From 1fb82782290eeedb6a5de01f508f691c24dc9f87 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 20 Jul 2018 13:04:22 -0400 Subject: [PATCH] - Synchronized data. --- 2014/2xxx/CVE-2014-2296.json | 53 ++++++++++++++++++++++++++-- 2014/4xxx/CVE-2014-4150.json | 63 ++++++++++++++++++++++++++++++++-- 2017/1xxx/CVE-2017-1633.json | 2 +- 2018/14xxx/CVE-2018-14473.json | 18 ++++++++++ 2018/1xxx/CVE-2018-1273.json | 5 +++ 5 files changed, 136 insertions(+), 5 deletions(-) create mode 100644 2018/14xxx/CVE-2018-14473.json diff --git a/2014/2xxx/CVE-2014-2296.json b/2014/2xxx/CVE-2014-2296.json index 5833e783df5..0726631f754 100644 --- a/2014/2xxx/CVE-2014-2296.json +++ b/2014/2xxx/CVE-2014-2296.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-2296", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "XML external entity (XXE) vulnerability in java/org/jasig/cas/util/SamlUtils.java in Jasig CAS server before 3.4.12.1 and 3.5.x before 3.5.2.1, when Google Accounts Integration is enabled, allows remote unauthenticated users to bypass authentication via crafted XML data." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[cas-dev] 20140401 CAS 3.5.2.1 and 3.4.12.1 Security Releases", + "refsource" : "MLIST", + "url" : "http://jasig.275507.n4.nabble.com/CAS-3-5-2-1-and-3-4-12-1-Security-Releases-td4662444.html" + }, + { + "name" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512", + "refsource" : "MISC", + "url" : "https://vigilance.fr/vulnerability/Jasig-CAS-Server-bypassing-authentication-via-Google-Accounts-Integration-14512" } ] } diff --git a/2014/4xxx/CVE-2014-4150.json b/2014/4xxx/CVE-2014-4150.json index 8ac9951770c..beb9c26f354 100644 --- a/2014/4xxx/CVE-2014-4150.json +++ b/2014/4xxx/CVE-2014-4150.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-4150", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,43 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "[oss-security] 20140613 Re: CVE request: scheme48: insecure use of temporary files in cmuscheme48.el", + "refsource" : "MLIST", + "url" : "http://www.openwall.com/lists/oss-security/2014/06/13/5" + }, + { + "name" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297", + "refsource" : "CONFIRM", + "url" : "http://www.s48.org/cgi-bin/hgwebdir.cgi/s48/rev/a44624256297" + }, + { + "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766", + "refsource" : "CONFIRM", + "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748766" + }, + { + "name" : "67654", + "refsource" : "BID", + "url" : "http://www.securityfocus.com/bid/67654" } ] } diff --git a/2017/1xxx/CVE-2017-1633.json b/2017/1xxx/CVE-2017-1633.json index 788cebf42d7..0b3abdd9a71 100644 --- a/2017/1xxx/CVE-2017-1633.json +++ b/2017/1xxx/CVE-2017-1633.json @@ -53,7 +53,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated to attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180." + "value" : "IBM Sterling B2B Integrator 5.2 through 5.2.6 could allow an authenticated attacker to obtain sensitive variable name information using specially crafted HTTP requests. IBM X-Force ID: 133180." } ] }, diff --git a/2018/14xxx/CVE-2018-14473.json b/2018/14xxx/CVE-2018-14473.json new file mode 100644 index 00000000000..f83d7c049f2 --- /dev/null +++ b/2018/14xxx/CVE-2018-14473.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14473", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/1xxx/CVE-2018-1273.json b/2018/1xxx/CVE-2018-1273.json index e42ab542d44..0bfbe93c278 100644 --- a/2018/1xxx/CVE-2018-1273.json +++ b/2018/1xxx/CVE-2018-1273.json @@ -53,6 +53,11 @@ }, "references" : { "reference_data" : [ + { + "name" : "[ignite-dev] 20180719 [CVE-2018-1273] Apache Ignite impacted by security vulnerability in Spring Data Commons", + "refsource" : "MLIST", + "url" : "http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E" + }, { "name" : "https://pivotal.io/security/cve-2018-1273", "refsource" : "CONFIRM",