diff --git a/2017/16xxx/CVE-2017-16818.json b/2017/16xxx/CVE-2017-16818.json new file mode 100644 index 00000000000..7893105bf1e --- /dev/null +++ b/2017/16xxx/CVE-2017-16818.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-16818", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2017/16xxx/CVE-2017-16819.json b/2017/16xxx/CVE-2017-16819.json new file mode 100644 index 00000000000..11c40913f4d --- /dev/null +++ b/2017/16xxx/CVE-2017-16819.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-16819", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2017/16xxx/CVE-2017-16820.json b/2017/16xxx/CVE-2017-16820.json new file mode 100644 index 00000000000..27ee32e12ab --- /dev/null +++ b/2017/16xxx/CVE-2017-16820.json @@ -0,0 +1,69 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-16820", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.debian.org/881757" + }, + { + "url" : "https://github.com/collectd/collectd/commit/d16c24542b2f96a194d43a73c2e5778822b9cb47" + }, + { + "url" : "https://github.com/collectd/collectd/issues/2291" + }, + { + "url" : "https://github.com/collectd/collectd/releases/tag/collectd-5.6.3" + } + ] + } +} diff --git a/2017/3xxx/CVE-2017-3891.json b/2017/3xxx/CVE-2017-3891.json index 78c8bfdef40..4b4ee95ad5f 100644 --- a/2017/3xxx/CVE-2017-3891.json +++ b/2017/3xxx/CVE-2017-3891.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node." + "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an elevation of privilege vulnerability in the default configuration of the QNX SDP with QNet enabled on networks comprising two or more QNet nodes could allow an attacker to access local and remote files or take ownership of files on other QNX nodes regardless of permissions by executing commands targeting arbitrary nodes from a secondary QNX 6.6.0 QNet node." } ] }, diff --git a/2017/3xxx/CVE-2017-3892.json b/2017/3xxx/CVE-2017-3892.json index 1db680bc327..27ab017cf1f 100644 --- a/2017/3xxx/CVE-2017-3892.json +++ b/2017/3xxx/CVE-2017-3892.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources." + "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout that could be used in a blended attack by executing commands targeting procfs resources." } ] }, diff --git a/2017/3xxx/CVE-2017-3893.json b/2017/3xxx/CVE-2017-3893.json index aef175d8aeb..c1828b2dd6f 100644 --- a/2017/3xxx/CVE-2017-3893.json +++ b/2017/3xxx/CVE-2017-3893.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks." + "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks." } ] }, diff --git a/2017/9xxx/CVE-2017-9369.json b/2017/9xxx/CVE-2017-9369.json index 01b11bfdd79..f166fc368ae 100644 --- a/2017/9xxx/CVE-2017-9369.json +++ b/2017/9xxx/CVE-2017-9369.json @@ -38,7 +38,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "An information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader." + "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader." } ] }, diff --git a/2017/9xxx/CVE-2017-9371.json b/2017/9xxx/CVE-2017-9371.json index d615b4a6ff5..eee0db49fbc 100644 --- a/2017/9xxx/CVE-2017-9371.json +++ b/2017/9xxx/CVE-2017-9371.json @@ -38,7 +38,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "A loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation." + "value" : "In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, a loss of integrity vulnerability in the default configuration of the QNX SDP could allow an attacker being able to reduce the entropy of the PRNG, making other blended attacks more practical by gaining control over environmental factors that influence seed generation." } ] },