diff --git a/2018/10xxx/CVE-2018-10611.json b/2018/10xxx/CVE-2018-10611.json index ffda7c10b0d..ffd9dc90580 100644 --- a/2018/10xxx/CVE-2018-10611.json +++ b/2018/10xxx/CVE-2018-10611.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services.." + "value" : "Java remote method invocation (RMI) input port in GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior may be exploited to allow unauthenticated users to launch applications and support remote code execution through web services." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02" + }, + { + "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1", + "refsource" : "CONFIRM", + "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1" } ] } diff --git a/2018/10xxx/CVE-2018-10613.json b/2018/10xxx/CVE-2018-10613.json index 1c9286640d4..37c8a716ee1 100644 --- a/2018/10xxx/CVE-2018-10613.json +++ b/2018/10xxx/CVE-2018-10613.json @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02" + }, + { + "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1", + "refsource" : "CONFIRM", + "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1" } ] } diff --git a/2018/10xxx/CVE-2018-10615.json b/2018/10xxx/CVE-2018-10615.json index f401d259732..d498122f89f 100644 --- a/2018/10xxx/CVE-2018-10615.json +++ b/2018/10xxx/CVE-2018-10615.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise host platform." + "value" : "Directory traversal may lead to files being exfiltrated or deleted on the GE MDS PulseNET and MDS PulseNET Enterprise version 3.2.1 and prior host platform." } ] }, @@ -54,7 +54,14 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-02" + }, + { + "name" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1", + "refsource" : "CONFIRM", + "url" : "http://www.gegridsolutions.com/app/DownloadFile.aspx?prod=pulsenet&type=9&file=1" } ] } diff --git a/2018/11xxx/CVE-2018-11712.json b/2018/11xxx/CVE-2018-11712.json new file mode 100644 index 00000000000..176046beef9 --- /dev/null +++ b/2018/11xxx/CVE-2018-11712.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11712", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.webkit.org/show_bug.cgi?id=184804", + "refsource" : "MISC", + "url" : "https://bugs.webkit.org/show_bug.cgi?id=184804" + }, + { + "name" : "https://trac.webkit.org/changeset/230886/webkit", + "refsource" : "MISC", + "url" : "https://trac.webkit.org/changeset/230886/webkit" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11713.json b/2018/11xxx/CVE-2018-11713.json new file mode 100644 index 00000000000..934e8e10180 --- /dev/null +++ b/2018/11xxx/CVE-2018-11713.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11713", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to use system proxy settings for WebSocket connections. As a result, users could be deanonymized by crafted web sites via a WebSocket connection." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugs.webkit.org/show_bug.cgi?id=126384", + "refsource" : "MISC", + "url" : "https://bugs.webkit.org/show_bug.cgi?id=126384" + }, + { + "name" : "https://trac.webkit.org/changeset/228088/webkit", + "refsource" : "MISC", + "url" : "https://trac.webkit.org/changeset/228088/webkit" + } + ] + } +} diff --git a/2018/11xxx/CVE-2018-11714.json b/2018/11xxx/CVE-2018-11714.json new file mode 100644 index 00000000000..5c05162d74f --- /dev/null +++ b/2018/11xxx/CVE-2018-11714.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-11714", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused by improper session handling on the /cgi/ folder or a /cgi file. If an attacker sends a header of \"Referer: http://192.168.0.1/mainFrame.htm\" then no authentication is required for any action." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "44781", + "refsource" : "EXPLOIT-DB", + "url" : "https://www.exploit-db.com/exploits/44781/" + }, + { + "name" : "http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/", + "refsource" : "MISC", + "url" : "http://blog.securelayer7.net/time-to-disable-tp-link-home-wifi-router/" + } + ] + } +}