- Synchronized data.

2025-05-08 11:37:04 +00:00 · 2017-11-22 12:05:11 -05:00 · 2017-11-22 12:05:11 -05:00 · e62aeadc48
commit e62aeadc48
parent 9fe5d3dc0e
3 changed files with 50 additions and 5 deletions
--- a/2017/15xxx/CVE-2017-15098.json
+++ b/2017/15xxx/CVE-2017-15098.json
@ -35,7 +35,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "Invalid json_populate_recordset() or jsonb_populate_recordset() calls can crash the server or disclose a few bytes of server memory."
+            "value" : "Invalid json_populate_recordset or jsonb_populate_recordset function calls in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, and 9.3.x before 9.3.20 can crash the server or disclose a few bytes of server memory."
         }
      ]
   },
@ -55,6 +55,9 @@
      "reference_data" : [
         {
            "url" : "https://www.postgresql.org/support/security/"
+         },
+         {
+            "url" : "https://www.postgresql.org/about/news/1801/"
         }
      ]
   }
--- a/2017/16xxx/CVE-2017-16894.json
+++ b/2017/16xxx/CVE-2017-16894.json
@ -34,7 +34,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. The writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php does not restrict the .env permissions."
+            "value" : "In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework."
         }
      ]
   },
--- a/2017/7xxx/CVE-2017-7736.json
+++ b/2017/7xxx/CVE-2017-7736.json
@ -1,8 +1,31 @@
 {
   "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "psirt@fortinet.com",
      "ID" : "CVE-2017-7736",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "n/a",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "n/a"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
@ -11,7 +34,26 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb webUI Certificate View page in 5.8.0, 5.7.1 and earlier, allows attackers to inject arbitrary web script or HTML via special crafted malicious certificate import."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "n/a"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://fortiguard.com/advisory/FG-IR-17-131"
         }
      ]
   }