- Synchronized data.

2025-07-29 05:56:59 +00:00 · 2018-06-04 10:03:10 -04:00 · 2018-06-04 10:03:10 -04:00 · 914a67ccb1
commit 914a67ccb1
parent 581a88b0fe
6 changed files with 224 additions and 2 deletions
--- a/2018/10xxx/CVE-2018-10611.json
+++ b/2018/10xxx/CVE-2018-10611.json
@ -35,7 +35,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.."
+            "value" : "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services."
         }
      ]
   },
@ -54,7 +54,14 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
+            "refsource" : "MISC",
            "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
+         },
+         {
+            "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
+            "refsource" : "CONFIRM",
+            "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
         }
      ]
   }
--- a/2018/10xxx/CVE-2018-10613.json
+++ b/2018/10xxx/CVE-2018-10613.json
@ -54,7 +54,14 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
+            "refsource" : "MISC",
            "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
+         },
+         {
+            "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
+            "refsource" : "CONFIRM",
+            "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
         }
      ]
   }
--- a/2018/10xxx/CVE-2018-10615.json
+++ b/2018/10xxx/CVE-2018-10615.json
@ -35,7 +35,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise host platform."
+            "value" : "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform."
         }
      ]
   },
@ -54,7 +54,14 @@
   "references" : {
      "reference_data" : [
         {
+            "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02",
+            "refsource" : "MISC",
            "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02"
+         },
+         {
+            "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1",
+            "refsource" : "CONFIRM",
+            "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1"
         }
      ]
   }
--- a/2018/11xxx/CVE-2018-11712.json
+++ b/2018/11xxx/CVE-2018-11712.json
@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11712",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://bugs.webkit.org/show_bug.cgi?id=184804",
+            "refsource" : "MISC",
+            "url" : "https://bugs.webkit.org/show_bug.cgi?id=184804"
+         },
+         {
+            "name" : "https://trac.webkit.org/changeset/230886/webkit",
+            "refsource" : "MISC",
+            "url" : "https://trac.webkit.org/changeset/230886/webkit"
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11713.json
+++ b/2018/11xxx/CVE-2018-11713.json
@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11713",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://bugs.webkit.org/show_bug.cgi?id=126384",
+            "refsource" : "MISC",
+            "url" : "https://bugs.webkit.org/show_bug.cgi?id=126384"
+         },
+         {
+            "name" : "https://trac.webkit.org/changeset/228088/webkit",
+            "refsource" : "MISC",
+            "url" : "https://trac.webkit.org/changeset/228088/webkit"
+         }
+      ]
+   }
+}
--- a/2018/11xxx/CVE-2018-11714.json
+++ b/2018/11xxx/CVE-2018-11714.json
@ -0,0 +1,67 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-11714",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of \"Referer: http://192.168.0.1/mainFrame.htm\" then no authentication is required for any action."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "44781",
+            "refsource" : "EXPLOIT-DB",
+            "url" : "https://www.exploit-db.com/exploits/44781/"
+         },
+         {
+            "name" : "http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/",
+            "refsource" : "MISC",
+            "url" : "http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/"
+         }
+      ]
+   }
+}