diff --git a/2017/14xxx/CVE-2017-14875.json b/2017/14xxx/CVE-2017-14875.json index 5983802cbf8..3db47d70879 100644 --- a/2017/14xxx/CVE-2017-14875.json +++ b/2017/14xxx/CVE-2017-14875.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14876.json b/2017/14xxx/CVE-2017-14876.json index 237ff9137b1..170a2c9bc5f 100644 --- a/2017/14xxx/CVE-2017-14876.json +++ b/2017/14xxx/CVE-2017-14876.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14877.json b/2017/14xxx/CVE-2017-14877.json index 15b200ff615..3fda7f12477 100644 --- a/2017/14xxx/CVE-2017-14877.json +++ b/2017/14xxx/CVE-2017-14877.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14881.json b/2017/14xxx/CVE-2017-14881.json index 26cb24e5268..b92cbc42fbb 100644 --- a/2017/14xxx/CVE-2017-14881.json +++ b/2017/14xxx/CVE-2017-14881.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14883.json b/2017/14xxx/CVE-2017-14883.json index 9f9b3775f2e..a7fec31a324 100644 --- a/2017/14xxx/CVE-2017-14883.json +++ b/2017/14xxx/CVE-2017-14883.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14891.json b/2017/14xxx/CVE-2017-14891.json index eaf982bce5b..93981dbef22 100644 --- a/2017/14xxx/CVE-2017-14891.json +++ b/2017/14xxx/CVE-2017-14891.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/14xxx/CVE-2017-14892.json b/2017/14xxx/CVE-2017-14892.json index 19b01f2a241..65b1115f789 100644 --- a/2017/14xxx/CVE-2017-14892.json +++ b/2017/14xxx/CVE-2017-14892.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/15xxx/CVE-2017-15823.json b/2017/15xxx/CVE-2017-15823.json index f7c87ef6471..8821ebd3d96 100644 --- a/2017/15xxx/CVE-2017-15823.json +++ b/2017/15xxx/CVE-2017-15823.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=49c1ce19c8a4689c33e6e8f17ab77d77fae6ff93" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/15xxx/CVE-2017-15826.json b/2017/15xxx/CVE-2017-15826.json index f1c73d73d36..aa3df004c80 100644 --- a/2017/15xxx/CVE-2017-15826.json +++ b/2017/15xxx/CVE-2017-15826.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=5ac3e9d038a7ee7edf77dde2dffae6f8ba528848" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/15xxx/CVE-2017-15846.json b/2017/15xxx/CVE-2017-15846.json index fe3584f9f19..5a0d741e619 100644 --- a/2017/15xxx/CVE-2017-15846.json +++ b/2017/15xxx/CVE-2017-15846.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9fdbd92ec9196ba3629f68f4c22342aa6eedc960" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9fdbd92ec9196ba3629f68f4c22342aa6eedc960" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/15xxx/CVE-2017-15859.json b/2017/15xxx/CVE-2017-15859.json index 48bf91f444b..0c2027f346d 100644 --- a/2017/15xxx/CVE-2017-15859.json +++ b/2017/15xxx/CVE-2017-15859.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=88dcc44ea8fbe158d1dee3ea197e47794bf4449d" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/16xxx/CVE-2017-16614.json b/2017/16xxx/CVE-2017-16614.json index 3b6f098b2a0..a2be6632fbb 100644 --- a/2017/16xxx/CVE-2017-16614.json +++ b/2017/16xxx/CVE-2017-16614.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-16614", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the plugins/payment/weixin/lib/WxPay.tedatac.php fBill parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Mar/77" } ] } diff --git a/2017/17xxx/CVE-2017-17766.json b/2017/17xxx/CVE-2017-17766.json index 470b0803504..404e1a6cde8 100644 --- a/2017/17xxx/CVE-2017-17766.json +++ b/2017/17xxx/CVE-2017-17766.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a37d8a78f5bd0e9a2c91de46721a6d80bd229a43" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/17xxx/CVE-2017-17771.json b/2017/17xxx/CVE-2017-17771.json index 5ee7da3bd53..1c795bd3dd6 100644 --- a/2017/17xxx/CVE-2017-17771.json +++ b/2017/17xxx/CVE-2017-17771.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a452045792bc09548b4e1b940aa8adfed822b51c" }, { - "url" : "https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a452045792bc09548b4e1b940aa8adfed822b51c" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2017/9xxx/CVE-2017-9692.json b/2017/9xxx/CVE-2017-9692.json index 6fa25c7ab11..7d95569e95f 100644 --- a/2017/9xxx/CVE-2017-9692.json +++ b/2017/9xxx/CVE-2017-9692.json @@ -53,14 +53,14 @@ }, "references" : { "reference_data" : [ - { - "url" : "https://www.codeaurora.org/security-bulletin/2018/02/16/february-2018-code-aurora-security-bulletin" - }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=061556e74a08f89f04b3da30119029ca3fd87ad8" }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=ef8e3cd4588b5ae71b73a3aca751d59e882e6748" + }, + { + "url" : "https://www.codeaurora.org/security-bulletin/2018/02/16/february-2018-code-aurora-security-bulletin" } ] } diff --git a/2017/9xxx/CVE-2017-9693.json b/2017/9xxx/CVE-2017-9693.json index c0272837eb1..bc2fcd3084d 100644 --- a/2017/9xxx/CVE-2017-9693.json +++ b/2017/9xxx/CVE-2017-9693.