diff --git a/2014/9xxx/CVE-2014-9654.json b/2014/9xxx/CVE-2014-9654.json index d2b5037e734..9b8dc39550b 100644 --- a/2014/9xxx/CVE-2014-9654.json +++ b/2014/9xxx/CVE-2014-9654.json @@ -67,6 +67,9 @@ { "url" : "https://code.google.com/p/chromium/issues/detail?id=432209" }, + { + "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, { "url" : "https://security.gentoo.org/glsa/201503-06" }, diff --git a/2015/3xxx/CVE-2015-3405.json b/2015/3xxx/CVE-2015-3405.json index ac482bcec15..722f6446608 100644 --- a/2015/3xxx/CVE-2015-3405.json +++ b/2015/3xxx/CVE-2015-3405.json @@ -64,6 +64,12 @@ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1210324" }, + { + "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, + { + "url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" + }, { "url" : "http://www.debian.org/security/2015/dsa-3223" }, diff --git a/2015/3xxx/CVE-2015-3418.json b/2015/3xxx/CVE-2015-3418.json index 929a8eefd8a..f818761f674 100644 --- a/2015/3xxx/CVE-2015-3418.json +++ b/2015/3xxx/CVE-2015-3418.json @@ -58,6 +58,9 @@ { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b" }, + { + "url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" + }, { "url" : "https://security.gentoo.org/glsa/201701-64" }, diff --git a/2016/1xxx/CVE-2016-1881.json b/2016/1xxx/CVE-2016-1881.json index 78ce11e0928..f4190026ea1 100644 --- a/2016/1xxx/CVE-2016-1881.json +++ b/2016/1xxx/CVE-2016-1881.json @@ -52,6 +52,9 @@ }, "references" : { "reference_data" : [ + { + "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:04.linux.asc" }, diff --git a/2017/14xxx/CVE-2017-14698.json b/2017/14xxx/CVE-2017-14698.json index a039fe289c1..b24c4493b8f 100644 --- a/2017/14xxx/CVE-2017-14698.json +++ b/2017/14xxx/CVE-2017-14698.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-14698", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/" + }, + { + "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/" } ] } diff --git a/2017/14xxx/CVE-2017-14699.json b/2017/14xxx/CVE-2017-14699.json index 10068c78e2c..92aa6f885aa 100644 --- a/2017/14xxx/CVE-2017-14699.json +++ b/2017/14xxx/CVE-2017-14699.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-14699", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,29 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/" + }, + { + "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/" } ] } diff --git a/2017/1xxx/CVE-2017-1779.json b/2017/1xxx/CVE-2017-1779.json index 98c50947afb..8245f215ce2 100644 --- a/2017/1xxx/CVE-2017-1779.json +++ b/2017/1xxx/CVE-2017-1779.json @@ -1,5 +1,10 @@ { - "data_type" : "CVE", + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-01-24T00:00:00", + "ID" : "CVE-2017-1779", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -44,30 +49,14 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824.", - "lang" : "eng" - } - ] - }, - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-24T00:00:00", - "STATE" : "PUBLIC", - "ID" : "CVE-2017-1779" - }, - "data_format" : "MITRE", - "references" : { - "reference_data" : [ - { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561", - "name" : "IBM Security Bulletin 2011561 (Cognos Analytics)" - }, - { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824", - "name" : "X-Force Vulnerability Report" + "lang" : "eng", + "value" : "IBM Cognos Analytics 11.0 could store cached credentials locally that could be obtained by a local user. IBM X-Force ID: 136824." } ] }, @@ -83,5 +72,14 @@ } ] }, - "data_version" : "4.0" + "references" : { + "reference_data" : [ + { + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136824" + }, + { + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561" + } + ] + } } diff --git a/2017/1xxx/CVE-2017-1783.json b/2017/1xxx/CVE-2017-1783.json index 7a096a064c4..61008a3949e 100644 --- a/2017/1xxx/CVE-2017-1783.json +++ b/2017/1xxx/CVE-2017-1783.json @@ -1,12 +1,18 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-01-24T00:00:00", + "ID" : "CVE-2017-1783", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ { - "vendor_name" : "IBM", "product" : { "product_data" : [ { + "product_name" : "Cognos Analytics", "version" : { "version_data" : [ { @@ -34,20 +40,23 @@ "version_value" : "11.0.7" } ] - }, - "product_name" : "Cognos