- Synchronized data.

2018/1000xxx/CVE-2018-1000802.json

@@ -1 +1,80 @@
-{"data_version": "4.0","references": {"reference_data": [{"url": "https://bugs.python.org/issue34540"},{"url": "https://github.com/python/cpython/pull/8985"},{"url": "https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace"},{"url": "https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig"}]},"description": {"description_data": [{"lang": "eng","value": "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace."}]},"data_type": "CVE","affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "2.7"}]},"product_name": "Python (CPython)"}]},"vendor_name": "Python Software Foundation"}]}},"CVE_data_meta": {"DATE_ASSIGNED": "2018-09-14T14:17:47.506460","DATE_REQUESTED": "2018-08-30T11:34:18","ID": "CVE-2018-1000802","ASSIGNER": "kurt@seifried.org","REQUESTER": "kochukov.ma@gmail.com"},"data_format": "MITRE","problemtype": {"problemtype_data": [{"description": [{"lang": "eng","value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}]}}
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "kurt@seifried.org",
+      "DATE_ASSIGNED" : "2018-09-14T14:17:47.506460",
+      "DATE_REQUESTED" : "2018-08-30T11:34:18",
+      "ID" : "CVE-2018-1000802",
+      "REQUESTER" : "kochukov.ma@gmail.com",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Python (CPython)",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "2.7"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Python Software Foundation"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig",
+            "refsource" : "MISC",
+            "url" : "https://mega.nz/#!JUFiCC4R!mq-jQ8ySFwIhX6WMDujaZuNBfttDVt7DETlfOIQE1ig"
+         },
+         {
+            "name" : "https://bugs.python.org/issue34540",
+            "refsource" : "CONFIRM",
+            "url" : "https://bugs.python.org/issue34540"
+         },
+         {
+            "name" : "https://github.com/python/cpython/pull/8985",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/python/cpython/pull/8985"
+         },
+         {
+            "name" : "https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/python/cpython/pull/8985/commits/add531a1e55b0a739b0f42582f1c9747e5649ace"
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17170.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17170",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17171.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17171",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17172.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17172",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17173.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17173",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17174.json

@@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17174",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}

2018/17xxx/CVE-2018-17175.json

@@ -0,0 +1,72 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-17175",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "In the marshmallow library before 2.15.1 and 3.x before 3.0.0b9 for Python, the schema \"only\" option treats an empty list as implying no \"only\" option, which allows a request that was intended to expose no fields to instead expose all fields (if the schema is being filtered dynamically using the \"only\" option, and there is a user role that produces an empty value for \"only\")."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://github.com/marshmallow-code/marshmallow/issues/772",
+            "refsource" : "MISC",
+            "url" : "https://github.com/marshmallow-code/marshmallow/issues/772"
+         },
+         {
+            "name" : "https://github.com/marshmallow-code/marshmallow/pull/777",
+            "refsource" : "MISC",
+            "url" : "https://github.com/marshmallow-code/marshmallow/pull/777"
+         },
+         {
+            "name" : "https://github.com/marshmallow-code/marshmallow/pull/782",
+            "refsource" : "MISC",
+            "url" : "https://github.com/marshmallow-code/marshmallow/pull/782"
+         }
+      ]
+   }
+}