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05a5abb21e4d97001f77d344444a3ec2f9c275f9" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05a5abb21e4d97001f77d344444a3ec2f9c275f9" + "url" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" } ] } diff --git a/2017/9xxx/CVE-2017-9694.json b/2017/9xxx/CVE-2017-9694.json index 9185b17dd04..60eb2d28dd3 100644 --- a/2017/9xxx/CVE-2017-9694.json +++ b/2017/9xxx/CVE-2017-9694.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" + "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef" }, { - "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1e47d44de7bab5500d27f17ae5c4ebebc7d2b4ef" + "url" : "https://www.codeaurora.org/security-bulletin/2017/10/20/october-2017-v1" } ] } diff --git a/2017/9xxx/CVE-2017-9723.json b/2017/9xxx/CVE-2017-9723.json index 7d10e3933ba..3fe70fa0dbc 100644 --- a/2017/9xxx/CVE-2017-9723.json +++ b/2017/9xxx/CVE-2017-9723.json @@ -54,10 +54,10 @@ "references" : { "reference_data" : [ { - "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" + "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e83ebd2098009b0d336ffab11e00f739902bd5d9" }, { - "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e83ebd2098009b0d336ffab11e00f739902bd5d9" + "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" } ] } diff --git a/2018/1xxx/CVE-2018-1232.json b/2018/1xxx/CVE-2018-1232.json index ec25fc267a8..ed669db45c4 100644 --- a/2018/1xxx/CVE-2018-1232.json +++ b/2018/1xxx/CVE-2018-1232.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "RSA Authentication Agent for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation." + "value" : "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the authentication agent and cause a denial-of-service situation." } ] }, diff --git a/2018/1xxx/CVE-2018-1233.json b/2018/1xxx/CVE-2018-1233.json index 0a65fc1b06e..d24dc88472f 100644 --- a/2018/1xxx/CVE-2018-1233.json +++ b/2018/1xxx/CVE-2018-1233.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "RSA Authentication Agent for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website." + "value" : "RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. The attackers could potentially exploit this vulnerability to execute arbitrary HTML or JavaScript code in the user's browser session in the context of the affected website." } ] }, diff --git a/2018/1xxx/CVE-2018-1234.json b/2018/1xxx/CVE-2018-1234.json index df618471767..219bc5fcd0e 100644 --- a/2018/1xxx/CVE-2018-1234.json +++ b/2018/1xxx/CVE-2018-1234.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "RSA Authentication Agent for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent." + "value" : "RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is affected by a problem where access control list (ACL) permissions on a Windows Named Pipe were not sufficient to prevent access by unauthorized users. The attacker with local access to the system can exploit this vulnerability to read configuration properties for the authentication agent." } ] }, diff --git a/2018/5xxx/CVE-2018-5708.json b/2018/5xxx/CVE-2018-5708.json index 39f69a0ea21..65396817153 100644 --- a/2018/5xxx/CVE-2018-5708.json +++ b/2018/5xxx/CVE-2018-5708.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-5708", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on the same local network as, but being unauthenticated to, the administrator's panel, a user can obtain the admin username and cleartext password in the response (specifically, the configuration file restore_default), which is displayed in XML." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Mar/66" } ] } diff --git a/2018/7xxx/CVE-2018-7171.json b/2018/7xxx/CVE-2018-7171.json index 1840013f0ec..a8cf1145150 100644 --- a/2018/7xxx/CVE-2018-7171.json +++ b/2018/7xxx/CVE-2018-7171.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7171", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html" + }, + { + "url" : "https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py" } ] } diff --git a/2018/7xxx/CVE-2018-7203.json b/2018/7xxx/CVE-2018-7203.json index 76ba1761371..f89aff16164 100644 --- a/2018/7xxx/CVE-2018-7203.json +++ b/2018/7xxx/CVE-2018-7203.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7203", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html" } ] } diff --git a/2018/7xxx/CVE-2018-7566.json b/2018/7xxx/CVE-2018-7566.json index 6f505fd2340..a46e990576f 100644 --- a/2018/7xxx/CVE-2018-7566.json +++ b/2018/7xxx/CVE-2018-7566.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-7566", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,35 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://mailman.alsa-project.org/pipermail/alsa-devel/2018-February/132026.html" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1550142" + }, + { + "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d15d662e89fc667b90cd294b0eb45694e33144da" + }, + { + "url" : "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00067.html" } ] }