "problemtype" : {
"problemtype_data": [ "problemtype_data" : [
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Privilege Escalation (CWE-274)" "value" : "Privilege Escalation (CWE-274)"
} }
] ]
} }
] ]
}, },
"references": { "references" : {
"reference_data": [ "reference_data" : [
{ {
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224", "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224",
"refsource": "CONFIRM", "refsource" : "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224" "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"
} }
] ]
}, },
"source": { "source" : {
"advisory": "SB10224", "advisory" : "SB10224",
"discovery": "EXTERNAL" "discovery" : "EXTERNAL"
} }
} }

View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "psirt@mcafee.com", "ASSIGNER" : "psirt@mcafee.com",
"ID": "CVE-2018-6690", "ID" : "CVE-2018-6690",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"TITLE": "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC" "TITLE" : "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": "McAfee Application Control (MAC)", "product_name" : "McAfee Application Control (MAC)",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"affected": "<=", "affected" : "<=",
"platform": "x86", "platform" : "x86",
"version_name": "8.0.0 HF 4", "version_name" : "8.0.0 HF 4",
"version_value": "8.0.0 HF 4" "version_value" : "8.0.0 HF 4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "McAfee" "vendor_name" : "McAfee"
} }
] ]
} }
}, },
"credit": [ "credit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "McAfee credits Paul W for reporting this flaw." "value" : "McAfee credits Paul W for reporting this flaw."
} }
], ],
"data_format": "MITRE", "data_format" : "MITRE",
"data_type": "CVE", "data_type" : "CVE",
"data_version": "4.0", "data_version" : "4.0",
"description": { "description" : {
"description_data": [ "description_data" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier. Allows authenticated users to execute arbitrary code via file transfer from external system." "value" : "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system."
} }
] ]
}, },
"impact": { "impact" : {
"cvss": { "cvss" : {
"attackComplexity": "LOW", "attackComplexity" : "LOW",
"attackVector": "LOCAL", "attackVector" : "LOCAL",
"availabilityImpact": "NONE", "availabilityImpact" : "NONE",
"baseScore": 6.1, "baseScore" : 6.1,
"baseSeverity": "MEDIUM", "baseSeverity" : "MEDIUM",
"confidentialityImpact": "LOW", "confidentialityImpact" : "LOW",
"integrityImpact": "HIGH", "integrityImpact" : "HIGH",
"privilegesRequired": "LOW", "privilegesRequired" : "LOW",
"scope": "UNCHANGED", "scope" : "UNCHANGED",
"userInteraction": "NONE", "userInteraction" : "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0" "version" : "3.0"
} }
}, },
"problemtype": { "problemtype" : {
"problemtype_data": [ "problemtype_data" : [
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Whitelist bypass" "value" : "Whitelist bypass"
} }
] ]
} }
] ]
}, },
"references": { "references" : {
"reference_data": [ "reference_data" : [
{ {
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250", "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250",
"refsource": "CONFIRM", "refsource" : "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250" "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250"
} }
] ]
}, },
"source": { "source" : {
"discovery": "EXTERNAL" "discovery" : "EXTERNAL"
} }
} }

View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta": { "CVE_data_meta" : {
"ASSIGNER": "psirt@mcafee.com", "ASSIGNER" : "psirt@mcafee.com",
"ID": "CVE-2018-6693", "ID" : "CVE-2018-6693",
"STATE": "PUBLIC", "STATE" : "PUBLIC",
"TITLE": " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability" "TITLE" : " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"
}, },
"affects": { "affects" : {
"vendor": { "vendor" : {
"vendor_data": [ "vendor_data" : [
{ {
"product": { "product" : {
"product_data": [ "product_data" : [
{ {
"product_name": " Endpoint Security for Linux Threat Prevention (ENSLTP)", "product_name" : " Endpoint Security for Linux Threat Prevention (ENSLTP)",
"version": { "version" : {
"version_data": [ "version_data" : [
{ {
"affected": "=", "affected" : "=",
"platform": "x86", "platform" : "x86",
"version_name": "10.5.0", "version_name" : "10.5.0",
"version_value": "10.5.0" "version_value" : "10.5.0"
}, },
{ {
"affected": "=", "affected" : "=",
"platform": "x86", "platform" : "x86",
"version_name": "10.5.1", "version_name" : "10.5.1",
"version_value": "10.5.0" "version_value" : "10.5.0"
}, },
{ {
"affected": "<=", "affected" : "<=",
"platform": "x86", "platform" : "x86",
"version_name": "10.2.3 Hotfix 1246778", "version_name" : "10.2.3 Hotfix 1246778",
"version_value": "10.2.3 Hotfix 1246778" "version_value" : "10.2.3 Hotfix 1246778"
} }
] ]
} }
} }
] ]
}, },
"vendor_name": "McAfee" "vendor_name" : "McAfee"
} }
] ]
} }
}, },
"credit": [ "credit" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "RACK911Labs.com" "value" : "RACK911Labs.com"
} }
], ],
"data_format": "MITRE", "data_format" : "MITRE",
"data_type": "CVE", "data_type" : "CVE",
"data_version": "4.0", "data_version" : "4.0",
"description": { "description" : {
"description_data": [ "description_data" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files." "value" : "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."
} }
] ]
}, },
"impact": { "impact" : {
"cvss": { "cvss" : {
"attackComplexity": "LOW", "attackComplexity" : "LOW",
"attackVector": "LOCAL", "attackVector" : "LOCAL",
"availabilityImpact": "LOW", "availabilityImpact" : "LOW",
"baseScore": 5.6, "baseScore" : 5.6,
"baseSeverity": "MEDIUM", "baseSeverity" : "MEDIUM",
"confidentialityImpact": "NONE", "confidentialityImpact" : "NONE",
"integrityImpact": "HIGH", "integrityImpact" : "HIGH",
"privilegesRequired": "LOW", "privilegesRequired" : "LOW",
"scope": "UNCHANGED", "scope" : "UNCHANGED",
"userInteraction": "REQUIRED", "userInteraction" : "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
"version": "3.0" "version" : "3.0"
} }
}, },
"problemtype": { "problemtype" : {
"problemtype_data": [ "problemtype_data" : [
{ {
"description": [ "description" : [
{ {
"lang": "eng", "lang" : "eng",
"value": "Race Condition Enabling Link Following (CWE-363)" "value" : "Race Condition Enabling Link Following (CWE-363)"
}, },
{ {
"lang": "eng", "lang" : "eng",
"value": "Privilege Escalation (CWE-274)" "value" : "Privilege Escalation (CWE-274)"
} }
] ]
} }
] ]
}, },
"references": { "references" : {
"reference_data": [ "reference_data" : [
{ {
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248", "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248",
"refsource": "CONFIRM", "refsource" : "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248" "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"
} }
] ]
}, },
"source": { "source" : {
"discovery": "EXTERNAL" "discovery" : "EXTERNAL"
} }
} }