admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-07 19:00:50 +00:00
parent 68bb2de9d0
commit 06427f379a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 994 additions and 390 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/19xxx/CVE-2018-19456.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19456", "ID": "CVE-2018-19456",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "The WP Backup+ (aka WPbackupplus) plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:0021",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00006.html"
},
{
"refsource": "MISC",
"name": "https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/",
"url": "https://www.easyhack.in/2018/11/21/wordpress-plugin-database-backup-information-disclosure-vulnerability/"
} }
] ]
} }

58
2018/20xxx/CVE-2018-20503.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20503", "ID": "CVE-2018-20503",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Allied Telesis 8100L/8 devices allow XSS via the edit-ipv4_interface.php vlanid or subnet_mask parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151327/SirsiDynix-e-Library-3.5.x-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46237/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46237/"
},
{
"url": "https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "https://pentest.com.tr/exploits/Allied-Telesis-8100L-8-Cross-Site-Scripting.html"
} }
] ]
} }

60
2019/10xxx/CVE-2019-10742.json
View File

@ -4,14 +4,68 @@
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-10742", "ID": "CVE-2019-10742",
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "report@snyk.io",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "axios",
"product": {
"product_data": [
{
"product_name": "axios",
"version": {
"version_data": [
{
"version_value": "through 0.18.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505",
"url": "https://app.snyk.io/vuln/SNYK-JS-AXIOS-174505"
},
{
"refsource": "MISC",
"name": "https://github.com/axios/axios/issues/1098",
"url": "https://github.com/axios/axios/issues/1098"
},
{
"refsource": "MISC",
"name": "https://github.com/axios/axios/pull/1485",
"url": "https://github.com/axios/axios/pull/1485"
}
]
}, },
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Axios up to and including 0.18.0 allows attackers to cause a denial of service (application crash) by continuing to accepting content after maxContentLength is exceeded."
} }
] ]
} }

5
2019/10xxx/CVE-2019-10877.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2071", "url": "https://github.com/teeworlds/teeworlds/issues/2071",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2071" "name": "https://github.com/teeworlds/teeworlds/issues/2071"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
} }
] ]
} }

5
2019/10xxx/CVE-2019-10878.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2073", "url": "https://github.com/teeworlds/teeworlds/issues/2073",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2073" "name": "https://github.com/teeworlds/teeworlds/issues/2073"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
} }
] ]
} }

5
2019/10xxx/CVE-2019-10879.json
View File

@ -56,6 +56,11 @@
"url": "https://github.com/teeworlds/teeworlds/issues/2070", "url": "https://github.com/teeworlds/teeworlds/issues/2070",
"refsource": "MISC", "refsource": "MISC",
"name": "https://github.com/teeworlds/teeworlds/issues/2070" "name": "https://github.com/teeworlds/teeworlds/issues/2070"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-d29e04fa11",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5KCS2CFDYJFBLZ4QKVPNJWHOZEGQ2LBC/"
} }
] ]
} }

53
2019/7xxx/CVE-2019-7426.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7426", "ID": "CVE-2019-7426",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/linkdownalertConfig.jsp\" file in the groupDesc, groupName, groupID, or task parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/29"
} }
] ]
} }

53
2019/7xxx/CVE-2019-7427.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7427", "ID": "CVE-2019-7427",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone \"/netflow/jspui/linkdownalertConfig.jsp\" file in the autorefTime or graphTypes parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151585/Zoho-ManageEngine-Netflow-Analyzer-Professional-7.0.0.2-XSS.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Feb/29",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Feb/29"
} }
] ]
} }

73
2019/7xxx/CVE-2019-7443.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7443", "ID": "CVE-2019-7443",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00060.html"
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00065.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DAWLQKTUQJOAPXOFWJQAQCA4LVM2P45F/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXVUJNXB6QKGPT6YJPJSG3U2BIR5XK5Y/"
},
{
"url": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a",
"refsource": "MISC",
"name": "https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1124863",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1124863"
} }
] ]
} }

58
2019/7xxx/CVE-2019-7541.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7541", "ID": "CVE-2019-7541",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Rukovoditel through 2.4.1 allows XSS via a URL that lacks a module=users%2flogin substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151657/Rukovoditel-Project-Management-CRM-2.4.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151657/Rukovoditel-Project-Management-CRM-2.4.1-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46366/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46366/"
},
{
"url": "https://blog.rukovoditel.net/releases/",
"refsource": "MISC",
"name": "https://blog.rukovoditel.net/releases/"
} }
] ]
} }

48
2019/7xxx/CVE-2019-7564.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7564", "ID": "CVE-2019-7564",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An issue was discovered on Shenzhen Coship WM3300 WiFi Router 5.0.0.55 devices. The password reset functionality of the Wireless SSID doesn't require any type of authentication. By making a POST request to the regx/wireless/wl_security_2G.asp URI, the attacker can change the password of the Wi-FI network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151595/Coship-Wireless-Router-4.0.0.x-5.0.0.x-Authentication-Bypass.html"
} }
] ]
} }

68
2019/7xxx/CVE-2019-7687.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7687", "ID": "CVE-2019-7687",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "cgi-bin/qcmap_web_cgi on JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices has POST based reflected XSS via the Page parameter. No sanitization is performed for user input data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151654/Jiofi-4-JMR-1140-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151654/Jiofi-4-JMR-1140-Cross-Site-Scripting.html"
},
{
"url": "https://www.exploit-db.com/exploits/46363/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46363/"
},
{
"url": "https://drive.google.com/file/d/1EhW-XfjuQfy2scjKWW_heo-7nzKWffW6/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1EhW-XfjuQfy2scjKWW_heo-7nzKWffW6/view?usp=sharing"
},
{
"url": "https://drive.google.com/file/d/1GlDF8RCRepNLHrgfelTMsjsYUSZvXkhw/view?usp=sharing",
"refsource": "MISC",
"name": "https://drive.google.com/file/d/1GlDF8RCRepNLHrgfelTMsjsYUSZvXkhw/view?usp=sharing"
},
{
"refsource": "MISC",
"name": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7687-jiofi-4-jmr1140.html",
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7687-jiofi-4-jmr1140.html"
} }
] ]
} }

58
2019/7xxx/CVE-2019-7745.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7745", "ID": "CVE-2019-7745",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain the Wi-Fi password by making a cgi-bin/qcmap_web_cgi Page=GetWiFi_Setting request and then reading the wpa_security_key field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151655/Jiofi-4-JMR-1140-WiFi-Password-Cross-Site-Request-Forgery.html"
},
{
"url": "https://www.exploit-db.com/exploits/46364/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46364/"
},
{
"refsource": "MISC",
"name": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html",
"url": "https://jiosecuritybugs.blogspot.com/2019/02/cve-2019-7745-jiofi-4-jmr1140.html"
} }
] ]
} }

53
2019/7xxx/CVE-2019-7746.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7746", "ID": "CVE-2019-7746",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "JioFi 4 jmr1140 Amtel_JMR1140_R12.07 devices allow remote attackers to obtain an admin token by making a /cgi-bin/qcmap_auth type=getuser request and then reading the token field. This token value can then be used to change the Wi-Fi password or perform a factory reset."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151656/Jiofi-4-JMR-1140-Admin-Token-Disclosure-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151656/Jiofi-4-JMR-1140-Admin-Token-Disclosure-Cross-Site-Request-Forgery.html"
},
{
"url": "https://www.exploit-db.com/exploits/46365/",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/46365/"
} }
] ]
} }