admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-10 14:00:46 +00:00
parent c5bc95d305
commit 13e49adeb7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 685 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/14xxx/CVE-2018-14495.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14495",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vivotek FD8136 devices allow Remote Command Injection, aka \"another command injection vulnerability in our target device,\" a different issue than CVE-2018-14494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/",
"url": "https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/"
},
{
"refsource": "MISC",
"name": "https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/",
"url": "https://www.vdalabs.com/2018/08/06/professional-iot-hacking-series-hunting-remote-command-injection/"
}
]
}

53
2018/14xxx/CVE-2018-14496.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14496",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/",
"url": "https://www.vdalabs.com/2018/07/23/professional-iot-hacking-series-target-selection-firmware-analysis/"
},
{
"refsource": "MISC",
"name": "https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/",
"url": "https://www.vdalabs.com/2018/11/29/professional-iot-hacking-series-hunting-remote-memory-corruption/"
}
]
}

48
2018/17xxx/CVE-2018-17147.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17147",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Nagios XI before 5.5.4 has XSS in the auto login admin management page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT",
"refsource": "MISC",
"name": "https://assets.nagios.com/downloads/nagiosxi/CHANGES-5.TXT"
}
]
}

67
2018/20xxx/CVE-2018-20851.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpy before 2.2.0 allows agents to edit admins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818",
"refsource": "MISC",
"name": "https://github.com/helpyio/helpy/commit/a26dd854deb17e36a605f91a6f51d128e98d3818"
},
{
"url": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60",
"refsource": "MISC",
"name": "https://github.com/helpyio/helpy/compare/d64e97a...592bc60"
}
]
}
}

56
2019/10xxx/CVE-2019-10653.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-10653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Hsycms V1.1. There is a SQL injection vulnerability via a /news/*.html page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.cnblogs.com/7bit/articles/10551499.html",
"refsource": "MISC",
"name": "https://www.cnblogs.com/7bit/articles/10551499.html"
}
]
}

66
2019/12xxx/CVE-2019-12724.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Teclib News plugin through 1.5.2 for GLPI. It allows a stored XSS attack via the $_POST['name'] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/pluginsGLPI/news/blob/master/front/alert.form.php",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/news/blob/master/front/alert.form.php"
},
{
"url": "https://github.com/pluginsGLPI/news/pull/69",
"refsource": "MISC",
"name": "https://github.com/pluginsGLPI/news/pull/69"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/pluginsGLPI/news/releases/tag/1.5.3",
"url": "https://github.com/pluginsGLPI/news/releases/tag/1.5.3"
}
]
}

5
2019/12xxx/CVE-2019-12749.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1671",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1726",
"url": "https://access.redhat.com/errata/RHSA-2019:1726"
}
]
}

76
2019/13xxx/CVE-2019-13071.json Normal file
View File

@ -0,0 +1,76 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows an attacker to submit POST requests to any forms in the web application. This can be exploited by tricking an authenticated user into visiting an attacker controlled web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20190709 PowerPanel Business Edition 3.4.0 - Cross Site Request Forgery",
"url": "http://seclists.org/fulldisclosure/2019/Jul/11"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:R",
"version": "3.0"
}
}
}

7
2019/13xxx/CVE-2019-13074.json
View File

@ -53,7 +53,12 @@
"references": {
"reference_data": [
{
"refsource": "MISC",
"refsource": "CONFIRM",
"name": "https://forum.mikrotik.com/viewtopic.php?t=150045",
"url": "https://forum.mikrotik.com/viewtopic.php?t=150045"
},
{
"refsource": "CONFIRM",
"name": "https://mikrotik.com/download/changelogs/stable-release-tree",
"url": "https://mikrotik.com/download/changelogs/stable-release-tree"
}

62
2019/13xxx/CVE-2019-13224.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55",
"url": "https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55"
}
]
}
}

62
2019/13xxx/CVE-2019-13225.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression. Oniguruma issues often affect Ruby, as well as common optional libraries for PHP and Rust."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c",
"url": "https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c"
}
]
}
}

82
2019/13xxx/CVE-2019-13240.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in GLPI before 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/glpi-project/glpi/releases/tag/9.4.1",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/releases/tag/9.4.1"
},
{
"url": "https://github.com/glpi-project/glpi/compare/1783b78...8e621f6",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/compare/1783b78...8e621f6"
},
{
"url": "https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/commit/86a43ae47b3dd844947f40a2ffcf1a36e53dbba6"
},
{
"url": "https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7",
"refsource": "MISC",
"name": "https://github.com/glpi-project/glpi/commit/5da9f99b2d81713b1e36016b47ce656a33648bc7"
},
{
"refsource": "MISC",
"name": "https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_unsafe_reset.pdf",
"url": "https://www.synacktiv.com/ressources/advisories/GLPI_9.4.0_unsafe_reset.pdf"
}
]
}
}

62
2019/13xxx/CVE-2019-13396.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "http://getflightpath.com/node/2650",
"url": "http://getflightpath.com/node/2650"
}
]
}
}

5
2019/6xxx/CVE-2019-6634.json
View File

@ -57,6 +57,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K64855220",
"url": "https://support.f5.com/csp/article/K64855220"
},
{
"refsource": "BID",
"name": "109104",
"url": "http://www.securityfocus.com/bid/109104"
}
]
},

5
2019/8xxx/CVE-2019-8352.json
View File

@ -56,11 +56,6 @@
"refsource": "MISC",
"name": "https://www.securifera.com/advisories/CVE-2019-8352/",
"url": "https://www.securifera.com/advisories/CVE-2019-8352/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153189/IBM-Websphere-Application-Server-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/153189/IBM-Websphere-Application-Server-Remote-Code-Execution.html"
}
]
}