diff --git a/2013/2xxx/CVE-2013-2999.json b/2013/2xxx/CVE-2013-2999.json index d4256835745..dfc0658ba5a 100644 --- a/2013/2xxx/CVE-2013-2999.json +++ b/2013/2xxx/CVE-2013-2999.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-2999", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 84115." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/" + }, + { + "name" : "infosphere-cve20132999-xss(84115)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84115" } ] } diff --git a/2013/3xxx/CVE-2013-3000.json b/2013/3xxx/CVE-2013-3000.json index 1decef518db..aca3e8d792d 100644 --- a/2013/3xxx/CVE-2013-3000.json +++ b/2013/3xxx/CVE-2013-3000.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-3000", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/" + }, + { + "name" : "infosphere-cve20133000-sql-injection(84116)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84116" } ] } diff --git a/2013/3xxx/CVE-2013-3001.json b/2013/3xxx/CVE-2013-3001.json index 6985f400635..acf6f79c649 100644 --- a/2013/3xxx/CVE-2013-3001.json +++ b/2013/3xxx/CVE-2013-3001.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-3001", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Directory traversal vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to read arbitrary files via unspecified vectors. IBM X-Force ID: 84127." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-affect-infosphere-data-replication-dashboard-cve-2013-2999-cve-2013-3001-cve-2013-3000/" + }, + { + "name" : "infosphere-20133001-dir-traversal(84127)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84127" } ] } diff --git a/2013/3xxx/CVE-2013-3017.json b/2013/3xxx/CVE-2013-3017.json index bba8ccc692b..eca73239502 100644 --- a/2013/3xxx/CVE-2013-3017.json +++ b/2013/3xxx/CVE-2013-3017.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-3017", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "IBM Tivoli Application Dependency Discovery Manager (TADDM) before 7.2.1.5 and 7.2.x before 7.2.2 make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging support for weak SSL ciphers. IBM X-Force ID: 84353." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/", + "refsource" : "CONFIRM", + "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-taddm-reject-weak-and-medium-ciphers-on-taddm-ports/" + }, + { + "name" : "ibm-tivoli-cve20133017-spoofing(84353)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84353" } ] } diff --git a/2017/11xxx/CVE-2017-11175.json b/2017/11xxx/CVE-2017-11175.json index 577146cc28e..5341527c660 100644 --- a/2017/11xxx/CVE-2017-11175.json +++ b/2017/11xxx/CVE-2017-11175.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /auth/ariosa/login." + "value" : "In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login." } ] }, diff --git a/2017/13xxx/CVE-2017-13077.json b/2017/13xxx/CVE-2017-13077.json index 9617b6887d2..19f741115ad 100644 --- a/2017/13xxx/CVE-2017-13077.json +++ b/2017/13xxx/CVE-2017-13077.json @@ -140,6 +140,11 @@ "refsource" : "CONFIRM", "url" : "https://cert.vde.com/en-us/advisories/vde-2017-005" }, + { + "name" : "https://source.android.com/security/bulletin/2018-06-01", + "refsource" : "CONFIRM", + "url" : "https://source.android.com/security/bulletin/2018-06-01" + }, { "name" : "20171016 Multiple Vulnerabilities in Wi-Fi Protected Access and Wi-Fi Protected Access II", "refsource" : "CISCO", diff --git a/2017/5xxx/CVE-2017-5754.json b/2017/5xxx/CVE-2017-5754.json index f2ddf5eca82..52aecbd1250 100644 --- a/2017/5xxx/CVE-2017-5754.json +++ b/2017/5xxx/CVE-2017-5754.json @@ -188,6 +188,11 @@ "refsource" : "CONFIRM", "url" : "https://cert.vde.com/en-us/advisories/vde-2018-003" }, + { + "name" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin", + "refsource" : "CONFIRM", + "url" : "https://www.codeaurora.org/security-bulletin/2018/07/02/july-2018-code-aurora-security-bulletin" + }, { "name" : "20180104 CPU Side-Channel Information Disclosure Vulnerabilities", "refsource" : "CISCO", diff --git a/2018/12xxx/CVE-2018-12977.json b/2018/12xxx/CVE-2018-12977.json index bb90ec95cfb..958af6ca180 100644 --- a/2018/12xxx/CVE-2018-12977.json +++ b/2018/12xxx/CVE-2018-12977.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12977", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A SQL injection vulnerability in the SoftExpert (SE) Excellence Suite 2.0 allows remote authenticated users to perform SQL heuristics by pulling information from the database with the \"cddocument\" parameter in the \"Downloading Electronic Documents\" section." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "44981", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/44981/" } ] } diff --git a/2018/13xxx/CVE-2018-13034.json b/2018/13xxx/CVE-2018-13034.json index e12e6af34f6..3d8b08b5d2a 100644 --- a/2018/13xxx/CVE-2018-13034.json +++ b/2018/13xxx/CVE-2018-13034.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13034", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Directory traversal in Jester web framework 0.2.0 allows remote attackers to fetch files in arbitrary locations via \"..