diff --git a/2018/10xxx/CVE-2018-10925.json b/2018/10xxx/CVE-2018-10925.json index 222c9ab699c..8a7fba6c5ee 100644 --- a/2018/10xxx/CVE-2018-10925.json +++ b/2018/10xxx/CVE-2018-10925.json @@ -1,86 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-10925", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "PostgreSQL Global Development Group", - "product": { - "product_data": [ - { - "product_name": "postgresql", - "version": { - "version_data": [ - { - "version_value": "10.5" - }, - { - "version_value": "9.6.10" - }, - { - "version_value": "9.5.14" - }, - { - "version_value": "9.4.19" - }, - { - "version_value": "9.3.24" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-10925", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "postgresql", + "version" : { + "version_data" : [ + { + "version_value" : "10.5" + }, + { + "version_value" : "9.6.10" + }, + { + "version_value" : "9.5.14" + }, + { + "version_value" : "9.4.19" + }, + { + "version_value" : "9.3.24" + } + ] + } + } + ] + }, + "vendor_name" : "PostgreSQL Global Development Group" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-863" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-863" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://www.postgresql.org/about/news/1878/" - }, - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with \"INSERT ... ON CONFLICT DO UPDATE\". An attacker with \"CREATE TABLE\" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain \"INSERT\" and limited \"UPDATE\" privileges to a particular table, they could exploit this to update other columns in the same table." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10925" + }, + { + "name" : "https://www.postgresql.org/about/news/1878/", + "refsource" : "CONFIRM", + "url" : "https://www.postgresql.org/about/news/1878/" + } + ] + } } diff --git a/2018/7xxx/CVE-2018-7686.json b/2018/7xxx/CVE-2018-7686.json index d7b82a50f7d..2dccca2d0cb 100644 --- a/2018/7xxx/CVE-2018-7686.json +++ b/2018/7xxx/CVE-2018-7686.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@suse.com", "ID" : "CVE-2018-7686", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Information leakage vulnerability in NetIQ eDirectory before 9.1.1 HF1 due to shared memory usage." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html", + "refsource" : "MISC", + "url" : "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html" } ] } diff --git a/2018/7xxx/CVE-2018-7692.json b/2018/7xxx/CVE-2018-7692.json index 404d1ef1151..e5bfc790cf6 100644 --- a/2018/7xxx/CVE-2018-7692.json +++ b/2018/7xxx/CVE-2018-7692.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@suse.com", "ID" : "CVE-2018-7692", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unvalidated redirect vulnerability in in NetIQ eDirectory before 9.1.1 HF1." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html", + "refsource" : "MISC", + "url" : "https://www.netiq.com/documentation/edirectory-91/edirectory9111_releasenotes/data/edirectory9111_releasenotes.html" } ] }