diff --git a/2009/4xxx/CVE-2009-4267.json b/2009/4xxx/CVE-2009-4267.json index 8874130b996..3327cfb8554 100644 --- a/2009/4xxx/CVE-2009-4267.json +++ b/2009/4xxx/CVE-2009-4267.json @@ -35,7 +35,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "The Apache jUDDI console in 3.0.0 did not escape line feeds passed in the numRows parameter. This affected log integrity allowing authenticated users to forge log records. This issue was addressed in jUDDI 3.0.1." + "value" : "The console in Apache jUDDI 3.0.0 does not properly escape line feeds, which allows remote authenticated users to spoof log entries via the numRows parameter." } ] }, @@ -55,6 +55,9 @@ "reference_data" : [ { "url" : "http://mail-archives.apache.org/mod_mbox/juddi-user/201802.mbox/raw/%3C0F272EE1-E2B4-4016-8C5D-F76ABDD12D18%40gmail.com%3E" + }, + { + "url" : "http://juddi.apache.org/security.html" } ] } diff --git a/2010/0xxx/CVE-2010-0109.json b/2010/0xxx/CVE-2010-0109.json index 45a689131e0..ec10a551a85 100644 --- a/2010/0xxx/CVE-2010-0109.json +++ b/2010/0xxx/CVE-2010-0109.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2010-0109", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 SP4 allows remote attackers to cause a denial of service via a crafted request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20100420_00" + }, + { + "url" : "http://www.securityfocus.com/bid/38410" } ] } diff --git a/2011/3xxx/CVE-2011-3477.json b/2011/3xxx/CVE-2011-3477.json index a02789545e9..a44fa262f39 100644 --- a/2011/3xxx/CVE-2011-3477.json +++ b/2011/3xxx/CVE-2011-3477.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2011-3477", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in Symantec Backup Exec System Recovery 8.5 and BESR 2010, Symantec System Recovery 2011, Norton 360, and Norton Ghost, allows local users to cause a denial of service (system crash) via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20111109_00" + }, + { + "url" : "http://www.securityfocus.com/bid/47822" } ] } diff --git a/2012/0xxx/CVE-2012-0759.json b/2012/0xxx/CVE-2012-0759.json index b442a1714c8..ab6c365b30c 100644 --- a/2012/0xxx/CVE-2012-0759.json +++ b/2012/0xxx/CVE-2012-0759.json @@ -34,7 +34,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + "value" : "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0771." } ] }, diff --git a/2012/0xxx/CVE-2012-0771.json b/2012/0xxx/CVE-2012-0771.json index bf0c7d28307..2e989536763 100644 --- a/2012/0xxx/CVE-2012-0771.json +++ b/2012/0xxx/CVE-2012-0771.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2012-0771", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.adobe.com/support/security/bulletins/apsb12-02.html" } ] } diff --git a/2014/3xxx/CVE-2014-3972.json b/2014/3xxx/CVE-2014-3972.json index f5c3c148b03..7d614c8c780 100644 --- a/2014/3xxx/CVE-2014-3972.json +++ b/2014/3xxx/CVE-2014-3972.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2014-3972", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://fortiguard.com/zeroday/FG-VD-14-004" } ] } diff --git a/2015/2xxx/CVE-2015-2324.json b/2015/2xxx/CVE-2015-2324.json index 865b5e3aa00..0942c8a7fcc 100644 --- a/2015/2xxx/CVE-2015-2324.json +++ b/2015/2xxx/CVE-2015-2324.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2015-2324", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://fortiguard.com/zeroday/FG-VD-15-009" + }, + { + "url" : "https://github.com/wp-plugins/photo-gallery/blob/master/readme.txt" } ] } diff --git a/2015/9xxx/CVE-2015-9253.json b/2015/9xxx/CVE-2015-9253.json new file mode 100644 index 00000000000..ef2d404d48b --- /dev/null +++ b/2015/9xxx/CVE-2015-9253.json @@ -0,0 +1,66 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2015-9253", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in PHP through 7.2.2. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://bugs.php.net/bug.php?id=70185" + }, + { + "url" : "https://bugs.php.net/bug.php?id=75968" + }, + { + "url" : "https://www.futureweb.at/Futureweb-OG-php-fpm-master-process-restarts-child-process-in-a_pid,54177,type,firmeninfo.html" + } + ] + } +} diff --git a/2016/0xxx/CVE-2016-0420.json b/2016/0xxx/CVE-2016-0420.json index 0870127f237..72309101d5c 100644 --- a/2016/0xxx/CVE-2016-0420.json +++ b/2016/0xxx/CVE-2016-0420.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/126" + }, + { + "url" : "http://packetstormsecurity.com/files/138509/JD-Edwards-9.1-EnterpriseOne-Server-Create-Users.html" + }, + { + "url" : "https://www.onapsis.com/research/security-advisories/jd-edwards-server-manager-create-user" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/0xxx/CVE-2016-0421.json b/2016/0xxx/CVE-2016-0421.json index 733e43b0d90..512e3b3940a 100644 --- a/2016/0xxx/CVE-2016-0421.json +++ b/2016/0xxx/CVE-2016-0421.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/125" + }, + { + "url" : "http://packetstormsecurity.com/files/138508/JD-Edwards-9.1-EnterpriseOne-Server-Manager-Shutdown.html" + }, + { + "url" : "https://www.onapsis.com/research/security-advisories/jd-edwards-server-manager-shutdown" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/0xxx/CVE-2016-0422.json b/2016/0xxx/CVE-2016-0422.json index d4311602a52..bc3a9f860c1 100644 --- a/2016/0xxx/CVE-2016-0422.json +++ b/2016/0xxx/CVE-2016-0422.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/124" + }, + { + "url" : "http://packetstormsecurity.com/files/138507/JD-Edwards-9.1-EnterpriseOne-Server-JDENet-Password-Disclosure.html" + }, + { + "url" : "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-password-disclosure" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/0xxx/CVE-2016-0423.json b/2016/0xxx/CVE-2016-0423.json index a84604ff0f5..1df43b197f5 100644 --- a/2016/0xxx/CVE-2016-0423.json +++ b/2016/0xxx/CVE-2016-0423.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/128" + }, + { + "url" : "http://packetstormsecurity.com/files/138512/JD-Edwards-9.1-EnterpriseOne-Server-JDENET-Denial-Of-Service.html" + }, + { + "url" : "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-end-file-dos" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/0xxx/CVE-2016-0424.json b/2016/0xxx/CVE-2016-0424.json index 5ac9141168d..a7a983d03a6 100644 --- a/2016/0xxx/CVE-2016-0424.json +++ b/2016/0xxx/CVE-2016-0424.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/127" + }, + { + "url" : "http://packetstormsecurity.com/files/138510/JD-Edwards-9.1-EnterpriseOne-Server-Denial-Of-Service.html" + }, + { + "url" : "https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-type-8-dos" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/0xxx/CVE-2016-0425.json b/2016/0xxx/CVE-2016-0425.json index 9abb5e49a54..44b5f17ec5c 100644 --- a/2016/0xxx/CVE-2016-0425.json +++ b/2016/0xxx/CVE-2016-0425.json @@ -52,6 +52,12 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2016/Aug/129" + }, + { + "url" : "http://packetstormsecurity.com/files/138511/JD-Edwards-9.1-EnterpriseOne-Server-Password-Disclosure.html" + }, { "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" }, diff --git a/2016/3xxx/CVE-2016-3436.json b/2016/3xxx/CVE-2016-3436.json index 88c91d03338..d8c565e50a3 100644 --- a/2016/3xxx/CVE-2016-3436.json +++ b/2016/3xxx/CVE-2016-3436.json @@ -52,6 +52,9 @@ }, "references" : { "reference_data" : [ + { + "url" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3436" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, diff --git a/2016/3xxx/CVE-2016-3437.json b/2016/3xxx/CVE-2016-3437.json index f4259ba007f..dd26423b952 100644 --- a/2016/3xxx/CVE-2016-3437.json +++ b/2016/3xxx/CVE-2016-3437.json @@ -52,6 +52,9 @@ }, "references" : { "reference_data" : [ + { + "url" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3437" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, diff --git a/2016/3xxx/CVE-2016-3439.json b/2016/3xxx/CVE-2016-3439.json index 4a8a380d5e8..b7e96c248ce 100644 --- a/2016/3xxx/CVE-2016-3439.json +++ b/2016/3xxx/CVE-2016-3439.json @@ -52,6 +52,9 @@ }, "references" : { "reference_data" : [ + { + "url" : "https://www.onapsis.com/research/security-advisories/oracle-e-business-suite-cross-site-scripting-xss-cve-2016-3439" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html" }, diff --git a/2016/5xxx/CVE-2016-5558.json b/2016/5xxx/CVE-2016-5558.json index 057bd867cc6..0ea4bf6f065 100644 --- a/2016/5xxx/CVE-2016-5558.json +++ b/2016/5xxx/CVE-2016-5558.json @@ -55,6 +55,9 @@ { "url" : "http://www.securityfocus.com/archive/1/archive/1/539731/100/0/threaded" }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-11/" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, diff --git a/2016/5xxx/CVE-2016-5574.json b/2016/5xxx/CVE-2016-5574.json index 13391709022..ba419ec40ea 100644 --- a/2016/5xxx/CVE-2016-5574.json +++ b/2016/5xxx/CVE-2016-5574.json @@ -55,6 +55,9 @@ { "url" : "http://www.securityfocus.com/archive/1/archive/1/539732/100/0/threaded" }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-12/" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" }, diff --git a/2016/7xxx/CVE-2016-7210.json b/2016/7xxx/CVE-2016-7210.json index 35755cfedb9..c2ebc45a99b 100644 --- a/2016/7xxx/CVE-2016-7210.json +++ b/2016/7xxx/CVE-2016-7210.json @@ -55,6 +55,9 @@ { "url" : "http://www.securityfocus.com/archive/1/archive/1/539734/100/0/threaded" }, + { + "url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2016-16/" + }, { "url" : "http://technet.microsoft.com/security/bulletin/MS16-132" }, diff --git a/2016/9xxx/CVE-2016-9568.json b/2016/9xxx/CVE-2016-9568.json index 198dbd9e48a..393b9203872 100644 --- a/2016/9xxx/CVE-2016-9568.json +++ b/2016/9xxx/CVE-2016-9568.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2016-9568", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://labs.nettitude.com/blog/carbon-black-security-advisories-cve-2016-9570-cve-2016-9568-and-cve-2016-9569/" } ] } diff --git a/2017/16xxx/CVE-2017-16670.json b/2017/16xxx/CVE-2017-16670.json index a46cc45da16..abf19c58f7b 100644 --- a/2017/16xxx/CVE-2017-16670.json +++ b/2017/16xxx/CVE-2017-16670.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-16670", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://packetstormsecurity.com/files/146339/SoapUI-5.3.0-Code-Execution.html" } ] } diff --git a/2017/17xxx/CVE-2017-17101.json b/2017/17xxx/CVE-2017-17101.json index 4cafd45c6e0..6e37a680603 100644 --- a/2017/17xxx/CVE-2017-17101.json +++ b/2017/17xxx/CVE-2017-17101.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-17101", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Apexis APM-H803-MPC software, as used with many different models of IP Camera. An unprotected CGI method inside the web application permits an unauthenticated user to bypass the login screen and access the webcam contents including: live video stream, configuration files with all the passwords, system information, and much more. With this vulnerability, anyone can access to a vulnerable webcam with 'super admin' privilege." