admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Added submission from Trend Micro from 2018-02-09.

Browse Source
This commit is contained in:
CVE Team 2018-02-09 16:15:38 -05:00
parent 854f4fa3e7
commit b7d7b0a4fb
No known key found for this signature in database
GPG Key ID: 3504EC0FB4B2FE56
8 changed files with 501 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
2018/3xxx/CVE-2018-3600.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3600",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A external entity processing information disclosure (XXE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to disclose sensitive information on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-111/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

51
2018/3xxx/CVE-2018-3601.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3601",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Permissions"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-113/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

51
2018/3xxx/CVE-2018-3602.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3602",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An AdHocQuery_Processor SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-068/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

51
2018/3xxx/CVE-2018-3603.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3603",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,29 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "A CGGIServlet SQL injection remote code execution (RCE) vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-112/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

69
2018/3xxx/CVE-2018-3604.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3604",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,47 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "GetXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-067/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-084/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-088/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-095/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-096/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-097/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-102/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

96
2018/3xxx/CVE-2018-3605.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3605",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,74 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-069/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-070/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-071/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-072/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-073/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-074/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-075/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-076/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-077/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-078/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-079/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-080/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-081/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-082/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-087/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-098/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

99
2018/3xxx/CVE-2018-3606.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3606",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,77 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-083/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-085/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-086/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-089/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-091/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-092/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-093/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-099/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-100/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-101/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-103/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-104/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-105/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-106/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-107/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-108/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-110/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}

57
2018/3xxx/CVE-2018-3607.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-3607",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Control Manager",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,35 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "XXXTreeNode method SQL injection remote code execution (RCE) vulnerabilities in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-090/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-094/"
},
{
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-109/"
},
{
"url" : "https://success.trendmicro.com/solution/1119158"
}
]
}