From 71695cccb6b88370b6488ab8e61b4005e3da3923 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 4 May 2018 13:04:00 -0400 Subject: [PATCH] - Synchronized data. --- 2018/10xxx/CVE-2018-10734.json | 18 ++++++++++ 2018/10xxx/CVE-2018-10735.json | 18 ++++++++++ 2018/10xxx/CVE-2018-10736.json | 18 ++++++++++ 2018/10xxx/CVE-2018-10737.json | 18 ++++++++++ 2018/10xxx/CVE-2018-10738.json | 18 ++++++++++ 2018/10xxx/CVE-2018-10739.json | 62 ++++++++++++++++++++++++++++++++++ 2018/10xxx/CVE-2018-10740.json | 18 ++++++++++ 2018/7xxx/CVE-2018-7522.json | 6 +++- 2018/8xxx/CVE-2018-8853.json | 9 ++++- 2018/8xxx/CVE-2018-8857.json | 9 ++++- 2018/8xxx/CVE-2018-8861.json | 9 ++++- 2018/8xxx/CVE-2018-8865.json | 4 ++- 2018/8xxx/CVE-2018-8869.json | 4 ++- 2018/8xxx/CVE-2018-8872.json | 6 +++- 14 files changed, 210 insertions(+), 7 deletions(-) create mode 100644 2018/10xxx/CVE-2018-10734.json create mode 100644 2018/10xxx/CVE-2018-10735.json create mode 100644 2018/10xxx/CVE-2018-10736.json create mode 100644 2018/10xxx/CVE-2018-10737.json create mode 100644 2018/10xxx/CVE-2018-10738.json create mode 100644 2018/10xxx/CVE-2018-10739.json create mode 100644 2018/10xxx/CVE-2018-10740.json diff --git a/2018/10xxx/CVE-2018-10734.json b/2018/10xxx/CVE-2018-10734.json new file mode 100644 index 00000000000..eb45b6b19f2 --- /dev/null +++ b/2018/10xxx/CVE-2018-10734.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10734", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10735.json b/2018/10xxx/CVE-2018-10735.json new file mode 100644 index 00000000000..f87be87c192 --- /dev/null +++ b/2018/10xxx/CVE-2018-10735.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10735", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10736.json b/2018/10xxx/CVE-2018-10736.json new file mode 100644 index 00000000000..7df68658aee --- /dev/null +++ b/2018/10xxx/CVE-2018-10736.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10736", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10737.json b/2018/10xxx/CVE-2018-10737.json new file mode 100644 index 00000000000..80382a03dbe --- /dev/null +++ b/2018/10xxx/CVE-2018-10737.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10737", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10738.json b/2018/10xxx/CVE-2018-10738.json new file mode 100644 index 00000000000..722ebd1a377 --- /dev/null +++ b/2018/10xxx/CVE-2018-10738.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10738", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10739.json b/2018/10xxx/CVE-2018-10739.json new file mode 100644 index 00000000000..695dd20ce1b --- /dev/null +++ b/2018/10xxx/CVE-2018-10739.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10739", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in Shanghai 2345 Security Guard 3.7.0. 2345MPCSafe.exe allows local users to bypass intended process protections, and consequently terminate process, because WM_SYSCOMMAND is not properly considered." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/rebol0x6c/2345_wm_syscommand", + "refsource" : "MISC", + "url" : "https://github.com/rebol0x6c/2345_wm_syscommand" + } + ] + } +} diff --git a/2018/10xxx/CVE-2018-10740.json b/2018/10xxx/CVE-2018-10740.json new file mode 100644 index 00000000000..90f3620aacc --- /dev/null +++ b/2018/10xxx/CVE-2018-10740.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-10740", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/7xxx/CVE-2018-7522.json b/2018/7xxx/CVE-2018-7522.json index c01fd5d8788..0cf8d4b182a 100644 --- a/2018/7xxx/CVE-2018-7522.json +++ b/2018/7xxx/CVE-2018-7522.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "When a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states." + "value" : "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, when a system call is made, registers are stored to a fixed memory location. Modifying the data in this location could allow attackers to gain supervisor-level access and control system states." } ] }, @@ -54,9 +54,13 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02" }, { + "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/", + "refsource" : "CONFIRM", "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/" } ] diff --git a/2018/8xxx/CVE-2018-8853.json b/2018/8xxx/CVE-2018-8853.json index 7a590dbc065..c301a64a369 100644 --- a/2018/8xxx/CVE-2018-8853.json +++ b/2018/8xxx/CVE-2018-8853.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system." + "value" : "Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01" + }, + { + "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource" : "CONFIRM", + "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" } ] } diff --git a/2018/8xxx/CVE-2018-8857.json b/2018/8xxx/CVE-2018-8857.json index 2e8920a417c..d9090dc7ed7 100644 --- a/2018/8xxx/CVE-2018-8857.json +++ b/2018/8xxx/CVE-2018-8857.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Philips Brilliance CT software contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system." + "value" : "Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01" + }, + { + "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource" : "CONFIRM", + "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" } ] } diff --git a/2018/8xxx/CVE-2018-8861.json b/2018/8xxx/CVE-2018-8861.json index 903fa7aee7f..f6aa2e1d9f2 100644 --- a/2018/8xxx/CVE-2018-8861.json +++ b/2018/8xxx/CVE-2018-8861.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Vulnerabilities within the Brilliance CT kiosk environment could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system." + "value" : "Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01" + }, + { + "name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security", + "refsource" : "CONFIRM", + "url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security" } ] } diff --git a/2018/8xxx/CVE-2018-8865.json b/2018/8xxx/CVE-2018-8865.json index e87e0a4d86c..942943b1d05 100644 --- a/2018/8xxx/CVE-2018-8865.json +++ b/2018/8xxx/CVE-2018-8865.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value" : "In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01" } ] diff --git a/2018/8xxx/CVE-2018-8869.json b/2018/8xxx/CVE-2018-8869.json index fa8a4420795..add7a97b332 100644 --- a/2018/8xxx/CVE-2018-8869.json +++ b/2018/8xxx/CVE-2018-8869.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value" : "In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." } ] }, @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01" } ] diff --git a/2018/8xxx/CVE-2018-8872.json b/2018/8xxx/CVE-2018-8872.json index 1f1ddd766d9..31185b45cc1 100644 --- a/2018/8xxx/CVE-2018-8872.json +++ b/2018/8xxx/CVE-2018-8872.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "System calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory." + "value" : "In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywhere within memory." } ] }, @@ -54,9 +54,13 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-02" }, { + "name" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/", + "refsource" : "CONFIRM", "url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-347-01/" } ]