From 594b3686ead207f61dfceb61fef51206c82fa955 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 24 Jan 2018 22:03:20 -0500 Subject: [PATCH] - Synchronized data. --- 2017/15xxx/CVE-2017-15546.json | 48 +++++++++++++++++++++++-- 2018/5xxx/CVE-2018-5443.json | 48 +++++++++++++++++++++++-- 2018/5xxx/CVE-2018-5445.json | 48 +++++++++++++++++++++++-- 2018/6xxx/CVE-2018-6196.json | 63 ++++++++++++++++++++++++++++++++ 2018/6xxx/CVE-2018-6197.json | 63 ++++++++++++++++++++++++++++++++ 2018/6xxx/CVE-2018-6198.json | 66 ++++++++++++++++++++++++++++++++++ 6 files changed, 327 insertions(+), 9 deletions(-) create mode 100644 2018/6xxx/CVE-2018-6196.json create mode 100644 2018/6xxx/CVE-2018-6197.json create mode 100644 2018/6xxx/CVE-2018-6198.json diff --git a/2017/15xxx/CVE-2017-15546.json b/2017/15xxx/CVE-2017-15546.json index 7e904f4665e..56ca9cb4bec 100644 --- a/2017/15xxx/CVE-2017-15546.json +++ b/2017/15xxx/CVE-2017-15546.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security_alert@emc.com", "ID" : "CVE-2017-15546", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "EMC RSA Authentication Manager 8.2 SP1 P6 and earlier", + "version" : { + "version_data" : [ + { + "version_value" : "EMC RSA Authentication Manager 8.2 SP1 P6 and earlier" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and earlier is affected by a blind SQL injection vulnerability. Authenticated malicious users could potentially exploit this vulnerability to read any unencrypted data from the database." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "SQL Injection Vulnerability" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Jan/81" } ] } diff --git a/2018/5xxx/CVE-2018-5443.json b/2018/5xxx/CVE-2018-5443.json index 6e822db833f..2750e7b6f20 100644 --- a/2018/5xxx/CVE-2018-5443.json +++ b/2018/5xxx/CVE-2018-5443.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", "ID" : "CVE-2018-5443", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess/SCADA", + "version" : { + "version_data" : [ + { + "version_value" : "Advantech WebAccess/SCADA" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-89" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01" } ] } diff --git a/2018/5xxx/CVE-2018-5445.json b/2018/5xxx/CVE-2018-5445.json index eee709870a2..3955c1b1833 100644 --- a/2018/5xxx/CVE-2018-5445.json +++ b/2018/5xxx/CVE-2018-5445.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", "ID" : "CVE-2018-5445", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Advantech WebAccess/SCADA", + "version" : { + "version_data" : [ + { + "version_value" : "Advantech WebAccess/SCADA" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A Path Traversal issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. An attacker has read access to files within the directory structure of the target device." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-22" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-023-01" } ] } diff --git a/2018/6xxx/CVE-2018-6196.json b/2018/6xxx/CVE-2018-6196.json new file mode 100644 index 00000000000..7a1b8919af4 --- /dev/null +++ b/2018/6xxx/CVE-2018-6196.json @@ -0,0 +1,63 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-6196", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "w3m through 0.5.3 is prone to an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92" + }, + { + "url" : "https://github.com/tats/w3m/issues/88" + } + ] + } +} diff --git a/2018/6xxx/CVE-2018-6197.json b/2018/6xxx/CVE-2018-6197.json new file mode 100644 index 00000000000..f3d8645323a --- /dev/null +++ b/2018/6xxx/CVE-2018-6197.json @@ -0,0 +1,63 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-6197", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "w3m through 0.5.3 is prone to a NULL pointer dereference flaw in formUpdateBuffer in form.c." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8" + }, + { + "url" : "https://github.com/tats/w3m/issues/89" + } + ] + } +} diff --git a/2018/6xxx/CVE-2018-6198.json b/2018/6xxx/CVE-2018-6198.json new file mode 100644 index 00000000000..f1a057965ce --- /dev/null +++ b/2018/6xxx/CVE-2018-6198.json @@ -0,0 +1,66 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-6198", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "w3m through 0.5.3 does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.debian.org/888097" + }, + { + "url" : "https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753" + }, + { + "url" : "https://salsa.debian.org/debian/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753" + } + ] + } +}