From 190e0805bc243cbb242d30eadf785697a41e7f01 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 26 Jun 2018 16:04:12 -0400 Subject: [PATCH] - Synchronized data. --- 2017/9xxx/CVE-2017-9312.json | 19 ++++--- 2018/10xxx/CVE-2018-10594.json | 2 + 2018/12xxx/CVE-2018-12895.json | 62 +++++++++++++++++++++++ 2018/1xxx/CVE-2018-1374.json | 92 +++++++++++++++++----------------- 2018/1xxx/CVE-2018-1614.json | 80 ++++++++++++++--------------- 5 files changed, 161 insertions(+), 94 deletions(-) create mode 100644 2018/12xxx/CVE-2018-12895.json diff --git a/2017/9xxx/CVE-2017-9312.json b/2017/9xxx/CVE-2017-9312.json index 7e79a2482cd..ae22f2b5929 100644 --- a/2017/9xxx/CVE-2017-9312.json +++ b/2017/9xxx/CVE-2017-9312.json @@ -1,6 +1,6 @@ { "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", + "ASSIGNER" : "cve@mitre.org", "DATE_PUBLIC" : "2018-06-21T00:00:00", "ID" : "CVE-2017-9312", "STATE" : "PUBLIC" @@ -12,18 +12,18 @@ "product" : { "product_data" : [ { - "product_name" : "Allen-Bradley CompactLogix and Compact GuardLogix", + "product_name" : "n/a", "version" : { "version_data" : [ { - "version_value" : "Versions 30.012 and prior" + "version_value" : "n/a" } ] } } ] }, - "vendor_name" : "ICS-CERT" + "vendor_name" : "n/a" } ] } @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "This vulnerability may allow an attacker to intentionally send a specific TCP packet to the product and cause a Major Non-Recoverable Fault (MNRF), resulting in a denial-of-service condition." + "value" : "Improperly implemented option-field processing in the TCP/IP stack on Allen-Bradley L30ERMS safety devices v30 and earlier causes a denial of service. When a crafted TCP packet is received, the device reboots immediately." } ] }, @@ -45,7 +45,7 @@ "description" : [ { "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" + "value" : "n/a" } ] } @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-02" + }, + { + "name" : "104528", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/104528" } ] } diff --git a/2018/10xxx/CVE-2018-10594.json b/2018/10xxx/CVE-2018-10594.json index 59298d31307..6e8ec47046a 100644 --- a/2018/10xxx/CVE-2018-10594.json +++ b/2018/10xxx/CVE-2018-10594.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-172-01" } ] diff --git a/2018/12xxx/CVE-2018-12895.json b/2018/12xxx/CVE-2018-12895.json new file mode 100644 index 00000000000..49ef08ad522 --- /dev/null +++ b/2018/12xxx/CVE-2018-12895.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-12895", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the wp-includes/post.php wp_delete_attachment function. The attacker must have capabilities for files and posts that are normally available only to the Author, Editor, and Administrator roles. The attack methodology is to delete wp-config.php and then launch a new installation process to increase the attacker's privileges." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/", + "refsource" : "MISC", + "url" : "https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/" + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1374.json b/2018/1xxx/CVE-2018-1374.json index 479b96b6087..1be8c379cca 100644 --- a/2018/1xxx/CVE-2018-1374.json +++ b/2018/1xxx/CVE-2018-1374.json @@ -1,32 +1,9 @@ { - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", - "title" : "IBM Security Bulletin 2012982", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", - "refsource" : "CONFIRM" - }, - { - "name" : "ibm-websphere-cve20181374-dos(137775)", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775", - "title" : "X-Force Vulnerability Report", - "refsource" : "XF" - } - ] - }, - "data_format" : "MITRE", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } - ] - } - ] + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-06-22T00:00:00", + "ID" : "CVE-2018-1374", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -35,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "WebSphere MQ", "version" : { "version_data" : [ { @@ -134,8 +112,7 @@ "version_value" : "9.0.4" } ] - }, - "product_name" : "WebSphere MQ" + } } ] }, @@ -144,40 +121,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775.", - "lang" : "eng" + "lang" : "eng", + "value" : "An IBM WebSphere MQ (Maintenance levels 7.1.0.0 - 7.1.0.9, 7.5.0.0 - 7.5.0.8, 8.0.0.0 - 8.0.0.8, 9.0.0.0 - 9.0.0.2, and 9.0.0 - 9.0.4) client connecting to a Queue Manager could cause a SIGSEGV in the Channel process amqrmppa. IBM X-Force ID: 137775." } ] }, "impact" : { "cvssv3" : { "BM" : { - "I" : "N", - "UI" : "N", - "AC" : "H", - "PR" : "L", - "SCORE" : "5.300", "A" : "H", - "S" : "U", + "AC" : "H", + "AV" : "N", "C" : "N", - "AV" : "N" + "I" : "N", + "PR" : "L", + "S" : "U", + "SCORE" : "5.300", + "UI" : "N" }, "TM" : { "E" : "U", - "RL" : "O", - "RC" : "C" + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1374", - "DATE_PUBLIC" : "2018-06-22T00:00:00", - "STATE" : "PUBLIC" + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Denial of Service" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012982", + "refsource" : "CONFIRM", + "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg22012982" + }, + { + "name" : "ibm-websphere-cve20181374-dos(137775)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137775" + } + ] } } diff --git a/2018/1xxx/CVE-2018-1614.json b/2018/1xxx/CVE-2018-1614.json index d4c877ba3ac..4e5539967a6 100644 --- a/2018/1xxx/CVE-2018-1614.json +++ b/2018/1xxx/CVE-2018-1614.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-06-21T00:00:00", + "ID" : "CVE-2018-1614", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -6,6 +12,7 @@ "product" : { "product_data" : [ { + "product_name" : "WebSphere Application Server", "version" : { "version_data" : [ { @@ -21,8 +28,7 @@ "version_value" : "9.0" } ] - }, - "product_name" : "WebSphere Application Server" + } } ] }, @@ -31,69 +37,61 @@ ] } }, + "data_format" : "MITRE", "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270." + "value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using malformed SAML responses from the SAML identity provider could allow a remote attacker to obtain sensitive information. IBM X-Force ID: 144270." } ] }, "impact" : { "cvssv3" : { - "TM" : { - "RL" : "O", - "RC" : "C", - "E" : "U" - }, "BM" : { - "SCORE" : "5.800", - "S" : "C", "A" : "N", - "C" : "L", - "AV" : "N", - "I" : "N", - "UI" : "N", "AC" : "L", - "PR" : "N" + "AV" : "N", + "C" : "L", + "I" : "N", + "PR" : "N", + "S" : "C", + "SCORE" : "5.800", + "UI" : "N" + }, + "TM" : { + "E" : "U", + "RC" : "C", + "RL" : "O" } } }, - "data_version" : "4.0", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-06-21T00:00:00", - "ID" : "CVE-2018-1614" - }, - "references" : { - "reference_data" : [ - { - "refsource" : "CONFIRM", - "title" : "IBM Security Bulletin 2016887", - "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887", - "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887" - }, - { - "title" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144270", - "refsource" : "XF", - "name" : "ibm-websphere-cve20181614-info-disc(144270)" - } - ] - }, - "data_format" : "MITRE", "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887", + "refsource" : "CONFIRM", + "url" : "https://www-01.ibm.com/support/docview.wss?uid=swg22016887https://www-01.ibm.com/support/docview.wss?uid=swg22016887" + }, + { + "name" : "ibm-websphere-cve20181614-info-disc(144270)", + "refsource" : "XF", + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144270" + } + ] } }