admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-11-02 18:06:39 -04:00
parent 67efa76156
commit 9e7e574353
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 177 additions and 167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
2018/11xxx/CVE-2018-11062.json
View File

@ -1,68 +1,69 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-29T16:00:00.000Z",
"ID" : "CVE-2018-11062",
"STATE" : "PUBLIC",
"TITLE" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
"product_name" : "Integrated Data Protection Appliance",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2.X",
"version_value": "2.3"
"affected" : "<",
"version_name" : "2.X",
"version_value" : "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
"lang" : "eng",
"value" : "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
"lang" : "eng",
"value" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
"name" : "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/53"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}

119
2018/15xxx/CVE-2018-15762.json
View File

@ -1,99 +1,100 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2018-10-29T07:00:00.000Z",
"ID": "CVE-2018-15762",
"STATE": "PUBLIC",
"TITLE": "Pivotal Operations Manager gives all users heightened privileges"
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-29T07:00:00.000Z",
"ID" : "CVE-2018-15762",
"STATE" : "PUBLIC",
"TITLE" : "Pivotal Operations Manager gives all users heightened privileges"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "Pivotal Operations Manager",
"version": {
"version_data": [
"product_name" : "Pivotal Operations Manager",
"version" : {
"version_data" : [
{
"affected": "<",
"version_name": "2.0.x",
"version_value": "2.0.24"
"affected" : "<",
"version_name" : "2.0.x",
"version_value" : "2.0.24"
},
{
"affected": "<",
"version_name": "2.1.x",
"version_value": "2.1.15"
"affected" : "<",
"version_name" : "2.1.x",
"version_value" : "2.1.15"
},
{
"affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.7"
"affected" : "<",
"version_name" : "2.2.x",
"version_value" : "2.2.7"
},
{
"affected": "<",
"version_name": "2.3.x",
"version_value": "2.3.1"
"affected" : "<",
"version_name" : "2.3.x",
"version_value" : "2.3.1"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
"vendor_name" : "Pivotal Cloud Foundry"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang": "eng",
"value": "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
"lang" : "eng",
"value" : "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype": {
"problemtype_data": [
"problemtype" : {
"problemtype_data" : [
{
"description": [
"description" : [
{
"lang": "eng",
"value": "Improper Authorization"
"lang" : "eng",
"value" : "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
"references" : {
"reference_data" : [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15762"
"name" : "https://pivotal.io/security/cve-2018-15762",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15762"
}
]
},
"source": {
"discovery": "UNKNOWN"
"source" : {
"discovery" : "UNKNOWN"
}
}

106
2018/16xxx/CVE-2018-16847.json
View File

@ -1,74 +1,82 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16847",
"ASSIGNER": "lpardo@redhat.com"
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-16847",
"STATE" : "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name": "[UNKNOWN]",
"product": {
"product_data": [
"product" : {
"product_data" : [
{
"product_name": "QEMU:",
"version": {
"version_data": [
"product_name" : "QEMU:",
"version" : {
"version_data" : [
{
"version_value": "n/a"
"version_value" : "n/a"
}
]
}
}
]
}
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"problemtype": {
"problemtype_data": [
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"description": [
{
"lang": "eng",
"value": "CWE-787"
}
]
"lang" : "eng",
"value" : "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847",
"refsource": "CONFIRM"
},
{
"url": "https://www.openwall.com/lists/oss-security/2018/11/02/1"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "An OOB heap buffer r/w access issue was found in the NVM Express Controller emulation in QEMU. It could occur in nvme_cmb_ops routines in nvme device. A guest user/process could use this flaw to crash the QEMU process resulting in DoS or potentially run arbitrary code with privileges of the QEMU process."
}
]
},
"impact": {
"cvss": [
"impact" : {
"cvss" : [
[
{
"vectorString": "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.0"
"vectorString" : "7/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20181102 CVE-2018-16847 QEMU: nvme: Out-of-bounds r/w buffer access in cmb operations",
"refsource" : "MLIST",
"url" : "https://www.openwall.com/lists/oss-security/2018/11/02/1"
},
{
"name" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html",
"refsource" : "MISC",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-11/msg00200.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16847"
}
]
}
}