admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-07 19:00:50 +00:00
parent 68bb2de9d0
commit 06427f379a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 994 additions and 390 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/19xxx/CVE-2018-19456.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19456",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:0021",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00006.html"
},
{
"refsource": "MISC",
"name": "https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/",
"url": "https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/"
}
]
}

58
2018/20xxx/CVE-2018-20503.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20503",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46237/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46237/"
},
{
"url": "https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html"
}
]
}

194
2018/2xxx/CVE-2018-2001.json
View File

@ -1,99 +1,99 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "7.0.5"
},
{
"version_value" : "7.0.4"
},
{
"version_value" : "6.2.0"
},
{
"version_value" : "6.1.1"
}
]
},
"product_name" : "Cram Social Program Management"
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10883184",
"refsource" : "CONFIRM",
"title" : "IBM Security Bulletin 883184 (Cram Social Program Management)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name" : "ibm-curam-cve20182001-csrf (154891)",
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
},
"BM" : {
"A" : "N",
"AC" : "L",
"SCORE" : "4.300",
"UI" : "R",
"S" : "U",
"PR" : "N",
"C" : "N",
"I" : "L",
"AV" : "N"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "7.0.5"
},
{
"version_value": "7.0.4"
},
{
"version_value": "6.2.0"
},
{
"version_value": "6.1.1"
}
]
},
"product_name": "Cram Social Program Management"
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-05-03T00:00:00",
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-2001"
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10883184",
"refsource": "CONFIRM",
"title": "IBM Security Bulletin 883184 (Cram Social Program Management)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10883184"
},
{
"name": "ibm-curam-cve20182001-csrf (154891)",
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/154891"
}
]
},
"impact": {
"cvssv3": {
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
},
"BM": {
"A": "N",
"AC": "L",
"SCORE": "4.300",
"UI": "R",
"S": "U",
"PR": "N",
"C": "N",
"I": "L",
"AV": "N"
}
}
},
"description": {
"description_data": [
{
"value": "IBM Cram Social Program Management 6.1.1, 6.2.0, 7.0.4, and 7.0.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154891.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-05-03T00:00:00",
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-2001"
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE"
}

178
2018/2xxx/CVE-2018-2008.json
View File

@ -1,93 +1,93 @@
{
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10879463",
"title" : "IBM Security Bulletin 879463 (TRIRIGA Application Platform)",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10879463"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/155146",
"name" : "ibm-tririga-cve20182008-info-disc (155146)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"references": {
"reference_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"version" : {
"version_data" : [
{
"version_value" : "3.5.3"
},
{
"version_value" : "3.6.0"
}
]
},
"product_name" : "TRIRIGA Application Platform"
}
]
}
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10879463",
"title": "IBM Security Bulletin 879463 (TRIRIGA Application Platform)",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10879463"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/155146",
"name": "ibm-tririga-cve20182008-info-disc (155146)"
}
]
}
},
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146."
}
]
},
"impact" : {
"cvssv3" : {
"TM" : {
"RC" : "C",
"RL" : "O",
"E" : "U"
},
"BM" : {
"AC" : "L",
"A" : "N",
"UI" : "N",
"SCORE" : "4.300",
"S" : "U",
"PR" : "L",
"C" : "L",
"AV" : "N",
"I" : "N"
}
}
},
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-05-06T00:00:00",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2018-2008",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"version": {
"version_data": [
{
"version_value": "3.5.3"
},
{
"version_value": "3.6.0"
}
]
},
"product_name": "TRIRIGA Application Platform"
}
]
}
}
]
}
]
},
"data_version" : "4.0",
"data_format" : "MITRE",
"data_type" : "CVE"
}
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 could disclose sensitive information to an authenticated user that could aid in further attacks against the system. IBM X-Force ID: 155146."
}
]
},
"impact": {
"cvssv3": {
"TM": {
"RC": "C",
"RL": "O",
"E": "U"
},
"BM": {
"AC": "L",
"A": "N",
"UI": "N",
"SCORE": "4.300",
"S": "U",
"PR": "L",
"C": "L",
"AV": "N",
"I": "N"
}
}
},
"CVE_data_meta": {
"DATE_PUBLIC": "2019-05-06T00:00:00",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2018-2008",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"data_version": "4.0",
"data_format": "MITRE",
"data_type": "CVE"
}

