- Synchronized data.

2018/10xxx/CVE-2018-10191.json

@@ -2,7 +2,30 @@
    "CVE_data_meta" : {
       "ASSIGNER" : "cve@mitre.org",
       "ID" : "CVE-2018-10191",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,33 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "In versions of mruby up to and including 1.4.0, an integer overflow exists in src/vm.c::mrb_vm_exec() when handling OP_GETUPVAR in the presence of deep scope nesting, resulting in a use-after-free. An attacker that can cause Ruby code to be run can use this to possibly execute arbitrary code."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626",
+            "refsource" : "MISC",
+            "url" : "https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626"
+         },
+         {
+            "name" : "https://github.com/mruby/mruby/issues/3995",
+            "refsource" : "MISC",
+            "url" : "https://github.com/mruby/mruby/issues/3995"
          }
       ]
    }

2018/10xxx/CVE-2018-10192.json

@@ -0,0 +1,62 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-10192",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the \"connect\" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md",
+            "refsource" : "MISC",
+            "url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md"
+         }
+      ]
+   }
+}

2018/7xxx/CVE-2018-7506.json

@@ -35,7 +35,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "The private key of the web server in Moxa Mxview 2.8 and earlier is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
+            "value" : "The private key of the web server in Moxa MXview versions 2.8 and prior is able to be read and accessed via an HTTP GET request, which may allow a remote attacker to decrypt encrypted information."
          }
       ]
    },
@@ -54,7 +54,14 @@
    "references" : {
       "reference_data" : [
          {
+            "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02",
+            "refsource" : "MISC",
             "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-095-02"
+         },
+         {
+            "name" : "103722",
+            "refsource" : "BID",
+            "url" : "http://www.securityfocus.com/bid/103722"
          }
       ]
    }

2018/8xxx/CVE-2018-8838.json

@@ -54,6 +54,8 @@
    "references" : {
       "reference_data" : [
          {
+            "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01",
+            "refsource" : "MISC",
             "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-102-01"
          }
       ]

2018/9xxx/CVE-2018-9145.json

@@ -34,7 +34,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "In Exiv2 0.26, there is a reachable assertion abort in the function Exiv2::DataBuf::DataBuf at include/exiv2/types.hpp."
+            "value" : "In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an issue exists in the constructor with an initial buffer size. A large size value may lead to a SIGABRT during an attempt at memory allocation. NOTE: some third parties have been unable to reproduce the SIGABRT when using the 4-DataBuf-abort-1 PoC file."
          }
       ]
    },
@@ -52,6 +52,16 @@
    },
    "references" : {
       "reference_data" : [
+         {
+            "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1087879",
+            "refsource" : "MISC",
+            "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1087879"
+         },
+         {
+            "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1564281",
+            "refsource" : "MISC",
+            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1564281"
+         },
          {
             "name" : "https://github.com/xiaoqx/pocs/tree/master/exiv2",
             "refsource" : "MISC",