mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-12 02:05:39 +00:00
Merge branch '08072018' of https://github.com/DellEMCProductSecurity/cvelist into DellEMCProductSecurity-08072018
This commit is contained in:
CVE Team
commit
66168f44ef
@ -1,18 +1,95 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-11048",
|
||||
"STATE" : "RESERVED"
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security_alert@emc.com",
|
||||
"DATE_PUBLIC": "2018-08-03T04:00:00.000Z",
|
||||
"ID": "CVE-2018-11048",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Data Protection Advisor",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "=",
|
||||
"version_value": "6.2"
|
||||
},
|
||||
{
|
||||
"affected": "=",
|
||||
"version_value": "6.3"
|
||||
},
|
||||
{
|
||||
"affected": "<=",
|
||||
"version_name": "6.4",
|
||||
"version_value": "patch B180"
|
||||
},
|
||||
{
|
||||
"affected": "<=",
|
||||
"version_name": "6.5",
|
||||
"version_value": "patch B58"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
{
|
||||
"product_name": "Integrated Data Protection Appliance",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "=",
|
||||
"version_value": "2.0"
|
||||
},
|
||||
{
|
||||
"affected": "=",
|
||||
"version_value": "2.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Dell EMC"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"lang": "eng",
|
||||
"value": "Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 contain a XML External Entity (XXE) Injection \nvulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to read certain system files in the server or cause denial of service by supplying specially crafted Document Type \nDefinitions (DTDs) in an XML request."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "XML External Entity Vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2018/Aug/5"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,18 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-11063",
|
||||
"STATE" : "RESERVED"
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security_alert@emc.com",
|
||||
"DATE_PUBLIC": "2018-08-06T04:00:00.000Z",
|
||||
"ID": "CVE-2018-11063",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Wyse Management Suite",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"affected": "<=",
|
||||
"version_name": "Standard",
|
||||
"version_value": "1.1"
|
||||
},
|
||||
{
|
||||
"affected": "<=",
|
||||
"version_name": "Pro",
|
||||
"version_value": "1.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Dell"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
"lang": "eng",
|
||||
"value": "Dell WMS versions 1.1 and prior are impacted by multiple unquoted service path vulnerabilities. Affected software installs multiple services incorrectly by specifying the paths to the service executables without quotes. This could potentially allow a low-privileged local user to execute arbitrary executables with elevated privileges."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unquoted Service Path Vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.dell.com/support/article/us/en/19/sln313398/dell-wyse-management-suite-multiple-unquoted-service-path-vulnerabilities?lang=en"
|
||||
}
|
||||
]
|
||||
},
|
||||
"source": {
|
||||
"discovery": "UNKNOWN"
|
||||
}
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user