From 78a5ad1b5c7cc4028215063b64419a76d5a1f042 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 8 Jan 2018 14:04:21 -0500 Subject: [PATCH] - Synchronized data. --- 2013/4xxx/CVE-2013-4364.json | 46 ++++++++++++++++++++- 2014/1xxx/CVE-2014-1858.json | 73 +++++++++++++++++++++++++++++++++- 2014/1xxx/CVE-2014-1859.json | 73 +++++++++++++++++++++++++++++++++- 2014/2xxx/CVE-2014-2071.json | 46 ++++++++++++++++++++- 2014/3xxx/CVE-2014-3607.json | 58 ++++++++++++++++++++++++++- 2014/4xxx/CVE-2014-4972.json | 49 ++++++++++++++++++++++- 2014/5xxx/CVE-2014-5069.json | 46 ++++++++++++++++++++- 2014/5xxx/CVE-2014-5071.json | 46 ++++++++++++++++++++- 2014/5xxx/CVE-2014-5334.json | 52 +++++++++++++++++++++++- 2014/5xxx/CVE-2014-5394.json | 52 +++++++++++++++++++++++- 2014/5xxx/CVE-2014-5509.json | 55 ++++++++++++++++++++++++- 2014/7xxx/CVE-2014-7221.json | 58 ++++++++++++++++++++++++++- 2014/7xxx/CVE-2014-7222.json | 58 ++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2318.json | 67 ++++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2319.json | 67 ++++++++++++++++++++++++++++++- 2015/2xxx/CVE-2015-2320.json | 64 ++++++++++++++++++++++++++++- 2017/15xxx/CVE-2017-15883.json | 49 ++++++++++++++++++++++- 2017/7xxx/CVE-2017-7997.json | 49 ++++++++++++++++++++++- 2017/7xxx/CVE-2017-7998.json | 49 ++++++++++++++++++++++- 2018/5xxx/CVE-2018-5299.json | 18 +++++++++ 2018/5xxx/CVE-2018-5300.json | 18 +++++++++ 21 files changed, 1055 insertions(+), 38 deletions(-) create mode 100644 2018/5xxx/CVE-2018-5299.json create mode 100644 2018/5xxx/CVE-2018-5300.json diff --git a/2013/4xxx/CVE-2013-4364.json b/2013/4xxx/CVE-2013-4364.json index d999f109a2a..dd3936acca2 100644 --- a/2013/4xxx/CVE-2013-4364.json +++ b/2013/4xxx/CVE-2013-4364.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2013-4364", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "(1) oo-analytics-export and (2) oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1009734" } ] } diff --git a/2014/1xxx/CVE-2014-1858.json b/2014/1xxx/CVE-2014-1858.json index f87b4e8e74c..7023d8c97c3 100644 --- a/2014/1xxx/CVE-2014-1858.json +++ b/2014/1xxx/CVE-2014-1858.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-1858", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,53 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3" + }, + { + "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" + }, + { + "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" + }, + { + "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" + }, + { + "url" : "https://github.com/numpy/numpy/pull/4262" + }, + { + "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" + }, + { + "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" + }, + { + "url" : "http://www.securityfocus.com/bid/65441" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91318" } ] } diff --git a/2014/1xxx/CVE-2014-1859.json b/2014/1xxx/CVE-2014-1859.json index 40b036cc1fa..757a39c3cad 100644 --- a/2014/1xxx/CVE-2014-1859.json +++ b/2014/1xxx/CVE-2014-1859.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-1859", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,53 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink attack on a temporary file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2014/02/08/3" + }, + { + "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1062009" + }, + { + "url" : "https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst" + }, + { + "url" : "https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15" + }, + { + "url" : "https://github.com/numpy/numpy/pull/4262" + }, + { + "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html" + }, + { + "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html" + }, + { + "url" : "http://www.securityfocus.com/bid/65440" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91317" } ] } diff --git a/2014/2xxx/CVE-2014-2071.json b/2014/2xxx/CVE-2014-2071.json index 3b5a37b086f..a8ce5813ecb 100644 --- a/2014/2xxx/CVE-2014-2071.json +++ b/2014/2xxx/CVE-2014-2071.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-2071", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows remote authenticated users to gain privileges by advertising independent inner and outer identities within a tunneled EAP method." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.arubanetworks.com/assets/alert/aid-050214.asc" } ] } diff --git a/2014/3xxx/CVE-2014-3607.json b/2014/3xxx/CVE-2014-3607.json index 2eb1935c038..485e4b75991 100644 --- a/2014/3xxx/CVE-2014-3607.json +++ b/2014/3xxx/CVE-2014-3607.