mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-11 04:13:30 +00:00
- Synchronized data.
This commit is contained in:
parent
af10091ba3
commit
29e8e4adb3
@ -1,97 +1,97 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta" : {
|
||||||
"ASSIGNER": "psirt@mcafee.com",
|
"ASSIGNER" : "psirt@mcafee.com",
|
||||||
"ID": "CVE-2017-3912",
|
"ID" : "CVE-2017-3912",
|
||||||
"STATE": "PUBLIC",
|
"STATE" : "PUBLIC",
|
||||||
"TITLE": "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "
|
"TITLE" : "McAfee Application Control and Change Control (MACC) - password management security feature bypass (SFB) leading to an authentication bypass "
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects" : {
|
||||||
"vendor": {
|
"vendor" : {
|
||||||
"vendor_data": [
|
"vendor_data" : [
|
||||||
{
|
{
|
||||||
"product": {
|
"product" : {
|
||||||
"product_data": [
|
"product_data" : [
|
||||||
{
|
{
|
||||||
"product_name": "McAfee Application Control and Change Control (MACC)",
|
"product_name" : "McAfee Application Control and Change Control (MACC)",
|
||||||
"version": {
|
"version" : {
|
||||||
"version_data": [
|
"version_data" : [
|
||||||
{
|
{
|
||||||
"affected": "=",
|
"affected" : "=",
|
||||||
"platform": "x86",
|
"platform" : "x86",
|
||||||
"version_name": "7.0.1",
|
"version_name" : "7.0.1",
|
||||||
"version_value": "7.0.1"
|
"version_value" : "7.0.1"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"affected": "=",
|
"affected" : "=",
|
||||||
"version_name": "6.2.0",
|
"version_name" : "6.2.0",
|
||||||
"version_value": "6.2.0"
|
"version_value" : "6.2.0"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "McAfee"
|
"vendor_name" : "McAfee"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"credit": [
|
"credit" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
|
"value" : "McAfee credits Saurabh Tripathi and Sukesh Shetty for reporting this flaw."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"data_format": "MITRE",
|
"data_format" : "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type" : "CVE",
|
||||||
"data_version": "4.0",
|
"data_version" : "4.0",
|
||||||
"description": {
|
"description" : {
|
||||||
"description_data": [
|
"description_data" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
|
"value" : "Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact" : {
|
||||||
"cvss": {
|
"cvss" : {
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity" : "LOW",
|
||||||
"attackVector": "LOCAL",
|
"attackVector" : "LOCAL",
|
||||||
"availabilityImpact": "NONE",
|
"availabilityImpact" : "NONE",
|
||||||
"baseScore": 4.4,
|
"baseScore" : 4.4,
|
||||||
"baseSeverity": "MEDIUM",
|
"baseSeverity" : "MEDIUM",
|
||||||
"confidentialityImpact": "NONE",
|
"confidentialityImpact" : "NONE",
|
||||||
"integrityImpact": "HIGH",
|
"integrityImpact" : "HIGH",
|
||||||
"privilegesRequired": "HIGH",
|
"privilegesRequired" : "HIGH",
|
||||||
"scope": "UNCHANGED",
|
"scope" : "UNCHANGED",
|
||||||
"userInteraction": "NONE",
|
"userInteraction" : "NONE",
|
||||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
|
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
|
||||||
"version": "3.0"
|
"version" : "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype" : {
|
||||||
"problemtype_data": [
|
"problemtype_data" : [
|
||||||
{
|
{
|
||||||
"description": [
|
"description" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Privilege Escalation (CWE-274)"
|
"value" : "Privilege Escalation (CWE-274)"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references" : {
|
||||||
"reference_data": [
|
"reference_data" : [
|
||||||
{
|
{
|
||||||
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224",
|
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224",
|
||||||
"refsource": "CONFIRM",
|
"refsource" : "CONFIRM",
|
||||||
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"
|
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10224"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"source": {
|
"source" : {
|
||||||
"advisory": "SB10224",
|
"advisory" : "SB10224",
|
||||||
"discovery": "EXTERNAL"
|
"discovery" : "EXTERNAL"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,91 +1,91 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta" : {