60
2019/10xxx/CVE-2019-10742.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10742",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "report@snyk.io",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "axios",
"product": {
"product_data": [
{
"product_name": "axios",
"version": {
"version_data": [
{
"version_value": "through 0.18.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505",
"url": "https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505"
},
{
"refsource": "MISC",
"name": "https://github.com/axios/axios/issues/1098",
"url": "https://github.com/axios/axios/issues/1098"
},
{
"refsource": "MISC",
"name": "https://github.com/axios/axios/pull/1485",
"url": "https://github.com/axios/axios/pull/1485"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded."
}
]
}

5
2019/10xxx/CVE-2019-10877.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2071",
"refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2071"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
}
]
}

5
2019/10xxx/CVE-2019-10878.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2073",
"refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2073"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
}
]
}

5
2019/10xxx/CVE-2019-10879.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2070",
"refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2070"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
}
]
}

182
2019/4xxx/CVE-2019-4207.json
View File

@ -1,93 +1,93 @@
{
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "TRIRIGA Application Platform",
"version" : {
"version_data" : [
{
"version_value" : "3.5.3"
},
{
"version_value" : "3.6.0"
}
]
}
}
]
}
}
]
}
},
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880261 (TRIRIGA Application Platform)",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10880261",
"refsource" : "CONFIRM",
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10880261"
},
{
"name" : "ibm-tririga-cve20194207-info-disc (159128)",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159128",
"refsource" : "XF"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"AV" : "L",
"I" : "N",
"C" : "L",
"PR" : "N",
"AC" : "L",
"A" : "N",
"SCORE" : "4.000",
"S" : "U",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"description" : {
"description_data" : [
{
"value" : "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.",
"lang" : "eng"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "TRIRIGA Application Platform",
"version": {
"version_data": [
{
"version_value": "3.5.3"
},
{
"version_value": "3.6.0"
}
]
}
}
]
}
}
]
}
]
},
"CVE_data_meta" : {
"STATE" : "PUBLIC",
"ASSIGNER" : "psirt@us.ibm.com",
"ID" : "CVE-2019-4207",
"DATE_PUBLIC" : "2019-05-03T00:00:00"
},
"data_version" : "4.0",
"data_type" : "CVE",
"data_format" : "MITRE"
}
}
},
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880261 (TRIRIGA Application Platform)",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10880261",
"refsource": "CONFIRM",
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10880261"
},
{
"name": "ibm-tririga-cve20194207-info-disc (159128)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159128",
"refsource": "XF"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"AV": "L",
"I": "N",
"C": "L",
"PR": "N",
"AC": "L",
"A": "N",
"SCORE": "4.000",
"S": "U",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"description": {
"description_data": [
{
"value": "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 may disclose sensitive information only available to a local user that could be used in further attacks against the system. IBM X-Force ID: 159148.",
"lang": "eng"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
},
"CVE_data_meta": {
"STATE": "PUBLIC",
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2019-4207",
"DATE_PUBLIC": "2019-05-03T00:00:00"
},
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE"
}

