From 6bcf80040357752a50a653571ea11031cd9f4294 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 26 Jul 2018 12:04:37 -0400 Subject: [PATCH] - Synchronized data. --- 2017/12xxx/CVE-2017-12163.json | 163 +++++++++++++++++---------------- 2017/12xxx/CVE-2017-12164.json | 142 ++++++++++++++-------------- 2017/7xxx/CVE-2017-7509.json | 137 +++++++++++++-------------- 3 files changed, 226 insertions(+), 216 deletions(-) diff --git a/2017/12xxx/CVE-2017-12163.json b/2017/12xxx/CVE-2017-12163.json index 40e73b24c89..f93d007f965 100644 --- a/2017/12xxx/CVE-2017-12163.json +++ b/2017/12xxx/CVE-2017-12163.json @@ -1,83 +1,86 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-12163", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Samba", - "product": { - "product_data": [ - { - "product_name": "Samba", - "version": { - "version_data": [ - { - "version_value": "4.7" - }, - { - "version_value": "4.6.8" - }, - { - "version_value": "4.5.14" - }, - { - "version_value": "4.4.16" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2017-12163", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Samba", + "version" : { + "version_data" : [ + { + "version_value" : "4.7" + }, + { + "version_value" : "4.6.8" + }, + { + "version_value" : "4.5.14" + }, + { + "version_value" : "4.4.16" + } + ] + } + } + ] + }, + "vendor_name" : "Samba" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.1/CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-200" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-200" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.samba.org/samba/security/CVE-2017-12163.html" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.7, 4.6.8, 4.5.14 and 4.4.16. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.1/CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163" + }, + { + "name" : "https://www.samba.org/samba/security/CVE-2017-12163.html", + "refsource" : "CONFIRM", + "url" : "https://www.samba.org/samba/security/CVE-2017-12163.html" + } + ] + } } diff --git a/2017/12xxx/CVE-2017-12164.json b/2017/12xxx/CVE-2017-12164.json index 6696b19603f..7996e1a5357 100644 --- a/2017/12xxx/CVE-2017-12164.json +++ b/2017/12xxx/CVE-2017-12164.json @@ -1,71 +1,77 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-12164", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "GNOME", - "product": { - "product_data": [ - { - "product_name": "gdm", - "version": { - "version_data": [ - { - "version_value": "3.24.1" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2017-12164", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "gdm", + "version" : { + "version_data" : [ + { + "version_value" : "3.24.1" + } + ] + } + } + ] + }, + "vendor_name" : "GNOME" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "4.1/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-592" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-592" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "A flaw was discovered in the gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enable for a victim, an attacker could simply select 'login as another user' to unlock their screen." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "4.1/CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164" + }, + { + "name" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", + "refsource" : "CONFIRM", + "url" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28" + } + ] + } } diff --git a/2017/7xxx/CVE-2017-7509.json b/2017/7xxx/CVE-2017-7509.json index a9d64a70239..a1cc6c4e210 100644 --- a/2017/7xxx/CVE-2017-7509.json +++ b/2017/7xxx/CVE-2017-7509.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2017-7509", - "ASSIGNER": "anemec@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Red Hat", - "product": { - "product_data": [ - { - "product_name": "Certificate System", - "version": { - "version_data": [ - { - "version_value": "pki-common-8.1.20-1" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "anemec@redhat.com", + "ID" : "CVE-2017-7509", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Certificate System", + "version" : { + "version_data" : [ + { + "version_value" : "pki-common-8.1.20-1" + } + ] + } + } + ] + }, + "vendor_name" : "Red Hat" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "An input validation error was found in Red Hat Certificate System's handling of client provided certificates before 8.1.20-1. If the certreq field is not present in a certificate an assertion error is triggered causing a denial of service." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "3.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7509" + } + ] + } }