From b302ebede7e21d7e4f76b10021aa013285110c41 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 Dec 2017 12:04:35 -0500 Subject: [PATCH] - Synchronized data. --- 2016/6xxx/CVE-2016-6914.json | 52 ++++++++++++++++++++++++++++++++-- 2017/13xxx/CVE-2017-13056.json | 46 ++++++++++++++++++++++++++++-- 2017/16xxx/CVE-2017-16768.json | 48 +++++++++++++++++++++++++++++-- 2017/16xxx/CVE-2017-16953.json | 3 ++ 4 files changed, 142 insertions(+), 7 deletions(-) diff --git a/2016/6xxx/CVE-2016-6914.json b/2016/6xxx/CVE-2016-6914.json index 4ef45837b55..4bd915b8ab5 100644 --- a/2016/6xxx/CVE-2016-6914.json +++ b/2016/6xxx/CVE-2016-6914.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2016-6914", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,32 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2017/Dec/83" + }, + { + "url" : "http://packetstormsecurity.com/files/145533/Ubiquiti-UniFi-Video-3.7.3-Windows-Local-Privilege-Escalation.html" + }, + { + "url" : "https://hackerone.com/reports/140793" } ] } diff --git a/2017/13xxx/CVE-2017-13056.json b/2017/13xxx/CVE-2017-13056.json index 28f4d694830..9a8ba95f4c0 100644 --- a/2017/13xxx/CVE-2017-13056.json +++ b/2017/13xxx/CVE-2017-13056.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-13056", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html" } ] } diff --git a/2017/16xxx/CVE-2017-16768.json b/2017/16xxx/CVE-2017-16768.json index dca55f33a7d..6183dbbdc68 100644 --- a/2017/16xxx/CVE-2017-16768.json +++ b/2017/16xxx/CVE-2017-16768.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "security@synology.com", "ID" : "CVE-2017-16768", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_81" } ] } diff --git a/2017/16xxx/CVE-2017-16953.json b/2017/16xxx/CVE-2017-16953.json index 5f0f5f4a684..c0d94bc9294 100644 --- a/2017/16xxx/CVE-2017-16953.json +++ b/2017/16xxx/CVE-2017-16953.json @@ -57,6 +57,9 @@ }, { "url" : "http://packetstormsecurity.com/files/145121/ZTE-ZXDSL-831-Unauthorized-Configuration-Access-Bypass.html" + }, + { + "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008762" } ] }