%f\" sequences." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/dom96/jester/blob/master/changelog.markdown", + "refsource" : "CONFIRM", + "url" : "https://github.com/dom96/jester/blob/master/changelog.markdown" } ] } diff --git a/2018/13xxx/CVE-2018-13787.json b/2018/13xxx/CVE-2018-13787.json index f6cf83f8449..5cf65628b6a 100644 --- a/2018/13xxx/CVE-2018-13787.json +++ b/2018/13xxx/CVE-2018-13787.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-13787", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/", + "refsource" : "MISC", + "url" : "https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/" + }, + { + "name" : "https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/", + "refsource" : "MISC", + "url" : "https://www.bleepingcomputer.com/news/security/firmware-vulnerabilities-disclosed-in-supermicro-server-products/" + }, + { + "name" : "https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab", + "refsource" : "MISC", + "url" : "https://www.supermicro.com/support/security_Intel-SA-00088.cfm?pg=X10#tab" } ] } diff --git a/2018/6xxx/CVE-2018-6851.json b/2018/6xxx/CVE-2018-6851.json index 83b24f88c96..b9c52234130 100644 --- a/2018/6xxx/CVE-2018-6851.json +++ b/2018/6xxx/CVE-2018-6851.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6851", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6852.json b/2018/6xxx/CVE-2018-6852.json index 13bfc72811e..ce8cb9ff1cf 100644 --- a/2018/6xxx/CVE-2018-6852.json +++ b/2018/6xxx/CVE-2018-6852.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6852", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to zero out contents of a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6853.json b/2018/6xxx/CVE-2018-6853.json index 366287f944c..f5ebc97c707 100644 --- a/2018/6xxx/CVE-2018-6853.json +++ b/2018/6xxx/CVE-2018-6853.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6853", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6854.json b/2018/6xxx/CVE-2018-6854.json index ac8e73cdbc1..4cd49c9498e 100644 --- a/2018/6xxx/CVE-2018-6854.json +++ b/2018/6xxx/CVE-2018-6854.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6854", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via multiple IOCTLs, e.g., 0x8810200B, 0x8810200F, 0x8810201B, 0x8810201F, 0x8810202B, 0x8810202F, 0x8810203F, 0x8810204B, 0x88102003, 0x88102007, 0x88102013, 0x88102017, 0x88102027, 0x88102033, 0x88102037, 0x88102043, and 0x88102047. When some conditions in the user-controlled input buffer are not met, the driver writes an error code (0x2000001A) to a user-controlled address. Also, note that all the aforementioned IOCTLs use transfer type METHOD_NEITHER, which means that the I/O manager does not validate any of the supplied pointers and buffer sizes. So, even though the driver checks for input/output buffer sizes, it doesn't validate if the pointers to those buffers are actually valid. So, we can supply a pointer for the output buffer to a kernel address space address, and the error code will be written there. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6855.json b/2018/6xxx/CVE-2018-6855.json index fb594f6b955..522643296ac 100644 --- a/2018/6xxx/CVE-2018-6855.json +++ b/2018/6xxx/CVE-2018-6855.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6855", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202014. By crafting an input buffer we can control the execution path to the point where the constant 0xFFFFFFF will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6856.json b/2018/6xxx/CVE-2018-6856.json index 8894acba59e..2e82a52629f 100644 --- a/2018/6xxx/CVE-2018-6856.json +++ b/2018/6xxx/CVE-2018-6856.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6856", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] } diff --git a/2018/6xxx/CVE-2018-6857.json b/2018/6xxx/CVE-2018-6857.json index 7793fb07e90..460eee7c5ba 100644 --- a/2018/6xxx/CVE-2018-6857.json +++ b/2018/6xxx/CVE-2018-6857.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6857", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x802022E0. By crafting an input buffer we can control the execution path to the point where the constant 0x12 will be written to a user-controlled address. We can take advantage of this condition to modify the SEP_TOKEN_PRIVILEGES structure of the Token object belonging to the exploit process and grant SE_DEBUG_NAME privilege. This allows the exploit process to interact with higher privileged processes running as SYSTEM and execute code in their security context." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/20" + }, + { + "name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/", + "refsource" : "MISC", + "url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/" + }, + { + "name" : "https://community.sophos.com/kb/en-us/131934", + "refsource" : "CONFIRM", + "url" : "https://community.sophos.com/kb/en-us/131934" } ] }