cvelistv5 - cve-2018-15664

CVE-2018-15664 (GCVE-0-2018-15664)

Vulnerability from cvelistv5

Published

2019-05-23 13:58

Modified

2024-08-05 10:01

Severity ?

CWE

Summary

In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).

References

URL

Tags

	https://bugzilla.suse.com/show_bug.cgi?id=1096726	x_refsource_MISC
	https://github.com/moby/moby/pull/39252	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/05/28/1	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/108507	vdb-entry, x_refsource_BID
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html	vendor-advisory, x_refsource_SUSE
	https://usn.ubuntu.com/4048-1/	vendor-advisory, x_refsource_UBUNTU
	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2019:1910	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2019/08/21/1	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:01:54.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/pull/39252"
          },
          {
            "name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
          },
          {
            "name": "108507",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108507"
          },
          {
            "name": "openSUSE-SU-2019:1621",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
          },
          {
            "name": "USN-4048-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4048-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
          },
          {
            "name": "RHSA-2019:1910",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1910"
          },
          {
            "name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
          },
          {
            "name": "openSUSE-SU-2019:2044",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-05-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-01T23:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/pull/39252"
        },
        {
          "name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
        },
        {
          "name": "108507",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/108507"
        },
        {
          "name": "openSUSE-SU-2019:1621",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
        },
        {
          "name": "USN-4048-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4048-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
        },
        {
          "name": "RHSA-2019:1910",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1910"
        },
        {
          "name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
        },
        {
          "name": "openSUSE-SU-2019:2044",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-15664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Docker through 18.06.1-ce-rc2, the API endpoints behind the \u0027docker cp\u0027 command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
              "refsource": "MISC",
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1096726"
            },
            {
              "name": "https://github.com/moby/moby/pull/39252",
              "refsource": "MISC",
              "url": "https://github.com/moby/moby/pull/39252"
            },
            {
              "name": "[oss-security] 20190528 CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/05/28/1"
            },
            {
              "name": "108507",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/108507"
            },
            {
              "name": "openSUSE-SU-2019:1621",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html"
            },
            {
              "name": "USN-4048-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4048-1/"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664"
            },
            {
              "name": "RHSA-2019:1910",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1910"
            },
            {
              "name": "[oss-security] 20190821 RE: CVE-2018-15664: docker (all versions) is vulnerable to a symlink-race attack",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/08/21/1"
            },
            {
              "name": "openSUSE-SU-2019:2044",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-15664",
    "datePublished": "2019-05-23T13:58:37.000Z",
    "dateReserved": "2018-08-21T00:00:00.000Z",
    "dateUpdated": "2024-08-05T10:01:54.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2019-AVI-322