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-3607", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://shibboleth.net/community/advisories/secadv_20140919.txt" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1140438" + }, + { + "url" : "https://code.google.com/archive/p/vt-middleware/issues/226" + }, + { + "url" : "https://code.google.com/archive/p/vt-middleware/issues/227" + }, + { + "url" : "https://code.google.com/archive/p/vt-middleware/issues/228" } ] } diff --git a/2014/4xxx/CVE-2014-4972.json b/2014/4xxx/CVE-2014-4972.json index 159aada0278..4765140b09b 100644 --- a/2014/4xxx/CVE-2014-4972.json +++ b/2014/4xxx/CVE-2014-4972.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-4972", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unrestricted file upload vulnerability in the Gravity Upload Ajax plugin 1.1 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under wp-content/uploads/gravity_forms." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://g0blin.co.uk/cve-2014-4972/" + }, + { + "url" : "https://wpvulndb.com/vulnerabilities/8232" } ] } diff --git a/2014/5xxx/CVE-2014-5069.json b/2014/5xxx/CVE-2014-5069.json index 54b950a1c2f..57bd68e8924 100644 --- a/2014/5xxx/CVE-2014-5069.json +++ b/2014/5xxx/CVE-2014-5069.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-5069", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5069/" } ] } diff --git a/2014/5xxx/CVE-2014-5071.json b/2014/5xxx/CVE-2014-5071.json index ab10471d9ee..fdf1d62f9d7 100644 --- a/2014/5xxx/CVE-2014-5071.json +++ b/2014/5xxx/CVE-2014-5071.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-5071", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote attackers to execute arbitrary SQL commands via vectors involving a username." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-5071/" } ] } diff --git a/2014/5xxx/CVE-2014-5334.json b/2014/5xxx/CVE-2014-5334.json index b48544de61f..b0a27e6aed2 100644 --- a/2014/5xxx/CVE-2014-5334.json +++ b/2014/5xxx/CVE-2014-5334.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-5334", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,32 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "FreeNAS before 9.3-M3 has a blank admin password, which allows remote attackers to gain root privileges by leveraging a WebGui login." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2014/08/19/2" + }, + { + "url" : "https://bugs.freenas.org/issues/5844" + }, + { + "url" : "http://www.securityfocus.com/bid/69249" } ] } diff --git a/2014/5xxx/CVE-2014-5394.json b/2014/5xxx/CVE-2014-5394.json index 98e670897d4..f330cb73ad8 100644 --- a/2014/5xxx/CVE-2014-5394.json +++ b/2014/5xxx/CVE-2014-5394.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-5394", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,32 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple Huawei Campus switches allow remote attackers to enumerate usernames via vectors involving use of SSH by the maintenance terminal." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.huawei.com/us/psirt/security-advisories/2014/hw-362701" + }, + { + "url" : "http://www.securityfocus.com/bid/69302" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/97763" } ] } diff --git a/2014/5xxx/CVE-2014-5509.json b/2014/5xxx/CVE-2014-5509.json index cdef49f738c..bed6482ef95 100644 --- a/2014/5xxx/CVE-2014-5509.json +++ b/2014/5xxx/CVE-2014-5509.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-5509", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,35 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2014/08/30/2" + }, + { + "url" : "https://rt.cpan.org/Public/Bug/Display.html?id=98435" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1135624" + }, + { + "url" : "http://www.securityfocus.com/bid/69473" } ] } diff --git a/2014/7xxx/CVE-2014-7221.json b/2014/7xxx/CVE-2014-7221.json index d791443d1cf..044eac60b6a 100644 --- a/2014/7xxx/CVE-2014-7221.json +++ b/2014/7xxx/CVE-2014-7221.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-7221", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (buffer overflow and application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab containing [img]//http:// substrings." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905" + }, + { + "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt" + }, + { + "url" : "https://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html" + }, + { + "url" : "http://www.securityfocus.com/bid/70219" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96889" } ] } diff --git a/2014/7xxx/CVE-2014-7222.json b/2014/7xxx/CVE-2014-7222.json index 652d3ffd0cd..13950a8c316 100644 --- a/2014/7xxx/CVE-2014-7222.json +++ b/2014/7xxx/CVE-2014-7222.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-7222", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\\\ (backslash) characters, a digit, a \\ (backslash) character, and \"z\" in a series of nested img BBCODE tags." