- Synchronized data.

2025-07-30 18:04:30 +00:00 · 2017-11-30 13:03:31 -05:00 · 2017-11-30 13:03:31 -05:00 · b9e21b184d
commit b9e21b184d
parent a352206155
12 changed files with 196 additions and 7 deletions
--- a/2012/3xxx/CVE-2012-3394.json
+++ b/2012/3xxx/CVE-2012-3394.json
@ -63,6 +63,9 @@
         },
         {
            "url" : "http://secunia.com/advisories/49890"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76960"
         }
      ]
   }
--- a/2012/3xxx/CVE-2012-3395.json
+++ b/2012/3xxx/CVE-2012-3395.json
@ -63,6 +63,9 @@
         },
         {
            "url" : "http://secunia.com/advisories/49890"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76961"
         }
      ]
   }
--- a/2012/3xxx/CVE-2012-3396.json
+++ b/2012/3xxx/CVE-2012-3396.json
@ -63,6 +63,9 @@
         },
         {
            "url" : "http://secunia.com/advisories/49890"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76962"
         }
      ]
   }
--- a/2012/3xxx/CVE-2012-3397.json
+++ b/2012/3xxx/CVE-2012-3397.json
@ -63,6 +63,9 @@
         },
         {
            "url" : "http://secunia.com/advisories/49890"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76963"
         }
      ]
   }
--- a/2012/3xxx/CVE-2012-3398.json
+++ b/2012/3xxx/CVE-2012-3398.json
@ -63,6 +63,9 @@
         },
         {
            "url" : "http://secunia.com/advisories/49890"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76964"
         }
      ]
   }
--- a/2012/3xxx/CVE-2012-3999.json
+++ b/2012/3xxx/CVE-2012-3999.json
@ -54,6 +54,9 @@
      "reference_data" : [
         {
            "url" : "https://gitorious.org/sticky-notes/sticky-notes/merge_requests/2"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77138"
         }
      ]
   }
--- a/2012/4xxx/CVE-2012-4024.json
+++ b/2012/4xxx/CVE-2012-4024.json
@ -67,8 +67,14 @@
         {
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
         },
+         {
+            "url" : "http://www.securityfocus.com/bid/54610"
+         },
         {
            "url" : "http://www.osvdb.org/83898"
+         },
+         {
+            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77106"
         }
      ]
   }
--- a/2012/4xxx/CVE-2012-4025.json
+++ b/2012/4xxx/CVE-2012-4025.json
@ -67,6 +67,9 @@
         {
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:128"
         },
+         {
+            "url" : "http://www.securityfocus.com/bid/54610"
+         },
         {
            "url" : "http://www.osvdb.org/83899"
         }
--- a/2017/14xxx/CVE-2017-14868.json
+++ b/2017/14xxx/CVE-2017-14868.json
@ -2,7 +2,30 @@
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2017-14868",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +34,32 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows remote attackers to access arbitrary files via an XXE attack in a REST API HTTP request. This affects use of the Jax-rs extension."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://github.com/restlet/restlet-framework-java/issues/1286"
+         },
+         {
+            "url" : "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements"
+         },
+         {
+            "url" : "https://lgtm.com/blog/restlet_CVE-2017-14868"
         }
      ]
   }
--- a/2017/14xxx/CVE-2017-14949.json
+++ b/2017/14xxx/CVE-2017-14949.json
@ -2,7 +2,30 @@
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2017-14949",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +34,29 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "Restlet Framework before 2.3.12 allows remote attackers to access arbitrary files via a crafted REST API HTTP request that conducts an XXE attack, because only general external entities (not parameter external entities) are properly considered. This is related to XmlRepresentation, DOMRepresentation, SaxRepresentation, and JacksonRepresentation."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://github.com/restlet/restlet-framework-java/wiki/XEE-security-enhancements"
+         },
+         {
+            "url" : "https://lgtm.com/blog/restlet_CVE-2017-14949"
         }
      ]
   }
--- a/2017/15xxx/CVE-2017-15116.json
+++ b/2017/15xxx/CVE-2017-15116.json
@ -1,8 +1,31 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "secalert@redhat.com",
      "ID" : "CVE-2017-15116",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Linux kernel",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "Linux kernel"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +34,35 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "The rngapi_reset function in crypto/rng.c in the Linux kernel before 4.2 allows attackers to cause a denial of service (NULL pointer dereference)."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "null pointer dereference"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
+         },
+         {
+            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1485815"
+         },
+         {
+            "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1514609"
+         },
+         {
+            "url" : "https://github.com/torvalds/linux/commit/94f1bb15bed84ad6c893916b7e7b9db6f1d7eec6"
         }
      ]
   }
--- a/2017/17xxx/CVE-2017-17068.json
+++ b/2017/17xxx/CVE-2017-17068.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2017-17068",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}