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Exchange Server 2013 Cumulative Update 23
Microsoft	N/A	Team Foundation Server 2012 Update 4
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 2 pour systèmes x64 (GDR)
Microsoft	N/A	ChakraCore
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	Azure	Azure DevOps Server 2019.0.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.1
Microsoft	N/A	Mail and Calendar
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 2 pour systèmes x64 (CU+GDR)
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 2 (CU+GDR)
Microsoft	N/A	Skype pour Business 2016 (64 bits)
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 2 pour systèmes 32 bits (GDR)
Microsoft	N/A	Microsoft Lync Basic 2013 Service Pack 1 (64 bits)
Microsoft	N/A	Team Foundation Server 2013 Update 5
Microsoft	N/A	Microsoft Visual Studio 2010 Service Pack 1
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (GDR)
Microsoft	N/A	Team Foundation Server 2010 SP1 (x64)
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Microsoft Visual Studio 2019 version 16.0
Microsoft	N/A	Microsoft Visual Studio 2013 Update 5
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (CU+GDR)
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 2
Microsoft	Azure	Azure Automation
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 13
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 1 (CU+GDR)
Microsoft	N/A	Team Foundation Server 2010 SP1 (x86)
Microsoft	N/A	Microsoft SQL Server 2017 pour systèmes x64 (GDR)
Microsoft	N/A	Microsoft Exchange Server 2019 Cumulative Update 1
Microsoft	N/A	Microsoft Visual Studio 2015 Update 3
Microsoft	N/A	Microsoft Exchange Server 2010 Service Pack 3
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	Azure	Microsoft Azure Kubernetes Service
Microsoft	N/A	Team Foundation Server 2018 Update 1.2
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes x64 (CU+GDR)
Microsoft	N/A	Azure IoT Edge
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 2 pour systèmes 32 bits (CU+GDR)
Microsoft	N/A	Skype pour Business 2016 Basic (32 bits)
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 1 (GDR)
Microsoft	N/A	Skype pour Business 2016 (32 bits)
Microsoft	N/A	Microsoft.IdentityModel 7.0.0
Microsoft	N/A	Microsoft Visual Studio 2012 Update 5
Microsoft	N/A	Microsoft SQL Server 2016 pour systèmes x64 Service Pack 2 (GDR)
Microsoft	N/A	Microsoft Lync Basic 2013 Service Pack 1 (32 bits)
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (GDR)
Microsoft	N/A	Microsoft Exchange Server 2016 Cumulative Update 12
Microsoft	N/A	Microsoft SQL Server 2014 Service Pack 3 pour systèmes 32 bits (CU+GDR)
Microsoft	N/A	Team Foundation Server 2015 Update 4.2
Microsoft	N/A	Skype pour Business 2016 Basic (64 bits)
Microsoft	N/A	Microsoft Lync 2013 Service Pack 1 (32 bits)

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft du 09 juillet 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Exchange Server 2013 Cumulative Update 23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2012 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure DevOps Server 2019.0.1",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Mail and Calendar",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes x64 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 2 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes 32 bits (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Basic 2013 Service Pack 1 (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2010 Service Pack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2010 SP1 (x64)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2019 version 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2013 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Automation",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 1 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2010 SP1 (x86)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2017 pour syst\u00e8mes x64 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2019 Cumulative Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2015 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2010 Service Pack 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Azure Kubernetes Service",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes x64 (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure IoT Edge",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 2 pour syst\u00e8mes 32 bits (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 Basic (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 1 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft.IdentityModel 7.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2012 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2016 pour syst\u00e8mes x64 Service Pack 2 (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Basic 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Exchange Server 2016 Cumulative Update 12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft SQL Server 2014 Service Pack 3 pour syst\u00e8mes 32 bits (CU+GDR)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2015 Update 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business 2016 Basic (64 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync 2013 Service Pack 1 (32 bits)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1062"
    },
    {
      "name": "CVE-2019-1103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1103"
    },
    {
      "name": "CVE-2019-1107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1107"
    },
    {
      "name": "CVE-2019-1079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1079"
    },
    {
      "name": "CVE-2019-1001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1001"
    },
    {
      "name": "CVE-2019-1006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1006"
    },
    {
      "name": "CVE-2019-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1077"
    },
    {
      "name": "CVE-2019-1084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1084"
    },
    {
      "name": "CVE-2019-1137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1137"
    },
    {
      "name": "CVE-2019-0962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0962"
    },
    {
      "name": "CVE-2019-1072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1072"
    },
    {
      "name": "CVE-2019-1076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1076"
    },
    {
      "name": "CVE-2019-1136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1136"
    },
    {
      "name": "CVE-2019-1106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1106"
    },
    {
      "name": "CVE-2018-15664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15664"
    },
    {
      "name": "CVE-2019-1068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1068"
    },
    {
      "name": "CVE-2019-1113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1113"
    },
    {
      "name": "CVE-2019-1092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1092"
    }
  ],
  "initial_release_date": "2019-07-10T00:00:00",
  "last_revision_date": "2019-07-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-322",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 09 juillet 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-15664 (GCVE-0-2018-15664)

Vulnerability from cvelistv5

CERTFR-2019-AVI-322

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature