diff --git a/2015/0xxx/CVE-2015-0270.json b/2015/0xxx/CVE-2015-0270.json index 1c3631669f7..cc218773940 100644 --- a/2015/0xxx/CVE-2015-0270.json +++ b/2015/0xxx/CVE-2015-0270.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2015-0270", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Zend Framework", + "version": { + "version_data": [ + { + "version_value": "before 2.2.10 and 2.3.x before 2.3.5" + } + ] + } + } + ] + }, + "vendor_name": "Zend" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\\Db adapter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://framework.zend.com/security/advisory/ZF2015-02", + "refsource": "MISC", + "name": "https://framework.zend.com/security/advisory/ZF2015-02" } ] } diff --git a/2016/5xxx/CVE-2016-5202.json b/2016/5xxx/CVE-2016-5202.json index 1d92775cc68..c3f5f8f16ee 100644 --- a/2016/5xxx/CVE-2016-5202.json +++ b/2016/5xxx/CVE-2016-5202.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "security@google.com", "ID": "CVE-2016-5202", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_value": "before 54.0.2840.100" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "incorrect erase operation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=658106#c36", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=658106#c36" + }, + { + "url": "https://chromiumcodereview.appspot.com/2436403003", + "refsource": "MISC", + "name": "https://chromiumcodereview.appspot.com/2436403003" + }, + { + "url": "https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html", + "refsource": "MISC", + "name": "https://chromereleases.googleblog.com/2016/11/stable-channel-update-for-desktop_9.html" + }, + { + "url": "https://crbug.com/662843", + "refsource": "MISC", + "name": "https://crbug.com/662843" + }, + { + "url": "https://crbug.com/656073", + "refsource": "MISC", + "name": "https://crbug.com/656073" } ] }