|
||||||
"ASSIGNER": "psirt@mcafee.com",
|
"ASSIGNER" : "psirt@mcafee.com",
|
||||||
"ID": "CVE-2018-6690",
|
"ID" : "CVE-2018-6690",
|
||||||
"STATE": "PUBLIC",
|
"STATE" : "PUBLIC",
|
||||||
"TITLE": "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC"
|
"TITLE" : "McAfee Application Control (MAC) - Whitelist bypass using a hard drive solidified by MACC"
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects" : {
|
||||||
"vendor": {
|
"vendor" : {
|
||||||
"vendor_data": [
|
"vendor_data" : [
|
||||||
{
|
{
|
||||||
"product": {
|
"product" : {
|
||||||
"product_data": [
|
"product_data" : [
|
||||||
{
|
{
|
||||||
"product_name": "McAfee Application Control (MAC)",
|
"product_name" : "McAfee Application Control (MAC)",
|
||||||
"version": {
|
"version" : {
|
||||||
"version_data": [
|
"version_data" : [
|
||||||
{
|
{
|
||||||
"affected": "<=",
|
"affected" : "<=",
|
||||||
"platform": "x86",
|
"platform" : "x86",
|
||||||
"version_name": "8.0.0 HF 4",
|
"version_name" : "8.0.0 HF 4",
|
||||||
"version_value": "8.0.0 HF 4"
|
"version_value" : "8.0.0 HF 4"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "McAfee"
|
"vendor_name" : "McAfee"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"credit": [
|
"credit" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "McAfee credits Paul W for reporting this flaw."
|
"value" : "McAfee credits Paul W for reporting this flaw."
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"data_format": "MITRE",
|
"data_format" : "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type" : "CVE",
|
||||||
"data_version": "4.0",
|
"data_version" : "4.0",
|
||||||
"description": {
|
"description" : {
|
||||||
"description_data": [
|
"description_data" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier. Allows authenticated users to execute arbitrary code via file transfer from external system."
|
"value" : "Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact" : {
|
||||||
"cvss": {
|
"cvss" : {
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity" : "LOW",
|
||||||
"attackVector": "LOCAL",
|
"attackVector" : "LOCAL",
|
||||||
"availabilityImpact": "NONE",
|
"availabilityImpact" : "NONE",
|
||||||
"baseScore": 6.1,
|
"baseScore" : 6.1,
|
||||||
"baseSeverity": "MEDIUM",
|
"baseSeverity" : "MEDIUM",
|
||||||
"confidentialityImpact": "LOW",
|
"confidentialityImpact" : "LOW",
|
||||||
"integrityImpact": "HIGH",
|
"integrityImpact" : "HIGH",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired" : "LOW",
|
||||||
"scope": "UNCHANGED",
|
"scope" : "UNCHANGED",
|
||||||
"userInteraction": "NONE",
|
"userInteraction" : "NONE",
|
||||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
|
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
|
||||||
"version": "3.0"
|
"version" : "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype" : {
|
||||||
"problemtype_data": [
|
"problemtype_data" : [
|
||||||
{
|
{
|
||||||
"description": [
|
"description" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Whitelist bypass"
|
"value" : "Whitelist bypass"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references" : {
|
||||||
"reference_data": [
|
"reference_data" : [
|
||||||
{
|
{
|
||||||
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250",
|
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250",
|
||||||
"refsource": "CONFIRM",
|
"refsource" : "CONFIRM",
|
||||||
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10250"
|
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10250"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"source": {
|
"source" : {
|
||||||
"discovery": "EXTERNAL"
|
"discovery" : "EXTERNAL"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,107 +1,107 @@
|
|||||||
{
|
{
|
||||||
"CVE_data_meta": {
|
"CVE_data_meta" : {
|
||||||
"ASSIGNER": "psirt@mcafee.com",
|
"ASSIGNER" : "psirt@mcafee.com",
|
||||||
"ID": "CVE-2018-6693",
|
"ID" : "CVE-2018-6693",
|
||||||
"STATE": "PUBLIC",
|
"STATE" : "PUBLIC",
|
||||||
"TITLE": " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"
|
"TITLE" : " Endpoint Security for Linux Threat Prevention (ENSLTP) privilege escalation vulnerability"
|
||||||
},
|
},
|
