diff --git a/2018/15xxx/CVE-2018-15590.json b/2018/15xxx/CVE-2018-15590.json index 66c3610b92b..87d055f9f6f 100644 --- a/2018/15xxx/CVE-2018-15590.json +++ b/2018/15xxx/CVE-2018-15590.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15590", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Ivanti Workspace Control before 10.3.0.0 and RES One Workspace, when file and folder security are configured. A local authenticated user can bypass file and folder security restriction by leveraging an unspecified attack vector." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181001 Ivanti Workspace Control Data Security bypass via localhost UNC path", + "refsource" : "BUGTRAQ", + "url" : "https://seclists.org/bugtraq/2018/Oct/10" + }, + { + "name" : "20181001 Ivanti Workspace Control Data Security bypass via localhost UNC path", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/2" + }, + { + "name" : "http://packetstormsecurity.com/files/149617/Ivanti-Workspace-Control-UNC-Path-Data-Security-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149617/Ivanti-Workspace-Control-UNC-Path-Data-Security-Bypass.html" + }, + { + "name" : "https://www.securify.nl/en/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html", + "refsource" : "MISC", + "url" : "https://www.securify.nl/en/advisory/SFY20180803/ivanti-workspace-control-data-security-bypass-via-localhost-unc-path.html" + }, + { + "name" : "https://community.ivanti.com/docs/DOC-69682", + "refsource" : "CONFIRM", + "url" : "https://community.ivanti.com/docs/DOC-69682" } ] } diff --git a/2018/15xxx/CVE-2018-15591.json b/2018/15xxx/CVE-2018-15591.json index 3117f95e6d3..65daf054dc3 100644 --- a/2018/15xxx/CVE-2018-15591.json +++ b/2018/15xxx/CVE-2018-15591.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15591", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can bypass Application Whitelisting restrictions to execute arbitrary code by leveraging multiple unspecified attack vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181001 Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument", + "refsource" : "BUGTRAQ", + "url" : "https://seclists.org/bugtraq/2018/Oct/8" + }, + { + "name" : "20181001 Ivanti Workspace Control Application Whitelist bypass via PowerGrid /SEE command line argument", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/4" + }, + { + "name" : "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149614/Ivanti-Workspace-Control-Application-PowerGrid-SEE-Whitelist-Bypass.html" + }, + { + "name" : "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html", + "refsource" : "MISC", + "url" : "https://www.securify.nl/en/advisory/SFY20180806/ivanti-workspace-control-application-whitelist-bypass-via-powergrid-_see-command-line-argument.html" + }, + { + "name" : "https://community.ivanti.com/docs/DOC-69684", + "refsource" : "CONFIRM", + "url" : "https://community.ivanti.com/docs/DOC-69684" } ] } diff --git a/2018/15xxx/CVE-2018-15592.json b/2018/15xxx/CVE-2018-15592.json index 8e61597cf5b..177eb522c3e 100644 --- a/2018/15xxx/CVE-2018-15592.json +++ b/2018/15xxx/CVE-2018-15592.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15592", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe", + "refsource" : "BUGTRAQ", + "url" : "https://seclists.org/bugtraq/2018/Oct/7" + }, + { + "name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/1" + }, + { + "name" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html" + }, + { + "name" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html", + "refsource" : "MISC", + "url" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html" + }, + { + "name" : "https://community.ivanti.com/docs/DOC-69692", + "refsource" : "CONFIRM", + "url" : "https://community.ivanti.com/docs/DOC-69692" } ] } diff --git a/2018/15xxx/CVE-2018-15593.json b/2018/15xxx/CVE-2018-15593.json index 100fcad622b..a479810bb94 100644 --- a/2018/15xxx/CVE-2018-15593.json +++ b/2018/15xxx/CVE-2018-15593.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15593", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can decrypt the encrypted datastore or relay server password by leveraging an unspecified attack vector." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20181001 Stored credentials Ivanti Workspace Control can be retrieved from Registry", + "refsource" : "BUGTRAQ", + "url" : "https://seclists.org/bugtraq/2018/Oct/5" + }, + { + "name" : "20181001 Stored credentials Ivanti Workspace Control can be retrieved from Registry", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Oct/3" + }, + { + "name" : "http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149616/Ivanti-Workspace-Control-Registry-Stored-Credentials.html" + }, + { + "name" : "https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html", + "refsource" : "MISC", + "url" : "https://www.securify.nl/en/advisory/SFY20180804/stored-credentials-ivanti-workspace-control-can-be-retrieved-from-registry.html" + }, + { + "name" : "https://community.ivanti.com/docs/DOC-69693", + "refsource" : "CONFIRM", + "url" : "https://community.ivanti.com/docs/DOC-69693" } ] } diff --git a/2018/17xxx/CVE-2018-17961.json b/2018/17xxx/CVE-2018-17961.json index 4098ea18c36..25f9a6c7757 100644 --- a/2018/17xxx/CVE-2018-17961.json +++ b/2018/17xxx/CVE-2018-17961.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-17961", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,58 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "45573", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/45573/" + }, + { + "name" : "[oss-security] 20181009 ghostscript: bypassing executeonly to escape -dSAFER sandbox (CVE-2018-17961)", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/10/09/4" + }, + { + "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2", + "refsource" : "MISC", + "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1682&desc=2" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0", + "refsource" : "CONFIRM", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a54c9e61e7d0" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63", + "refsource" : "CONFIRM", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a5a9bf8c6a63" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94", + "refsource" : "CONFIRM", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6807394bd94" + }, + { + "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816", + "refsource" : "CONFIRM", + "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699816" } ] } diff --git a/2018/18xxx/CVE-2018-18073.json b/2018/18xxx/CVE-2018-18073.json index 39b26e0a6e1..e89d46d06f1 100644 --- a/2018/18xxx/CVE-2018-18073.json +++ b/2018/18xxx/CVE-2018-18073.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-18073", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,48 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Artifex Ghostscript allows attackers to bypass a sandbox protection mechanism by leveraging exposure of system operators in the saved execution stack in an error object." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20181010 ghostscript: saved execution stacks can leak operator arrays (CVE-2018-18073)", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2018/10/10/12" + }, + { + "name" : "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html", + "refsource" : "MISC", + "url" : "http://packetstormsecurity.com/files/149758/Ghostscript-Exposed-System-Operators.html" + }, + { + "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690", + "refsource" : "MISC", + "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1690" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c", + "refsource" : "CONFIRM", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=34cc326eb2c5695833361887fe0b32e8d987741c" + }, + { + "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699927", + "refsource" : "CONFIRM", + "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699927" } ] }