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://youtu.be/B75C13Zw35Y" } ] } diff --git a/2017/3xxx/CVE-2017-3241.json b/2017/3xxx/CVE-2017-3241.json index 85038a7d046..ad8bfc4a729 100644 --- a/2017/3xxx/CVE-2017-3241.json +++ b/2017/3xxx/CVE-2017-3241.json @@ -81,6 +81,9 @@ { "url" : "https://www.exploit-db.com/exploits/41145/" }, + { + "url" : "https://erpscan.com/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, diff --git a/2017/3xxx/CVE-2017-3300.json b/2017/3xxx/CVE-2017-3300.json index 03d45d3342e..ad36660ca8b 100644 --- a/2017/3xxx/CVE-2017-3300.json +++ b/2017/3xxx/CVE-2017-3300.json @@ -55,6 +55,9 @@ }, "references" : { "reference_data" : [ + { + "url" : "https://erpscan.com/advisories/erpscan-17-005-oracle-peoplesoft-xss-vulnerability/" + }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" }, diff --git a/2017/7xxx/CVE-2017-7375.json b/2017/7xxx/CVE-2017-7375.json index c76b04d270f..499fceddb69 100644 --- a/2017/7xxx/CVE-2017-7375.json +++ b/2017/7xxx/CVE-2017-7375.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-7375", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,35 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462203" + }, + { + "url" : "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e" + }, + { + "url" : "https://source.android.com/security/bulletin/2017-06-01" } ] } diff --git a/2017/7xxx/CVE-2017-7376.json b/2017/7xxx/CVE-2017-7376.json index e20a0ffb910..0cdbb897ae3 100644 --- a/2017/7xxx/CVE-2017-7376.json +++ b/2017/7xxx/CVE-2017-7376.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-7376", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,35 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4" + }, + { + "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462216" + }, + { + "url" : "https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e" + }, + { + "url" : "https://source.android.com/security/bulletin/2017-06-01" } ] } diff --git a/2018/6xxx/CVE-2018-6461.json b/2018/6xxx/CVE-2018-6461.json index 35fbef67851..ba3bd6770f3 100644 --- a/2018/6xxx/CVE-2018-6461.json +++ b/2018/6xxx/CVE-2018-6461.json @@ -52,6 +52,15 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://seclists.org/fulldisclosure/2018/Feb/24" + }, + { + "url" : "http://hyp3rlinx.altervista.org/advisories/CVS-SUITE-2009R2-INSECURE-LIBRARY-LOADING-CVE-2018-6461.txt" + }, + { + "url" : "http://packetstormsecurity.com/files/146267/WINCVS-2009R2-DLL-Hijacking.html" + }, { "url" : "http://march-hare.com/cvspro/vulnwincvs.htm" } diff --git a/2018/6xxx/CVE-2018-6592.json b/2018/6xxx/CVE-2018-6592.json index 3dad546f3d1..f2e084b3784 100644 --- a/2018/6xxx/CVE-2018-6592.json +++ b/2018/6xxx/CVE-2018-6592.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-6592", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Unisys Stealth Windows endpoints before 3.3.016.1 allow local users to gain access to Stealth-enabled devices by leveraging improper cleanup of memory used for negotiation key storage." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=45" } ] } diff --git a/2018/6xxx/CVE-2018-6892.json b/2018/6xxx/CVE-2018-6892.json index a699bab55d1..49e8275a748 100644 --- a/2018/6xxx/CVE-2018-6892.json +++ b/2018/6xxx/CVE-2018-6892.json @@ -57,6 +57,9 @@ }, { "url" : "https://blogs.securiteam.com/index.php/archives/3669" + }, + { + "url" : "http://hyp3rlinx.altervista.org/advisories/CLOUDME-SYNC-UNAUTHENTICATED-REMOTE-BUFFER-OVERFLOW.txt" } ] } diff --git a/2018/7xxx/CVE-2018-7248.json b/2018/7xxx/CVE-2018-7248.json new file mode 100644 index 00000000000..019168c7570 --- /dev/null +++ b/2018/7xxx/CVE-2018-7248.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-7248", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}