- Synchronized data.

2025-06-08 22:18:26 +00:00 · 2019-01-16 15:05:38 -05:00 · 2019-01-16 15:05:38 -05:00 · b6a704aa3b
commit b6a704aa3b
parent 3772227d7b
20 changed files with 1150 additions and 1168 deletions
--- a/2016/9xxx/CVE-2016-9778.json
+++ b/2016/9xxx/CVE-2016-9778.json
@ -37,7 +37,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value": "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service.  A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes.\n\nPlease note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND.  Redirection using zones of type \"redirect\" is not affected by this vulnerability.  Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1."
+            "value" : "An error in handling certain queries can cause an assertion failure when a server is using the nxdomain-redirect feature to cover a zone for which it is also providing authoritative service. A vulnerable server could be intentionally stopped by an attacker if it was using a configuration that met the criteria for the vulnerability and if the attacker could cause it to accept a query that possessed the required attributes. Please note: This vulnerability affects the \"nxdomain-redirect\" feature, which is one of two methods of handling NXDOMAIN redirection, and is only available in certain versions of BIND. Redirection using zones of type \"redirect\" is not affected by this vulnerability. Affects BIND 9.9.8-S1 -> 9.9.8-S3, 9.9.9-S1 -> 9.9.9-S6, 9.11.0-9.11.0-P1."
         }
      ]
   },
@ -94,4 +94,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3135.json
+++ b/2017/3xxx/CVE-2017-3135.json
@ -106,4 +106,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3136.json
+++ b/2017/3xxx/CVE-2017-3136.json
@ -42,7 +42,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value": "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate.\n\nAn attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met.  Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8."
+            "value" : "A query with a specific set of characteristics could cause a server using DNS64 to encounter an assertion failure and terminate. An attacker could deliberately construct a query, enabling denial-of-service against a server if it was configured to use the DNS64 feature and other preconditions were met. Affects BIND 9.8.0 -> 9.8.8-P1, 9.9.0 -> 9.9.9-P6, 9.9.10b1->9.9.10rc1, 9.10.0 -> 9.10.4-P6, 9.10.5b1->9.10.5rc1, 9.11.0 -> 9.11.0-P3, 9.11.1b1->9.11.1rc1, 9.9.3-S1 -> 9.9.9-S8."
         }
      ]
   },
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3137.json
+++ b/2017/3xxx/CVE-2017-3137.json
@ -93,4 +93,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3138.json
+++ b/2017/3xxx/CVE-2017-3138.json
@ -42,7 +42,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value": "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc.\n\nA regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string.  Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."
+            "value" : "named contains a feature which allows operators to issue commands to a running server by communicating with the server process over a control channel, using a utility program such as rndc. A regression introduced in a recent feature change has created a situation under which some versions of named can be caused to exit with a REQUIRE assertion failure if they are sent a null command string. Affects BIND 9.9.9->9.9.9-P7, 9.9.10b1->9.9.10rc2, 9.10.4->9.10.4-P7, 9.10.5b1->9.10.5rc2, 9.11.0->9.11.0-P4, 9.11.1b1->9.11.1rc2, 9.9.9-S1->9.9.9-S9."
         }
      ]
   },
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3140.json
+++ b/2017/3xxx/CVE-2017-3140.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3141.json
+++ b/2017/3xxx/CVE-2017-3141.json
@ -105,4 +105,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3142.json
+++ b/2017/3xxx/CVE-2017-3142.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3143.json
+++ b/2017/3xxx/CVE-2017-3143.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3144.json
+++ b/2017/3xxx/CVE-2017-3144.json
@ -88,4 +88,3 @@
      }
   ]
 }
-
--- a/2017/3xxx/CVE-2017-3145.json
+++ b/2017/3xxx/CVE-2017-3145.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2018/15xxx/CVE-2018-15782.json
+++ b/2018/15xxx/CVE-2018-15782.json
@ -37,7 +37,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value": "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path \ntraversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if \nused during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker \nunauthorized access to that system."
+            "value" : "The Quick Setup component of RSA Authentication Manager versions prior to 8.4 is vulnerable to a relative path traversal vulnerability. A local attacker could potentially provide an administrator with a crafted license that if used during the quick setup deployment of the initial RSA Authentication Manager system, could allow the attacker unauthorized access to that system."
         }
      ]
   },
@ -72,7 +72,8 @@
   "references" : {
      "reference_data" : [
         {
-            "refsource": "CONFIRM",
+            "name" : "20190103 DSA-2018-226: RSA Authentication Manager Relative Path Traversal Vulnerability",
+            "refsource" : "FULLDISC",
            "url" : "https://seclists.org/fulldisclosure/2019/Jan/18"
         }
      ]
--- a/2018/5xxx/CVE-2018-5733.json
+++ b/2018/5xxx/CVE-2018-5733.json
@ -94,4 +94,3 @@
      "discovery" : "EXTERNAL"
   }
 }
-
--- a/2018/5xxx/CVE-2018-5734.json
+++ b/2018/5xxx/CVE-2018-5734.json
@ -93,4 +93,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5736.json
+++ b/2018/5xxx/CVE-2018-5736.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5737.json
+++ b/2018/5xxx/CVE-2018-5737.json
@ -99,4 +99,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5738.json
+++ b/2018/5xxx/CVE-2018-5738.json
@ -105,4 +105,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5739.json
+++ b/2018/5xxx/CVE-2018-5739.json
@ -94,4 +94,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5740.json
+++ b/2018/5xxx/CVE-2018-5740.json
@ -110,4 +110,3 @@
      }
   ]
 }
-
--- a/2018/5xxx/CVE-2018-5741.json
+++ b/2018/5xxx/CVE-2018-5741.json
@ -94,4 +94,3 @@
      }
   ]
 }
-