diff --git a/2016/7xxx/CVE-2016-7404.json b/2016/7xxx/CVE-2016-7404.json index 6b7a62d28ee..6bd1cdaa05f 100644 --- a/2016/7xxx/CVE-2016-7404.json +++ b/2016/7xxx/CVE-2016-7404.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-7404", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,43 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenStack Magnum passes OpenStack credentials into the Heat templates creating its instances. While these should just be used for retrieving the instances' SSL certificates, they allow full API access, though and can be used to perform any API operation the user is authorized to perform." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.launchpad.net/magnum/+bug/1620536", + "refsource": "MISC", + "name": "https://bugs.launchpad.net/magnum/+bug/1620536" + }, + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=998182", + "refsource": "MISC", + "name": "https://bugzilla.suse.com/show_bug.cgi?id=998182" + }, + { + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/98467", + "url": "https://www.securityfocus.com/bid/98467" + }, + { + "refsource": "CONFIRM", + "name": "https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22", + "url": "https://opendev.org/openstack/magnum/commit/0bb0d6486d6771ee21bbf897a091b1aa59e01b22" } ] } diff --git a/2018/15xxx/CVE-2018-15736.json b/2018/15xxx/CVE-2018-15736.json index 815ef25b2df..00c74ef8a9e 100644 --- a/2018/15xxx/CVE-2018-15736.json +++ b/2018/15xxx/CVE-2018-15736.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15736", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.greyhathacker.net", + "refsource": "MISC", + "name": "https://www.greyhathacker.net" + }, + { + "refsource": "MISC", + "name": "https://www.greyhathacker.net/?p=1025", + "url": "https://www.greyhathacker.net/?p=1025" } ] } diff --git a/2018/15xxx/CVE-2018-15737.json b/2018/15xxx/CVE-2018-15737.json index 1a055e5089b..2fc7e2f445e 100644 --- a/2018/15xxx/CVE-2018-15737.json +++ b/2018/15xxx/CVE-2018-15737.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15737", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x80002043." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.greyhathacker.net", + "refsource": "MISC", + "name": "https://www.greyhathacker.net" + }, + { + "refsource": "MISC", + "name": "https://www.greyhathacker.net/?p=1025", + "url": "https://www.greyhathacker.net/?p=1025" } ] } diff --git a/2018/15xxx/CVE-2018-15747.json b/2018/15xxx/CVE-2018-15747.json index bcd1958a96f..abb866308a8 100644 --- a/2018/15xxx/CVE-2018-15747.json +++ b/2018/15xxx/CVE-2018-15747.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15747", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The default configuration of glot-www through 2018-05-19 allows remote attackers to execute arbitrary code because glot-code-runner supports os.system within a \"python\" \"files\" \"content\" JSON file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/prasmussen/glot-code-runner/issues/15", + "refsource": "MISC", + "name": "https://github.com/prasmussen/glot-code-runner/issues/15" } ] } diff --git a/2018/15xxx/CVE-2018-15868.json b/2018/15xxx/CVE-2018-15868.json index 6668dea4c56..e383aa20652 100644 --- a/2018/15xxx/CVE-2018-15868.json +++ b/2018/15xxx/CVE-2018-15868.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-15868", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcr_machineid cookie." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://www.chronoscan.org", + "refsource": "MISC", + "name": "http://www.chronoscan.org" + }, + { + "refsource": "MISC", + "name": "https://redsec.io/chronoscan-enterprise-unauthenticated-sql-injection", + "url": "https://redsec.io/chronoscan-enterprise-unauthenticated-sql-injection" } ] }