diff --git a/2003/1xxx/CVE-2003-1605.json b/2003/1xxx/CVE-2003-1605.json index 7493039db4a..f532cae6949 100644 --- a/2003/1xxx/CVE-2003-1605.json +++ b/2003/1xxx/CVE-2003-1605.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2003-1605", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://curl.haxx.se/docs/CVE-2003-1605.html", + "refsource" : "MISC", + "url" : "https://curl.haxx.se/docs/CVE-2003-1605.html" + }, + { + "name" : "8432", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/8432" } ] } diff --git a/2018/14xxx/CVE-2018-14786.json b/2018/14xxx/CVE-2018-14786.json index 59780ee3224..7a65c37f573 100644 --- a/2018/14xxx/CVE-2018-14786.json +++ b/2018/14xxx/CVE-2018-14786.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The following versions of Alaris Plus, medical syringe pumps, Models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA Versions 2.3.6 and prior, are affected by an improper authentication vulnerability where The software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port." + "value" : "Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01" + }, + { + "name" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states", + "refsource" : "CONFIRM", + "url" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states" } ] } diff --git a/2018/14xxx/CVE-2018-14791.json b/2018/14xxx/CVE-2018-14791.json index c00c27b5386..b44a0fd371d 100644 --- a/2018/14xxx/CVE-2018-14791.json +++ b/2018/14xxx/CVE-2018-14791.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" } ] diff --git a/2018/14xxx/CVE-2018-14797.json b/2018/14xxx/CVE-2018-14797.json index c8e9c6ff38b..20b6e2317e8 100644 --- a/2018/14xxx/CVE-2018-14797.json +++ b/2018/14xxx/CVE-2018-14797.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" } ] diff --git a/2018/15xxx/CVE-2018-15806.json b/2018/15xxx/CVE-2018-15806.json new file mode 100644 index 00000000000..d55bad8c4a2 --- /dev/null +++ b/2018/15xxx/CVE-2018-15806.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-15806", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1156.json b/2018/1xxx/CVE-2018-1156.json index 8b4cb7605d5..81b9886ce87 100644 --- a/2018/1xxx/CVE-2018-1156.json +++ b/2018/1xxx/CVE-2018-1156.json @@ -1,9 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnreport@tenable.com", "DATE_PUBLIC" : "2018-08-22T00:00:00", "ID" : "CVE-2018-1156", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -12,7 +35,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to stack buffer overflow through the license upgrade interface. This vulnerability could theoretically allow a remote authenticated attacker execute arbitrary code on the system." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tenable.com/security/research/tra-2018-21", + "refsource" : "MISC", + "url" : "https://www.tenable.com/security/research/tra-2018-21" + }, + { + "name" : "https://mikrotik.com/download/changelogs", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs" + }, + { + "name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" } ] } diff --git a/2018/1xxx/CVE-2018-1157.json b/2018/1xxx/CVE-2018-1157.json index b76869ce6a7..b5ceaf4534c 100644 --- a/2018/1xxx/CVE-2018-1157.json +++ b/2018/1xxx/CVE-2018-1157.json @@ -1,9 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnreport@tenable.com", "DATE_PUBLIC" : "2018-08-22T00:00:00", "ID" : "CVE-2018-1157", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -12,7 +35,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system via a crafted HTTP POST request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tenable.com/security/research/tra-2018-21", + "refsource" : "MISC", + "url" : "https://www.tenable.com/security/research/tra-2018-21" + }, + { + "name" : "https://mikrotik.com/download/changelogs", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs" + }, + { + "name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" } ] } diff --git a/2018/1xxx/CVE-2018-1158.json b/2018/1xxx/CVE-2018-1158.json index c4179d1b531..cdace143a1b 100644 --- a/2018/1xxx/CVE-2018-1158.json +++ b/2018/1xxx/CVE-2018-1158.json @@ -1,9 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnreport@tenable.com", "DATE_PUBLIC" : "2018-08-22T00:00:00", "ID" : "CVE-2018-1158", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -12,7 +35,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a stack exhaustion vulnerability. An authenticated remote attacker can crash the HTTP server via recursive parsing of JSON." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tenable.com/security/research/tra-2018-21", + "refsource" : "MISC", + "url" : "https://www.tenable.com/security/research/tra-2018-21" + }, + { + "name" : "https://mikrotik.com/download/changelogs", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs" + }, + { + "name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" } ] } diff --git a/2018/1xxx/CVE-2018-1159.json b/2018/1xxx/CVE-2018-1159.json index 680a468d0df..5fc698ef38e 100644 --- a/2018/1xxx/CVE-2018-1159.json +++ b/2018/1xxx/CVE-2018-1159.json @@ -1,9 +1,32 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "vulnreport@tenable.com", "DATE_PUBLIC" : "2018-08-22T00:00:00", "ID" : "CVE-2018-1159", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -12,7 +35,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Mikrotik RouterOS before 6.42.7 and 6.40.9 is vulnerable to a memory corruption vulnerability. An authenticated remote attacker can crash the HTTP server by rapidly authenticating and disconnecting." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tenable.com/security/research/tra-2018-21", + "refsource" : "MISC", + "url" : "https://www.tenable.com/security/research/tra-2018-21" + }, + { + "name" : "https://mikrotik.com/download/changelogs", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs" + }, + { + "name" : "https://mikrotik.com/download/changelogs/bugfix-release-tree", + "refsource" : "CONFIRM", + "url" : "https://mikrotik.com/download/changelogs/bugfix-release-tree" } ] }