admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-07 21:47:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-10-15 12:05:02 -04:00
parent 64844de1ed
commit f5e69be472
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 406 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2018/15xxx/CVE-2018-15590.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15590",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181001 Ivanti Workspace Control Data Security bypass via localhost UNC path",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/10"
},
{
"name" : "20181001 Ivanti Workspace Control Data Security bypass via localhost UNC path",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/2"
},
{
"name" : "http://packetstormsecurity.com/files/149617/Ivanti-Workspace-Control-UNC-Path-Data-Security-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149617/Ivanti-Workspace-Control-UNC-Path-Data-Security-Bypass.html"
},
{
"name" : "https://www.securify.nl/en/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/en/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html"
},
{
"name" : "https://community.ivanti.com/docs/DOC-69682",
"refsource" : "CONFIRM",
"url" : "https://community.ivanti.com/docs/DOC-69682"
}
]
}

68
2018/15xxx/CVE-2018-15591.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15591",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181001 Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/8"
},
{
"name" : "20181001 Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/4"
},
{
"name" : "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html"
},
{
"name" : "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html"
},
{
"name" : "https://community.ivanti.com/docs/DOC-69684",
"refsource" : "CONFIRM",
"url" : "https://community.ivanti.com/docs/DOC-69684"
}
]
}

68
2018/15xxx/CVE-2018-15592.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15592",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/7"
},
{
"name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/1"
},
{
"name" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html"
},
{
"name" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html"
},
{
"name" : "https://community.ivanti.com/docs/DOC-69692",
"refsource" : "CONFIRM",
"url" : "https://community.ivanti.com/docs/DOC-69692"
}
]
}

68
2018/15xxx/CVE-2018-15593.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15593",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181001 Stored credentials Ivanti Workspace Control can be retrieved from Registry",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/5"
},
{
"name" : "20181001 Stored credentials Ivanti Workspace Control can be retrieved from Registry",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/3"
},
{
"name" : "http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html"
},
{
"name" : "https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html"
},
{
"name" : "https://community.ivanti.com/docs/DOC-69693",
"refsource" : "CONFIRM",
"url" : "https://community.ivanti.com/docs/DOC-69693"
}
]
}

78
2018/17xxx/CVE-2018-17961.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17961",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,58 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45573",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45573/"
},
{
"name" : "[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/10/09/4"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816"
}
]
}

68
2018/18xxx/CVE-2018-18073.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18073",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,48 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/10/10/12"
},
{
"name" : "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690"
},
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699927",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699927"
}
]
}