From 22e174a4266f11a775bb675db90a6f7a34f564c5 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 6 Mar 2018 17:05:17 -0500 Subject: [PATCH] - Synchronized data. --- 2016/5xxx/CVE-2016-5179.json | 52 +++++++++++++++++++++++++-- 2016/7xxx/CVE-2016-7443.json | 46 ++++++++++++++++++++++-- 2017/11xxx/CVE-2017-11649.json | 46 ++++++++++++++++++++++-- 2017/11xxx/CVE-2017-11650.json | 46 ++++++++++++++++++++++-- 2018/7xxx/CVE-2018-7738.json | 66 ++++++++++++++++++++++++++++++++++ 2018/7xxx/CVE-2018-7739.json | 60 +++++++++++++++++++++++++++++++ 6 files changed, 308 insertions(+), 8 deletions(-) create mode 100644 2018/7xxx/CVE-2018-7738.json create mode 100644 2018/7xxx/CVE-2018-7739.json diff --git a/2016/5xxx/CVE-2016-5179.json b/2016/5xxx/CVE-2016-5179.json index cd1ec4c96d2..eea7b297c97 100644 --- a/2016/5xxx/CVE-2016-5179.json +++ b/2016/5xxx/CVE-2016-5179.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2016-5179", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,32 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=649039" + }, + { + "url" : "https://chromereleases.googleblog.com/2016/09/stable-channel-updates-for-chrome-os.html" + }, + { + "url" : "http://www.securityfocus.com/bid/93260" } ] } diff --git a/2016/7xxx/CVE-2016-7443.json b/2016/7xxx/CVE-2016-7443.json index 3bb8e3bf58f..82fe47c74e3 100644 --- a/2016/7xxx/CVE-2016-7443.json +++ b/2016/7xxx/CVE-2016-7443.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2016-7443", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have unspecified impact via vectors related to \"uploading files to wrong location.\"" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/exponentcms/exponent-cms/releases/tag/v2.4.0" } ] } diff --git a/2017/11xxx/CVE-2017-11649.json b/2017/11xxx/CVE-2017-11649.json index b94e524d353..ecfa3be5bda 100644 --- a/2017/11xxx/CVE-2017-11649.json +++ b/2017/11xxx/CVE-2017-11649.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-11649", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html" } ] } diff --git a/2017/11xxx/CVE-2017-11650.json b/2017/11xxx/CVE-2017-11650.json index 8f9ecf9c9f6..20e0ca61d71 100644 --- a/2017/11xxx/CVE-2017-11650.json +++ b/2017/11xxx/CVE-2017-11650.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-11650", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html" } ] } diff --git a/2018/7xxx/CVE-2018-7738.json b/2018/7xxx/CVE-2018-7738.json new file mode 100644 index 00000000000..12b417908d2 --- /dev/null +++ b/2018/7xxx/CVE-2018-7738.json @@ -0,0 +1,66 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-7738", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.debian.org/892179" + }, + { + "url" : "https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55" + }, + { + "url" : "https://github.com/karelzak/util-linux/issues/539" + } + ] + } +} diff --git a/2018/7xxx/CVE-2018-7739.json b/2018/7xxx/CVE-2018-7739.json new file mode 100644 index 00000000000..6c7137c41d9 --- /dev/null +++ b/2018/7xxx/CVE-2018-7739.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-7739", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://blog.codecatoctin.com/2018/02/antman-authentication-bypass.html" + } + ] + } +}