180
2019/4xxx/CVE-2019-4208.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"DATE_PUBLIC" : "2019-05-03T00:00:00",
"ID" : "CVE-2019-4208",
"ASSIGNER" : "psirt@us.ibm.com",
"STATE" : "PUBLIC"
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"value" : "Obtain Information",
"lang" : "eng"
}
]
}
]
},
"description" : {
"description_data" : [
{
"value" : "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.",
"lang" : "eng"
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"C" : "H",
"AV" : "N",
"I" : "N",
"AC" : "L",
"A" : "L",
"SCORE" : "7.100",
"UI" : "N",
"S" : "U",
"PR" : "L"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"references" : {
"reference_data" : [
{
"title" : "IBM Security Bulletin 880263 (TRIRIGA Application Platform)",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10880263",
"refsource" : "CONFIRM",
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10880263"
},
{
"refsource" : "XF",
"title" : "X-Force Vulnerability Report",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/159129",
"name" : "ibm-tririga-cve20194208-xxe (159129)"
}
]
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"DATE_PUBLIC": "2019-05-03T00:00:00",
"ID": "CVE-2019-4208",
"ASSIGNER": "psirt@us.ibm.com",
"STATE": "PUBLIC"
},
"problemtype": {
"problemtype_data": [
{
"vendor_name" : "IBM",
"product" : {
"product_data" : [
{
"product_name" : "TRIRIGA Application Platform",
"version" : {
"version_data" : [
{
"version_value" : "3.5.3"
},
{
"version_value" : "3.6.0"
}
]
}
}
]
}
"description": [
{
"value": "Obtain Information",
"lang": "eng"
}
]
}
]
}
}
}
]
},
"description": {
"description_data": [
{
"value": "IBM TRIRIGA Application Platform 3.5.3 and 3.6.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 159129.",
"lang": "eng"
}
]
},
"impact": {
"cvssv3": {
"BM": {
"C": "H",
"AV": "N",
"I": "N",
"AC": "L",
"A": "L",
"SCORE": "7.100",
"UI": "N",
"S": "U",
"PR": "L"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"references": {
"reference_data": [
{
"title": "IBM Security Bulletin 880263 (TRIRIGA Application Platform)",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10880263",
"refsource": "CONFIRM",
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10880263"
},
{
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159129",
"name": "ibm-tririga-cve20194208-xxe (159129)"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IBM",
"product": {
"product_data": [
{
"product_name": "TRIRIGA Application Platform",
"version": {
"version_data": [
{
"version_value": "3.5.3"
},
{
"version_value": "3.6.0"
}
]
}
}
]
}
}
]
}
}
}

53
2019/7xxx/CVE-2019-7426.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7426",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/linkdownalertConfig.jsp\" file in the groupDesc, groupName, groupID, or task parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/29"
}
]
}

53
2019/7xxx/CVE-2019-7427.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7427",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/linkdownalertConfig.jsp\" file in the autorefTime or graphTypes parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/29"
}
]
}

73
2019/7xxx/CVE-2019-7443.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7443",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
"refsource": "MISC",
"name": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
}
]
}

58
2019/7xxx/CVE-2019-7541.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7541",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151657/Rukovoditel-Project-Management-CRM-2.4.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151657/Rukovoditel-Project-Management-CRM-2.4.1-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46366/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46366/"
},
{
"url": "https://blog.rukovoditel.net/releases/",
"refsource": "MISC",
"name": "https://blog.rukovoditel.net/releases/"
}
]
}

48
2019/7xxx/CVE-2019-7564.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7564",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html"
}
]
}

68
2019/7xxx/CVE-2019-7687.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7687",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151654/Jiofi-4-JMR-1140-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151654/Jiofi-4-JMR-1140-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46363/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46363/"
},
{
"url": "https://drive.google.com/file/d/1EhW-XfjuQfy2scjKWW_heo-7nzKWffW6/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1EhW-XfjuQfy2scjKWW_heo-7nzKWffW6/view?usp=sharing"
},
{
"url": "https://drive.google.com/file/d/1GlDF8RCRepNLHrgfelTMsjsYUSZvXkhw/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1GlDF8RCRepNLHrgfelTMsjsYUSZvXkhw/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7687-jiofi-4-jmr1140.html",
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7687-jiofi-4-jmr1140.html"
}
]
}

58
2019/7xxx/CVE-2019-7745.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7745",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html"
},
{
"url": "https://www.exploit-db.com/exploits/46364/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46364/"
},
{
"refsource": "MISC",
"name": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html",
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html"
}
]
}

53
2019/7xxx/CVE-2019-7746.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7746",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151656/Jiofi-4-JMR-1140-Admin-Token-Disclosure-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151656/Jiofi-4-JMR-1140-Admin-Token-Disclosure-Cross-Site-Request-Forgery.html"
},
{
"url": "https://www.exploit-db.com/exploits/46365/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46365/"
}
]
}