diff --git a/2017/15xxx/CVE-2017-15864.json b/2017/15xxx/CVE-2017-15864.json index 0777009977c..c4224638b72 100644 --- a/2017/15xxx/CVE-2017-15864.json +++ b/2017/15xxx/CVE-2017-15864.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-15864", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x through 3.3.18, with a crafted URL it is possible to gain information like database user and password." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/" } ] } diff --git a/2017/15xxx/CVE-2017-15953.json b/2017/15xxx/CVE-2017-15953.json index 286d0be9d89..573a9a9a8e3 100644 --- a/2017/15xxx/CVE-2017-15953.json +++ b/2017/15xxx/CVE-2017-15953.json @@ -55,6 +55,9 @@ { "url" : "https://github.com/extramaster/bchunk/issues/2" }, + { + "url" : "https://github.com/hessu/bchunk/issues/1" + }, { "url" : "https://www.debian.org/security/2017/dsa-4026" } diff --git a/2017/15xxx/CVE-2017-15954.json b/2017/15xxx/CVE-2017-15954.json index 5fcbe3fa0de..60dbb5830b6 100644 --- a/2017/15xxx/CVE-2017-15954.json +++ b/2017/15xxx/CVE-2017-15954.json @@ -55,6 +55,9 @@ { "url" : "https://github.com/extramaster/bchunk/issues/3" }, + { + "url" : "https://github.com/hessu/bchunk/issues/1" + }, { "url" : "https://www.debian.org/security/2017/dsa-4026" } diff --git a/2017/15xxx/CVE-2017-15955.json b/2017/15xxx/CVE-2017-15955.json index ffbb4437124..31d2eb14437 100644 --- a/2017/15xxx/CVE-2017-15955.json +++ b/2017/15xxx/CVE-2017-15955.json @@ -55,6 +55,9 @@ { "url" : "https://github.com/extramaster/bchunk/issues/4" }, + { + "url" : "https://github.com/hessu/bchunk/issues/2" + }, { "url" : "https://www.debian.org/security/2017/dsa-4026" } diff --git a/2017/16xxx/CVE-2017-16560.json b/2017/16xxx/CVE-2017-16560.json index fe1c3a73bc4..f5479082389 100644 --- a/2017/16xxx/CVE-2017-16560.json +++ b/2017/16xxx/CVE-2017-16560.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-16560", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "SanDisk Secure Access 3.01 vault decrypts and copies encrypted files to a temporary folder, where they can remain indefinitely in certain situations, such as if the file is being edited when the user exits the application or if the application crashes." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://medium.com/@esterling_/cve-2017-16560-sandisk-secure-access-leaves-plain-text-copies-of-files-on-disk-4eabeca6bdbc" } ] } diff --git a/2017/16xxx/CVE-2017-16777.json b/2017/16xxx/CVE-2017-16777.json index 1a04eaf6c88..e6fd86aead5 100644 --- a/2017/16xxx/CVE-2017-16777.json +++ b/2017/16xxx/CVE-2017-16777.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-16777", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html" } ] } diff --git a/2017/16xxx/CVE-2017-16807.json b/2017/16xxx/CVE-2017-16807.json index 23f33b722b5..46420012775 100644 --- a/2017/16xxx/CVE-2017-16807.json +++ b/2017/16xxx/CVE-2017-16807.json @@ -55,6 +55,9 @@ { "url" : "https://www.exploit-db.com/exploits/43140/" }, + { + "url" : "https://packetstormsecurity.com/files/144965/KirbyCMS-Cross-Site-Scripting.html" + }, { "url" : "https://getkirby.com/changelog/kirby-2-5-7" } diff --git a/2017/16xxx/CVE-2017-16844.json b/2017/16xxx/CVE-2017-16844.json new file mode 100644 index 00000000000..4d36e200baf --- /dev/null +++ b/2017/16xxx/CVE-2017-16844.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-16844", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511" + } + ] + } +}