- Synchronized data.

2025-07-29 05:56:59 +00:00 · 2018-09-05 13:05:50 -04:00 · 2018-09-05 13:05:50 -04:00 · be80ba55dd
commit be80ba55dd
parent 8bc932d114
12 changed files with 350 additions and 2 deletions
--- a/2016/1000xxx/CVE-2016-1000030.json
+++ b/2016/1000xxx/CVE-2016-1000030.json
@ -1 +1,85 @@
-{     "CVE_data_meta": {         "ASSIGNER": "kurt@seifried.org",         "DATE_ASSIGNED": "2018-09-03T16:07:16.984011",         "DATE_REQUESTED": "2016-06-21T00:00:00",         "ID": "CVE-2016-1000030",         "REQUESTER": "kurt@seifried.org"     },     "affects": {         "vendor": {             "vendor_data": [                 {                     "product": {                         "product_data": [                             {                                 "product_name": "Pidgin",                                 "version": {                                     "version_data": [                                         {                                             "version_value": "<2.11.0"                                         }                                     ]                                 }                             }                         ]                     },                     "vendor_name": "Pidgin"                 }             ]         }     },     "data_format": "MITRE",     "data_type": "CVE",     "data_version": "4.0",     "description": {         "description_data": [             {                 "lang": "eng",                 "value": "Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically idue to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack  appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."             }         ]     },     "problemtype": {         "problemtype_data": [             {                 "description": [                     {                         "lang": "eng",                         "value": "X.509 Certificates Improperly Imported"                     }                 ]             }         ]     },     "references": {         "reference_data": [             {                 "url": "https://pidgin.im/news/security/?id=91"             },             {                 "url": "https://security.gentoo.org/glsa/201701-38"             },             {                 "url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"             },             {                 "url": "https://access.redhat.com/security/cve/cve-2016-1000030"             }         ]     } } 
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "kurt@seifried.org",
+      "DATE_ASSIGNED" : "2018-09-03T16:07:16.984011",
+      "DATE_REQUESTED" : "2016-06-21T00:00:00",
+      "ID" : "CVE-2016-1000030",
+      "REQUESTER" : "kurt@seifried.org",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Pidgin",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "<2.11.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "Pidgin"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "X.509 Certificates Improperly Imported"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://access.redhat.com/security/cve/cve-2016-1000030",
+            "refsource" : "CONFIRM",
+            "url" : "https://access.redhat.com/security/cve/cve-2016-1000030"
+         },
+         {
+            "name" : "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe",
+            "refsource" : "CONFIRM",
+            "url" : "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
+         },
+         {
+            "name" : "https://pidgin.im/news/security/?id=91",
+            "refsource" : "CONFIRM",
+            "url" : "https://pidgin.im/news/security/?id=91"
+         },
+         {
+            "name" : "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/",
+            "refsource" : "CONFIRM",
+            "url" : "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030/"
+         },
+         {
+            "name" : "GLSA-201701-38",
+            "refsource" : "GENTOO",
+            "url" : "https://security.gentoo.org/glsa/201701-38"
+         }
+      ]
+   }
+}
--- a/2016/1000xxx/CVE-2016-1000232.json
+++ b/2016/1000xxx/CVE-2016-1000232.json
@ -1 +1,85 @@
-{     "CVE_data_meta": {         "ASSIGNER": "kurt@seifried.org",         "DATE_ASSIGNED": "2018-09-03T16:07:16.985208",         "DATE_REQUESTED": "1016-10-28T00:00:00",         "ID": "CVE-2016-1000232",         "REQUESTER": "kurt@seifried.org"     },     "affects": {         "vendor": {             "vendor_data": [                 {                     "product": {                         "product_data": [                             {                                 "product_name": "Tough-Cookie",                                 "version": {                                     "version_data": [                                         {                                             "version_value": "2.2.2"                                         }                                     ]                                 }                             }                         ]                     },                     "vendor_name": "NodeJS"                 }             ]         }     },     "data_format": "MITRE",     "data_type": "CVE",     "data_version": "4.0",     "description": {         "description_data": [             {                 "lang": "eng",                 "value": "NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0."             }         ]     },     "problemtype": {         "problemtype_data": [             {                 "description": [                     {                         "lang": "eng",                         "value": "Regular Expression Parsing"                     }                 ]             }         ]     },     "references": {         "reference_data": [             {                 "url": "https://access.redhat.com/security/cve/cve-2016-1000232"             },             {                 "url": "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/"             }         ]     } } 
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "kurt@seifried.org",
+      "DATE_ASSIGNED" : "2018-09-03T16:07:16.985208",
+      "DATE_REQUESTED" : "1016-10-28T00:00:00",
+      "ID" : "CVE-2016-1000232",
+      "REQUESTER" : "kurt@seifried.org",
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Tough-Cookie",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "2.2.2"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "NodeJS"
+            }
+         ]
+      }
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "NodeJS Tough-Cookie version 2.2.2 contains a Regular Expression Parsing vulnerability in HTTP request Cookie Header parsing that can result in Denial of Service. This attack appear to be exploitable via Custom HTTP header passed by client. This vulnerability appears to have been fixed in 2.3.0."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "Regular Expression Parsing"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "name" : "https://www.npmjs.com/advisories/130",
+            "refsource" : "MISC",
+            "url" : "https://www.npmjs.com/advisories/130"
+         },
+         {
+            "name" : "https://access.redhat.com/security/cve/cve-2016-1000232",
+            "refsource" : "CONFIRM",
+            "url" : "https://access.redhat.com/security/cve/cve-2016-1000232"
+         },
+         {
+            "name" : "https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/salesforce/tough-cookie/commit/615627206357d997d5e6ff9da158997de05235ae"
+         },
+         {
+            "name" : "https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534",
+            "refsource" : "CONFIRM",
+            "url" : "https://github.com/salesforce/tough-cookie/commit/e4fc2e0f9ee1b7a818d68f0ac7ea696f377b1534"
+         },
+         {
+            "name" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/",
+            "refsource" : "CONFIRM",
+            "url" : "https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-api-connect-is-affected-by-node-js-tough-cookie-module-vulnerability-to-a-denial-of-service-cve-2016-1000232/"
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16529.json
+++ b/2018/16xxx/CVE-2018-16529.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16529",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16530.json
+++ b/2018/16xxx/CVE-2018-16530.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16530",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16531.json
+++ b/2018/16xxx/CVE-2018-16531.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16531",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16532.json
+++ b/2018/16xxx/CVE-2018-16532.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16532",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16533.json
+++ b/2018/16xxx/CVE-2018-16533.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16533",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16534.json
+++ b/2018/16xxx/CVE-2018-16534.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16534",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16535.json
+++ b/2018/16xxx/CVE-2018-16535.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16535",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16536.json
+++ b/2018/16xxx/CVE-2018-16536.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16536",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16537.json
+++ b/2018/16xxx/CVE-2018-16537.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16537",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}
--- a/2018/16xxx/CVE-2018-16538.json
+++ b/2018/16xxx/CVE-2018-16538.json
@ -0,0 +1,18 @@
+{
+   "CVE_data_meta" : {
+      "ASSIGNER" : "cve@mitre.org",
+      "ID" : "CVE-2018-16538",
+      "STATE" : "RESERVED"
+   },
+   "data_format" : "MITRE",
+   "data_type" : "CVE",
+   "data_version" : "4.0",
+   "description" : {
+      "description_data" : [
+         {
+            "lang" : "eng",
+            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided."
+         }
+      ]
+   }
+}