admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-11 19:00:49 +00:00
parent e99fd18a67
commit 06683a68de
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
9 changed files with 304 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/6xxx/CVE-2018-6918.json
View File

@ -77,6 +77,11 @@
"refsource": "BUGTRAQ",
"name": "20190531 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"url": "https://seclists.org/bugtraq/2019/May/77"
},
{
"refsource": "FULLDISC",
"name": "20190611 APPLE-SA-2019-5-30-1 AirPort Base Station Firmware Update 7.9.1",
"url": "http://seclists.org/fulldisclosure/2019/Jun/6"
}
]
}

5
2018/7xxx/CVE-2018-7856.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/"
},
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767"
}
]
},

5
2019/12xxx/CVE-2019-12505.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153184/Inateck-2.4-GHz-Wireless-Presenter-WP1001-Keystroke-Injection.html",
"url": "http://packetstormsecurity.com/files/153184/Inateck-2.4-GHz-Wireless-Presenter-WP1001-Keystroke-Injection.html"
},
{
"refsource": "FULLDISC",
"name": "20190611 [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability",
"url": "http://seclists.org/fulldisclosure/2019/Jun/4"
}
]
}

5
2019/12xxx/CVE-2019-12749.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190611 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass",
"url": "http://www.openwall.com/lists/oss-security/2019/06/11/2"
},
{
"refsource": "UBUNTU",
"name": "USN-4015-1",
"url": "https://usn.ubuntu.com/4015-1/"
}
]
}

56
2019/12xxx/CVE-2019-12764.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.7. The update server URL of com_joomlaupdate can be manipulated by non Super-Admin users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate"
}
]
}

56
2019/12xxx/CVE-2019-12765.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.7. The CSV export of com_actionslogs is vulnerable to CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/783-20190601-core-csv-injection-in-com-actionlogs"
}
]
}

56
2019/12xxx/CVE-2019-12766.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Joomla! before 3.9.7. The subform fieldtype does not sufficiently filter or validate input of subfields. This leads to XSS attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field",
"refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field"
}
]
}

70
2019/3xxx/CVE-2019-3409.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3409",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE WF820+ LTE Outdoor CPE",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "UKBB_WF820+_1.0.0B06"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +35,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by command injection vulnerability. Due to inadequate parameter verification, unauthorized users can take advantage of this vulnerability to control the user terminal system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010662",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010662"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

70
2019/3xxx/CVE-2019-3410.json
View File

@ -1,8 +1,32 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "psirt@zte.com.cn",
"ID": "CVE-2019-3410",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZTE WF820+ LTE Outdoor CPE",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "UKBB_WF820+_1.0.0B06"
}
]
}
}
]
},
"vendor_name": "ZTE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +35,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "All versions up to UKBB_WF820+_1.0.0B06 of ZTE WF820+ LTE Outdoor CPE product are impacted by Cross-Site Request Forgery vulnerability,which stems from the fact that WEB applications do not adequately verify whether requests come from trusted users. An attacker can exploit this vulnerability to send unexpected requests to the server through the affected client."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010662",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010662"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}