From d814c2c34dc53008759d2fd46fd073048d97cd25 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 17 Nov 2017 12:04:18 -0500 Subject: [PATCH] - Synchronized data. --- 2017/1000xxx/CVE-2017-1000191.json | 118 ++++++++++++++--------------- 2017/1000xxx/CVE-2017-1000192.json | 118 ++++++++++++++--------------- 2017/16xxx/CVE-2017-16819.json | 46 ++++++++++- 2017/16xxx/CVE-2017-16877.json | 60 +++++++++++++++ 4 files changed, 222 insertions(+), 120 deletions(-) create mode 100644 2017/16xxx/CVE-2017-16877.json diff --git a/2017/1000xxx/CVE-2017-1000191.json b/2017/1000xxx/CVE-2017-1000191.json index 413d3eab261..33a23726623 100644 --- a/2017/1000xxx/CVE-2017-1000191.json +++ b/2017/1000xxx/CVE-2017-1000191.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2017-08-22T17:29:33.414395", - "ID": "CVE-2017-1000191", - "REQUESTER": "ydahhrk@gmail.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Jool", - "version": { - "version_data": [ - { - "version_value": "3.5.0 - 3.5.1" - } - ] - } - } - ] - }, - "vendor_name": "NIC Mexico" - } + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2017-08-22T17:29:33.414395", + "ID" : "CVE-2017-1000191", + "REQUESTER" : "ydahhrk@gmail.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Jool", + "version" : { + "version_data" : [ + { + "version_value" : "3.5.0 - 3.5.1" + } + ] + } + } + ] + }, + "vendor_name" : "NIC Mexico" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Overflow" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting in a DOS." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Buffer Overflow" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/NICMx/Jool/issues/232" - } - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/NICMx/Jool/issues/232" + } + ] + } } diff --git a/2017/1000xxx/CVE-2017-1000192.json b/2017/1000xxx/CVE-2017-1000192.json index 429f2bb70d9..9fc4c260a67 100644 --- a/2017/1000xxx/CVE-2017-1000192.json +++ b/2017/1000xxx/CVE-2017-1000192.json @@ -1,62 +1,62 @@ { - "CVE_data_meta": { - "ASSIGNER": "kurt@seifried.org", - "DATE_ASSIGNED": "2017-08-22T17:29:33.415730", - "ID": "CVE-2017-1000192", - "REQUESTER": "artem.moskowsky@gmail.com", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "sysPass", - "version": { - "version_data": [ - { - "version_value": "2.1.7 and older" - } - ] - } - } - ] - }, - "vendor_name": "Cygnux" - } + "CVE_data_meta" : { + "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", + "DATE_ASSIGNED" : "2017-08-22T17:29:33.415730", + "ID" : "CVE-2017-1000192", + "REQUESTER" : "artem.moskowsky@gmail.com", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "sysPass", + "version" : { + "version_data" : [ + { + "version_value" : "2.1.7 and older" + } + ] + } + } + ] + }, + "vendor_name" : "Cygnux" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Directory Traversal" + } ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ - { - "lang": "eng", - "value": "Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key, as well as other sensitive information." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Directory Traversal" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901" - } - ] - } + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/nuxsmin/sysPass/releases/tag/2.1.8.17042901" + } + ] + } } diff --git a/2017/16xxx/CVE-2017-16819.json b/2017/16xxx/CVE-2017-16819.json index 11c40913f4d..e361dcb9132 100644 --- a/2017/16xxx/CVE-2017-16819.json +++ b/2017/16xxx/CVE-2017-16819.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-16819", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.keiththome.com/rtc-1000-vuln/" } ] } diff --git a/2017/16xxx/CVE-2017-16877.json b/2017/16xxx/CVE-2017-16877.json new file mode 100644 index 00000000000..ea62c6d2463 --- /dev/null +++ b/2017/16xxx/CVE-2017-16877.json @@ -0,0 +1,60 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2017-16877", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://github.com/zeit/next.js/releases/tag/2.4.1" + } + ] + } +}