||||||
"affects": {
|
"affects" : {
|
||||||
"vendor": {
|
"vendor" : {
|
||||||
"vendor_data": [
|
"vendor_data" : [
|
||||||
{
|
{
|
||||||
"product": {
|
"product" : {
|
||||||
"product_data": [
|
"product_data" : [
|
||||||
{
|
{
|
||||||
"product_name": " Endpoint Security for Linux Threat Prevention (ENSLTP)",
|
"product_name" : " Endpoint Security for Linux Threat Prevention (ENSLTP)",
|
||||||
"version": {
|
"version" : {
|
||||||
"version_data": [
|
"version_data" : [
|
||||||
{
|
{
|
||||||
"affected": "=",
|
"affected" : "=",
|
||||||
"platform": "x86",
|
"platform" : "x86",
|
||||||
"version_name": "10.5.0",
|
"version_name" : "10.5.0",
|
||||||
"version_value": "10.5.0"
|
"version_value" : "10.5.0"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"affected": "=",
|
"affected" : "=",
|
||||||
"platform": "x86",
|
"platform" : "x86",
|
||||||
"version_name": "10.5.1",
|
"version_name" : "10.5.1",
|
||||||
"version_value": "10.5.0"
|
"version_value" : "10.5.0"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"affected": "<=",
|
"affected" : "<=",
|
||||||
"platform": "x86",
|
"platform" : "x86",
|
||||||
"version_name": "10.2.3 Hotfix 1246778",
|
"version_name" : "10.2.3 Hotfix 1246778",
|
||||||
"version_value": "10.2.3 Hotfix 1246778"
|
"version_value" : "10.2.3 Hotfix 1246778"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"vendor_name": "McAfee"
|
"vendor_name" : "McAfee"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"credit": [
|
"credit" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "RACK911Labs.com"
|
"value" : "RACK911Labs.com"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"data_format": "MITRE",
|
"data_format" : "MITRE",
|
||||||
"data_type": "CVE",
|
"data_type" : "CVE",
|
||||||
"data_version": "4.0",
|
"data_version" : "4.0",
|
||||||
"description": {
|
"description" : {
|
||||||
"description_data": [
|
"description_data" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."
|
"value" : "An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escalation to delete arbitrary files."
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"impact": {
|
"impact" : {
|
||||||
"cvss": {
|
"cvss" : {
|
||||||
"attackComplexity": "LOW",
|
"attackComplexity" : "LOW",
|
||||||
"attackVector": "LOCAL",
|
"attackVector" : "LOCAL",
|
||||||
"availabilityImpact": "LOW",
|
"availabilityImpact" : "LOW",
|
||||||
"baseScore": 5.6,
|
"baseScore" : 5.6,
|
||||||
"baseSeverity": "MEDIUM",
|
"baseSeverity" : "MEDIUM",
|
||||||
"confidentialityImpact": "NONE",
|
"confidentialityImpact" : "NONE",
|
||||||
"integrityImpact": "HIGH",
|
"integrityImpact" : "HIGH",
|
||||||
"privilegesRequired": "LOW",
|
"privilegesRequired" : "LOW",
|
||||||
"scope": "UNCHANGED",
|
"scope" : "UNCHANGED",
|
||||||
"userInteraction": "REQUIRED",
|
"userInteraction" : "REQUIRED",
|
||||||
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
|
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:L",
|
||||||
"version": "3.0"
|
"version" : "3.0"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"problemtype": {
|
"problemtype" : {
|
||||||
"problemtype_data": [
|
"problemtype_data" : [
|
||||||
{
|
{
|
||||||
"description": [
|
"description" : [
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Race Condition Enabling Link Following (CWE-363)"
|
"value" : "Race Condition Enabling Link Following (CWE-363)"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"lang": "eng",
|
"lang" : "eng",
|
||||||
"value": "Privilege Escalation (CWE-274)"
|
"value" : "Privilege Escalation (CWE-274)"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"references": {
|
"references" : {
|
||||||
"reference_data": [
|
"reference_data" : [
|
||||||
{
|
{
|
||||||
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248",
|
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248",
|
||||||
"refsource": "CONFIRM",
|
"refsource" : "CONFIRM",
|
||||||
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"
|
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10248"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"source": {
|
"source" : {
|
||||||
"discovery": "EXTERNAL"
|
"discovery" : "EXTERNAL"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user