Analytics" + } } ] - } + }, + "vendor_name" : "IBM" } ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { - "value" : "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.", - "lang" : "eng" + "lang" : "eng", + "value" : "IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857." } ] }, @@ -56,32 +65,21 @@ { "description" : [ { - "value" : "Data Manipulation", - "lang" : "eng" + "lang" : "eng", + "value" : "Data Manipulation" } ] } ] }, - "data_format" : "MITRE", - "CVE_data_meta" : { - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-01-24T00:00:00", - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2017-1783" - }, - "data_type" : "CVE", "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561", - "name" : "IBM Security Bulletin 2011561 (Cognos Analytics)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" }, { - "name" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136857" + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561" } ] - }, - "data_version" : "4.0" + } } diff --git a/2017/1xxx/CVE-2017-1784.json b/2017/1xxx/CVE-2017-1784.json index ca3cb7bd9cf..3eaba43cf0e 100644 --- a/2017/1xxx/CVE-2017-1784.json +++ b/2017/1xxx/CVE-2017-1784.json @@ -1,9 +1,9 @@ { "CVE_data_meta" : { - "ID" : "CVE-2017-1784", - "STATE" : "PUBLIC", "ASSIGNER" : "psirt@us.ibm.com", - "DATE_PUBLIC" : "2018-01-24T00:00:00" + "DATE_PUBLIC" : "2018-01-24T00:00:00", + "ID" : "CVE-2017-1784", + "STATE" : "PUBLIC" }, "affects" : { "vendor" : { @@ -49,39 +49,37 @@ ] } }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", - "value" : "IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858." + "value" : "IBM Cognos Analytics 11.0 could produce results in temporary files that contain highly sensitive information that can be read by a local user. IBM X-Force ID: 136858." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Obtain Information" + } + ] } ] }, "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561", - "name" : "IBM Security Bulletin 2011561 (Cognos Analytics)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858" }, { - "name" : "X-Force Vulnerability Report", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/136858" + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011561" } ] - }, - "data_format" : "MITRE", - "data_version" : "4.0", - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "value" : "Obtain Information", - "lang" : "eng" - } - ] - } - ] - }, - "data_type" : "CVE" + } } diff --git a/2017/4xxx/CVE-2017-4947.json b/2017/4xxx/CVE-2017-4947.json index f933a4cdd23..50f2dabea27 100644 --- a/2017/4xxx/CVE-2017-4947.json +++ b/2017/4xxx/CVE-2017-4947.json @@ -45,7 +45,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance." + "value" : "VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance." } ] }, diff --git a/2018/1xxx/CVE-2018-1364.json b/2018/1xxx/CVE-2018-1364.json index 7426d751074..c87ec218c75 100644 --- a/2018/1xxx/CVE-2018-1364.json +++ b/2018/1xxx/CVE-2018-1364.json @@ -1,4 +1,10 @@ { + "CVE_data_meta" : { + "ASSIGNER" : "psirt@us.ibm.com", + "DATE_PUBLIC" : "2018-01-25T00:00:00", + "ID" : "CVE-2018-1364", + "STATE" : "PUBLIC" + }, "affects" : { "vendor" : { "vendor_data" : [ @@ -34,21 +40,24 @@ ] } }, - "data_version" : "4.0", "data_format" : "MITRE", - "CVE_data_meta" : { - "ASSIGNER" : "psirt@us.ibm.com", - "ID" : "CVE-2018-1364", - "STATE" : "PUBLIC", - "DATE_PUBLIC" : "2018-01-25T00:00:00" + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449." + } + ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { - "value" : "Obtain Information", - "lang" : "eng" + "lang" : "eng", + "value" : "Obtain Information" } ] } @@ -57,21 +66,10 @@ "references" : { "reference_data" : [ { - "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012595", - "name" : "IBM Security Bulletin 2012595 (Content Navigator)" + "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137449" }, { - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/137449", - "name" : "X-Force Vulnerability Report" - } - ] - }, - "data_type" : "CVE", - "description" : { - "description_data" : [ - { - "value" : "IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 137449.", - "lang" : "eng" + "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012595" } ] }