diff --git a/2017/15xxx/CVE-2017-15139.json b/2017/15xxx/CVE-2017-15139.json index dff93b1a033..590bd7c1afb 100644 --- a/2017/15xxx/CVE-2017-15139.json +++ b/2017/15xxx/CVE-2017-15139.json @@ -1,74 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-15139", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "OpenStack Foundation", - "product": { - "product_data": [ - { - "product_name": "openstack-cinder", - "version": { - "version_data": [ - { - "version_value": "up to and including Queens" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2017-15139", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "openstack-cinder", + "version" : { + "version_data" : [ + { + "version_value" : "up to and including Queens" + } + ] + } + } + ] + }, + "vendor_name" : "OpenStack Foundation" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "5.1/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://wiki.openstack.org/wiki/OSSN/OSSN-0084" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "5.1/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", + "refsource" : "MISC", + "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084" + }, + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139" + } + ] + } } diff --git a/2018/15xxx/CVE-2018-15908.json b/2018/15xxx/CVE-2018-15908.json index 94c4174c05d..b35ef3efa8f 100644 --- a/2018/15xxx/CVE-2018-15908.json +++ b/2018/15xxx/CVE-2018-15908.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15908", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3", + "refsource" : "MISC", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3" + }, + { + "name" : "https://www.kb.cert.org/vuls/id/332928", + "refsource" : "MISC", + "url" : "https://www.kb.cert.org/vuls/id/332928" } ] } diff --git a/2018/15xxx/CVE-2018-15909.json b/2018/15xxx/CVE-2018-15909.json index 40cb37d6e96..9fd6a176420 100644 --- a/2018/15xxx/CVE-2018-15909.json +++ b/2018/15xxx/CVE-2018-15909.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15909", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially execute code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b", + "refsource" : "MISC", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b" + }, + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6", + "refsource" : "MISC", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6" + }, + { + "name" : "https://www.kb.cert.org/vuls/id/332928", + "refsource" : "MISC", + "url" : "https://www.kb.cert.org/vuls/id/332928" } ] } diff --git a/2018/15xxx/CVE-2018-15910.json b/2018/15xxx/CVE-2018-15910.json index 3bc67c9754d..6bbe4647571 100644 --- a/2018/15xxx/CVE-2018-15910.json +++ b/2018/15xxx/CVE-2018-15910.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-15910", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,33 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In Artifex Ghostscript 9.23 before 2018-08-23, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880", + "refsource" : "MISC", + "url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880" + }, + { + "name" : "https://www.kb.cert.org/vuls/id/332928", + "refsource" : "MISC", + "url" : "https://www.kb.cert.org/vuls/id/332928" } ] }