"-Synchronized-Data."

This commit is contained in:
CVE Team 2019-12-11 23:00:58 +00:00
parent 6b9779d53b
commit 1d2acbea9d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 497 additions and 42 deletions

View File

@ -286,6 +286,11 @@
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210793",
"url": "https://support.apple.com/kb/HT210793"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210795",
"url": "https://support.apple.com/kb/HT210795"
}
]
}

View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-17087",
"ASSIGNER": "security@suse.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Micro Focus International",
"product": {
"product_data": [
{
"product_name": "AcuToWeb",
"version": {
"version_data": [
{
"version_value": "All supported versions"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized file download."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://softwaresupport.softwaregrp.com/doc/KM03569662",
"url": "https://softwaresupport.softwaregrp.com/doc/KM03569662"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unauthorized file download vulnerability in all supported versions of Micro Focus AcuToWeb. The vulnerability could be exploited to enumerate and download files from the filesystem of the system running AcuToWeb, with the privileges of the account AcuToWeb is running under."
}
]
}
}

View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18232",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "SafeNet Sentinel LDK License Manager Runtime",
"version": {
"version_data": [
{
"version_value": "All versions prior to 7.101(only Microsoft Windows versions are affected)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LINK RESOLUTION BEFORE FILE ACCESS ('LINK FOLLOWING') CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-339-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-339-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "SafeNet Sentinel LDK License Manager, all versions prior to 7.101(only Microsoft Windows versions are affected) is vulnerable when configured as a service. This vulnerability may allow an attacker with local access to create, write, and/or delete files in system folder using symbolic links, leading to a privilege escalation. This vulnerability could also be used by an attacker to execute a malicious DLL, which could impact the integrity and availability of the system."
}
]
}
}

View File

@ -0,0 +1,62 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-18245",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Reliable Controls LicenseManager",
"version": {
"version_data": [
{
"version_value": "Versions 3.4 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-337-01",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-337-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application."
}
]
}
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3983",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3983",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient UART Protections"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary code and commands on the device due to insufficient UART protections."
}
]
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3985",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3985",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the ssid parameter."
}
]
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3986",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3986",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the encryption parameter."
}
]
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3987",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3987",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the key parameter."
}
]
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3988",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3988",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when configuring the devices wifi configuration via the bssid parameter."
}
]
}

View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3989",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3989",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Amazon's Blink XT2 Sync Module",
"version": {
"version_data": [
{
"version_value": "All firmware versions prior to version 2.13.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/research/tra-2019-51",
"url": "https://www.tenable.com/security/research/tra-2019-51"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Blink XT2 Sync Module firmware prior to 2.13.11 allows remote attackers to execute arbitrary commands on the device due to improperly sanitized input when retrieving internal network configuration data."
}
]
}