admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-21 16:00:42 +00:00
parent 9ef8b232a8
commit 111fa54077
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 804 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

410
2017/6xxx/CVE-2017-6865.json
View File

@ -1,42 +1,408 @@
{ {
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-6865", "ID": "CVE-2017-6865",
"ASSIGNER": "productcert@siemens.com",
"STATE": "PUBLIC" "STATE": "PUBLIC"
}, },
"affects": { "affects": {
"vendor": { "vendor": {
"vendor_data": [ "vendor_data": [
{ {
"vendor_name": "Siemens AG",
"product": { "product": {
"product_data": [ "product_data": [
{ {
"product_name": "Siemens Industrial Products", "product_name": "Primary Setup Tool (PST)",
"version": { "version": {
"version_data": [ "version_data": [
{ {
"version_value": "Siemens Industrial Products" "version_value": "All versions < V4.2 HF1"
} }
] ]
} }
} }
] ]
},
"vendor_name": "n/a"
}
]
} }
}, },
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{ {
"lang": "eng", "vendor_name": "Siemens AG",
"value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover." "product": {
"product_data": [
{
"product_name": "SIMATIC Automation Tool",
"version": {
"version_data": [
{
"version_value": "All versions < V3.0"
} }
] ]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC NET PC-Software",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.1",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC PCS 7 V8.2",
"version": {
"version_data": [
{
"version_value": "All versions < V8.2 SP1"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions < V13 SP2"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC STEP 7 V5.X",
"version": {
"version_data": [
{
"version_value": "All versions < V5.6"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinAC RTX 2010 SP2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinAC RTX F 2010 SP2",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC (TIA Portal) V13",
"version": {
"version_data": [
{
"version_value": "All versions < V13 SP2"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC (TIA Portal) V14",
"version": {
"version_data": [
{
"version_value": "All versions < V14 SP1"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.2 and prior",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.3",
"version": {
"version_data": [
{
"version_value": "All versions < V7.3 Update 15"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC V7.4",
"version": {
"version_data": [
{
"version_value": "All versions < V7.4 SP1 Upd1"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SIMATIC WinCC flexible 2008",
"version": {
"version_data": [
{
"version_value": "All versions < flexible 2008 SP5"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SINAUT ST7CC",
"version": {
"version_data": [
{
"version_value": "All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SINEMA Server",
"version": {
"version_data": [
{
"version_value": "All versions < V14"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SINUMERIK 808D Programming Tool",
"version": {
"version_data": [
{
"version_value": "All versions < V4.7 SP4 HF2"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "SMART PC Access",
"version": {
"version_data": [
{
"version_value": "All versions < V2.3"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "STEP 7 - Micro/WIN SMART",
"version": {
"version_data": [
{
"version_value": "All versions < V2.3"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0"
}
]
}
}
]
}
},
{
"vendor_name": "Siemens AG",
"product": {
"product_data": [
{
"product_name": "Security Configuration Tool (SCT)",
"version": {
"version_data": [
{
"version_value": "All versions < V5.0"
}
]
}
}
]
}
}
]
}
}, },
"problemtype": { "problemtype": {
"problemtype_data": [ "problemtype_data": [
@ -44,7 +410,7 @@
"description": [ "description": [
{ {
"lang": "eng", "lang": "eng",
"value": "CWE-20: Improper Input Validation" "value": "Other"
} }
] ]
} }
@ -53,14 +419,22 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf",
"refsource": "CONFIRM", "refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf" "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-275839.pdf"
}, },
{ {
"name": "98366",
"refsource": "BID", "refsource": "BID",
"url": "http://www.securityfocus.com/bid/98366" "name": "98366",
"url": "https://www.securityfocus.com/bid/98366"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1), SIMATIC STEP 7 V5.X (All versions < V5.6), SIMATIC WinAC RTX 2010 SP2 (All versions), SIMATIC WinAC RTX F 2010 SP2 (All versions), SIMATIC WinCC (TIA Portal) V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) V14 (All versions < V14 SP1), SIMATIC WinCC V7.2 and prior (All versions), SIMATIC WinCC V7.3 (All versions < V7.3 Update 15), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Upd1), SIMATIC WinCC flexible 2008 (All versions < flexible 2008 SP5), SINAUT ST7CC (All versions installed in conjunction with SIMATIC WinCC < V7.3 Update 15), SINEMA Server (All versions < V14), SINUMERIK 808D Programming Tool (All versions < V4.7 SP4 HF2), SMART PC Access (All versions < V2.3), STEP 7 - Micro/WIN SMART (All versions < V2.3), Security Configuration Tool (SCT) (All versions < V5.0). Specially crafted PROFINET DCP broadcast packets sent to the affected products on a local Ethernet segment (Layer 2) could cause a Denial-of-Service condition of some services. The services require manual restart to recover."
} }
] ]
} }

5
2018/17xxx/CVE-2018-17456.json
View File

@ -126,6 +126,11 @@
"refsource": "BID", "refsource": "BID",
"name": "107511", "name": "107511",
"url": "http://www.securityfocus.com/bid/107511" "url": "http://www.securityfocus.com/bid/107511"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20234.json
View File

@ -72,6 +72,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities", "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/Mar/30" "url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20235.json
View File

