diff --git a/2017/15xxx/CVE-2017-15098.json b/2017/15xxx/CVE-2017-15098.json index 446c403811b..7c2a9449a2b 100644 --- a/2017/15xxx/CVE-2017-15098.json +++ b/2017/15xxx/CVE-2017-15098.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Invalid json_populate_recordset() or jsonb_populate_recordset() calls can crash the server or disclose a few bytes of server memory." + "value" : "Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory." } ] }, @@ -55,6 +55,9 @@ "reference_data" : [ { "url" : "https://www.postgresql.org/support/security/" + }, + { + "url" : "https://www.postgresql.org/about/news/1801/" } ] } diff --git a/2017/16xxx/CVE-2017-16894.json b/2017/16xxx/CVE-2017-16894.json index f00bd14a5a4..ea629029475 100644 --- a/2017/16xxx/CVE-2017-16894.json +++ b/2017/16xxx/CVE-2017-16894.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions." + "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework." } ] }, diff --git a/2017/7xxx/CVE-2017-7736.json b/2017/7xxx/CVE-2017-7736.json index 54149cbc332..ac571b85876 100644 --- a/2017/7xxx/CVE-2017-7736.json +++ b/2017/7xxx/CVE-2017-7736.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "psirt@fortinet.com", "ID" : "CVE-2017-7736", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://fortiguard.com/advisory/FG-IR-17-131" } ] }