diff --git a/2016/2xxx/CVE-2016-2125.json b/2016/2xxx/CVE-2016-2125.json index 4669974366e..926938cc04d 100644 --- a/2016/2xxx/CVE-2016-2125.json +++ b/2016/2xxx/CVE-2016-2125.json @@ -1,86 +1,89 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2016-2125", - "ASSIGNER": "lpardo@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "[UNKNOWN]", - "product": { - "product_data": [ - { - "product_name": "samba", - "version": { - "version_data": [ - { - "version_value": "4.5.3" - }, - { - "version_value": "4.4.8" - }, - { - "version_value": "4.3.13" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "lpardo@redhat.com", + "ID" : "CVE-2016-2125", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "samba", + "version" : { + "version_data" : [ + { + "version_value" : "4.5.3" + }, + { + "version_value" : "4.4.8" + }, + { + "version_value" : "4.3.13" + } + ] + } + } + ] + }, + "vendor_name" : "[UNKNOWN]" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "6.4/CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version" : "3.0" + } + ], + [ + { + "vectorString" : "4.3/AV:A/AC:M/Au:N/C:P/I:P/A:N", + "version" : "2.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-287" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-287" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125", - "refsource": "CONFIRM" - }, - { - "url": "https://www.samba.org/samba/security/CVE-2016-2125.html" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.4/CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", - "version": "3.0" - } - ], - [ - { - "vectorString": "4.3/AV:A/AC:M/Au:N/C:P/I:P/A:N", - "version": "2.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2125" + }, + { + "name" : "https://www.samba.org/samba/security/CVE-2016-2125.html", + "refsource" : "CONFIRM", + "url" : "https://www.samba.org/samba/security/CVE-2016-2125.html" + } + ] + } } diff --git a/2018/11xxx/CVE-2018-11759.json b/2018/11xxx/CVE-2018-11759.json index a0a80d38800..3636adf36a3 100644 --- a/2018/11xxx/CVE-2018-11759.json +++ b/2018/11xxx/CVE-2018-11759.json @@ -53,6 +53,8 @@ "references" : { "reference_data" : [ { + "name" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E", + "refsource" : "MISC", "url" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E" } ] diff --git a/2018/14xxx/CVE-2018-14661.json b/2018/14xxx/CVE-2018-14661.json index 31acba7e949..b03a67f5b0e 100644 --- a/2018/14xxx/CVE-2018-14661.json +++ b/2018/14xxx/CVE-2018-14661.json @@ -1,71 +1,72 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2018-14661", - "ASSIGNER": "psampaio@redhat.com" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "The Gluster Project", - "product": { - "product_data": [ - { - "product_name": "glusterfs-server", - "version": { - "version_data": [ - { - "version_value": "3.8.4" - } - ] - } - } - ] - } - } + "CVE_data_meta" : { + "ASSIGNER" : "psampaio@redhat.com", + "ID" : "CVE-2018-14661", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "glusterfs-server", + "version" : { + "version_data" : [ + { + "version_value" : "3.8.4" + } + ] + } + } + ] + }, + "vendor_name" : "The Gluster Project" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." + } + ] + }, + "impact" : { + "cvss" : [ + [ + { + "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version" : "3.0" + } + ] + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-20" + } ] - } - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-20" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661", - "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661", - "refsource": "CONFIRM" - } - ] - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "It was found that usage of snprintf function in feature/locks translator of glusterfs server 3.8.4, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service." - } - ] - }, - "impact": { - "cvss": [ - [ - { - "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version": "3.0" - } - ] - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661", + "refsource" : "CONFIRM", + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14661" + } + ] + } }