@ -72,6 +72,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities", "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/Mar/30" "url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
} }
] ]
} }

5
2018/20xxx/CVE-2018-20236.json
View File

@ -72,6 +72,11 @@
"refsource": "BUGTRAQ", "refsource": "BUGTRAQ",
"name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities", "name": "20190320 March 2019 Sourcetree Advisory - Multiple Remote Code Execution Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/Mar/30" "url": "https://seclists.org/bugtraq/2019/Mar/30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
"url": "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html"
} }
] ]
} }

58
2018/3xxx/CVE-2018-3963.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3963",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3963",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0627"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable command injection vulnerability exists in the DHCP daemon configuration of the CUJO Smart Firewall. When adding a new static DHCP address, its corresponding hostname is inserted into the dhcpd.conf file without prior sanitization, allowing for arbitrary execution of system commands. To trigger this vulnerability, an attacker can send a DHCP request message and set up the corresponding static DHCP entry."
} }
] ]
} }

58
2018/3xxx/CVE-2018-3969.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3969",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3969",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "permissions, privileges, and access controls"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0634",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0634"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable vulnerability exists in the verified boot protection of the CUJO Smart Firewall. It is possible to add arbitrary shell commands into the dhcpd.conf file, that persist across reboots and firmware updates, and thus allow for executing unverified commands. To trigger this vulnerability, a local attacker needs to be able to write into /config/dhcpd.conf."
} }
] ]
} }

58
2018/3xxx/CVE-2018-3985.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3985",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3985",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0653"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable double free vulnerability exists in the mdnscap binary of the CUJO Smart Firewall. When parsing mDNS packets, a memory space is freed twice if an invalid query name is encountered, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
} }
] ]
} }

58
2018/4xxx/CVE-2018-4003.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4003",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4003",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0672",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0672"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
} }
] ]
} }

58
2018/4xxx/CVE-2018-4011.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4011",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer underflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0681"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable integer underflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall, version 7003. When parsing SRV records in an mDNS packet, the \"RDLENGTH\" value is handled incorrectly, leading to an out-of-bounds access that crashes the mdnscap process. An unauthenticated attacker can send an mDNS message to trigger this vulnerability."
} }
] ]
} }

58
2018/4xxx/CVE-2018-4030.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4030",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-4030",
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CUJO",
"version": {
"version_data": [
{
"version_value": "CUJO Smart Firewall - Firmware version 7003"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "'HTTP Request Smuggling"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0702",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0702"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The \"Host\" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability."
} }
] ]
} }

5
2018/8xxx/CVE-2018-8088.json
View File

@ -196,6 +196,11 @@
"refsource": "MLIST", "refsource": "MLIST",
"name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4", "name": "[infra-devnull] 20190321 [GitHub] [tika] dadoonet opened pull request #268: Update slf4j to 1.8.0-beta4",
"url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E" "url": "https://lists.apache.org/thread.html/956ba8e76b6793a6670b2eb0129a5e3003ce2124ca3130fd57d48d0f@%3Cdevnull.infra.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[infra-devnull] 20190321 [GitHub] [tika] grossws commented on issue #268: Update slf4j to 1.8.0-beta4",
"url": "https://lists.apache.org/thread.html/95ce76613c869dbccf1d3d29327099ccc71aeec156f76c30853044fa@%3Cdevnull.infra.apache.org%3E"
} }
] ]
} }

5
2018/9xxx/CVE-2018-9128.json
View File

@ -61,6 +61,11 @@
"name": "44438", "name": "44438",
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44438/" "url": "https://www.exploit-db.com/exploits/44438/"
},
{
"refsource": "EXPLOIT-DB",
"name": "46584",
"url": "https://www.exploit-db.com/exploits/46584/"
} }
] ]
} }

5
2019/6xxx/CVE-2019-6279.json
View File

@ -66,6 +66,11 @@
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"name": "46580", "name": "46580",
"url": "https://www.exploit-db.com/exploits/46580/" "url": "https://www.exploit-db.com/exploits/46580/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152166/PLC-Wireless-Router-GPN2.4P21-C-CN-Incorrect-Access-Control.html",
"url": "http://packetstormsecurity.com/files/152166/PLC-Wireless-Router-GPN2.4P21-C-CN-Incorrect-Access-Control.html"
} }
] ]
} }

5
2019/6xxx/CVE-2019-6282.json
View File

@ -66,6 +66,11 @@
"refsource": "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"name": "46581", "name": "46581",
"url": "https://www.exploit-db.com/exploits/46581/" "url": "https://www.exploit-db.com/exploits/46581/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152167/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/152167/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Request-Forgery.html"
} }
] ]
} }

48
2019/6xxx/CVE-2019-6491.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6491", "ID": "CVE-2019-6491",
"STATE": "RESERVED" "STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,8 +11,52 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "RISI Gestao de Horarios v3201.09.08 rev.23 allows SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
} }
] ]
} }
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.0x90.zone/web/sqli/2019/02/01/risi-gestaohorario.html",
"url": "https://www.0x90.zone/web/sqli/2019/02/01/risi-gestaohorario.html"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
} }

18
2019/9xxx/CVE-2019-9899.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9899",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}