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://packetstormsecurity.com/files/128571/TeamSpeak-Client-3.0.14-Buffer-Overflow.html" + }, + { + "url" : "http://r4p3.net/forum/reverse-engineering/38/teamspeak-3-exploit-bb-code-freeze-crash-not-responding/905/" + }, + { + "url" : "http://r4p3.net/public/ts3bbcodefreeze.txt" + }, + { + "url" : "http://www.securityfocus.com/bid/70219" + }, + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/96890" } ] } diff --git a/2015/2xxx/CVE-2015-2318.json b/2015/2xxx/CVE-2015-2318.json index da3f2bc4682..190b15044e7 100644 --- a/2015/2xxx/CVE-2015-2318.json +++ b/2015/2xxx/CVE-2015-2318.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-2318", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,47 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9" + }, + { + "url" : "https://mitls.org/pages/attacks/SMACK#skip" + }, + { + "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869" + }, + { + "url" : "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4" + }, + { + "url" : "https://www.debian.org/security/2015/dsa-3202" + }, + { + "url" : "http://www.ubuntu.com/usn/USN-2547-1" + }, + { + "url" : "http://www.securityfocus.com/bid/73253" } ] } diff --git a/2015/2xxx/CVE-2015-2319.json b/2015/2xxx/CVE-2015-2319.json index a89ae13f8f0..b14071c32ab 100644 --- a/2015/2xxx/CVE-2015-2319.json +++ b/2015/2xxx/CVE-2015-2319.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-2319", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,47 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9" + }, + { + "url" : "https://mitls.org/pages/attacks/SMACK#freak" + }, + { + "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869" + }, + { + "url" : "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10" + }, + { + "url" : "https://www.debian.org/security/2015/dsa-3202" + }, + { + "url" : "http://www.ubuntu.com/usn/USN-2547-1" + }, + { + "url" : "http://www.securityfocus.com/bid/73250" } ] } diff --git a/2015/2xxx/CVE-2015-2320.json b/2015/2xxx/CVE-2015-2320.json index bff77fe6dfa..8ff946a92b6 100644 --- a/2015/2xxx/CVE-2015-2320.json +++ b/2015/2xxx/CVE-2015-2320.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-2320", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,44 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://www.openwall.com/lists/oss-security/2015/03/17/9" + }, + { + "url" : "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability/" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202869" + }, + { + "url" : "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b" + }, + { + "url" : "https://www.debian.org/security/2015/dsa-3202" + }, + { + "url" : "http://www.ubuntu.com/usn/USN-2547-1" + }, + { + "url" : "http://www.securityfocus.com/bid/73256" } ] } diff --git a/2017/15xxx/CVE-2017-15883.json b/2017/15xxx/CVE-2017-15883.json index b8a3791de67..ee36103267c 100644 --- a/2017/15xxx/CVE-2017-15883.json +++ b/2017/15xxx/CVE-2017-15883.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-15883", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/" + }, + { + "url" : "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883" } ] } diff --git a/2017/7xxx/CVE-2017-7997.json b/2017/7xxx/CVE-2017-7997.json index 8f43d0dca09..d939d390980 100644 --- a/2017/7xxx/CVE-2017-7997.json +++ b/2017/7xxx/CVE-2017-7997.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-7997", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Jan/14" + }, + { + "url" : "https://sysdream.com/news/lab/2018-01-02-cve-2017-7997-gespage-sql-injection-vulnerability/" } ] } diff --git a/2017/7xxx/CVE-2017-7998.json b/2017/7xxx/CVE-2017-7998.json index de9892b4be7..2ed9f15a0d9 100644 --- a/2017/7xxx/CVE-2017-7998.json +++ b/2017/7xxx/CVE-2017-7998.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-7998", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Gespage before 7.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) printer name when adding a printer in the admin panel or (2) username parameter to webapp/users/user_reg.jsp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Jan/13" + }, + { + "url" : "https://sysdream.com/news/lab/2018-01-02-cve-2017-7998-gespage-stored-cross-site-scripting-xss-vulnerability/" } ] } diff --git a/2018/5xxx/CVE-2018-5299.json b/2018/5xxx/CVE-2018-5299.json new file mode 100644 index 00000000000..d5c0c7fa32c --- /dev/null +++ b/2018/5xxx/CVE-2018-5299.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-5299", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/5xxx/CVE-2018-5300.json b/2018/5xxx/CVE-2018-5300.json new file mode 100644 index 00000000000..279168f6ef4 --- /dev/null +++ b/2018/5xxx/CVE-2018-5300.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-5300", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}