From 2089bee0e9efbf4aa6cfec862beb9ffafc3d7966 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 31 May 2019 22:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/1000xxx/CVE-2018-1000632.json | 5 +++ 2018/20xxx/CVE-2018-20815.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10038.json | 66 +++++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10045.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10046.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10047.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10048.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10049.json | 56 ++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10069.json | 61 ++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10123.json | 61 ++++++++++++++++++++++++--- 2019/5xxx/CVE-2019-5678.json | 58 ++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6725.json | 48 +++++++++++++++++++++- 2019/9xxx/CVE-2019-9105.json | 53 +++++++++++++++++++++++- 2019/9xxx/CVE-2019-9106.json | 53 +++++++++++++++++++++++- 2019/9xxx/CVE-2019-9653.json | 58 +++++++++++++++++++++++++- 15 files changed, 730 insertions(+), 69 deletions(-) diff --git a/2018/1000xxx/CVE-2018-1000632.json b/2018/1000xxx/CVE-2018-1000632.json index be92e130c04..fad395c6465 100644 --- a/2018/1000xxx/CVE-2018-1000632.json +++ b/2018/1000xxx/CVE-2018-1000632.json @@ -129,6 +129,11 @@ "refsource": "MLIST", "name": "[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)", "url": "https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)", + "url": "https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E" } ] } diff --git a/2018/20xxx/CVE-2018-20815.json b/2018/20xxx/CVE-2018-20815.json index 096deae38d0..37b3218e14f 100644 --- a/2018/20xxx/CVE-2018-20815.json +++ b/2018/20xxx/CVE-2018-20815.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2018-20815", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2018-20815", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17", + "refsource": "MISC", + "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=da885fe1ee8b4589047484bd7fa05a4905b52b17" } ] } diff --git a/2019/10xxx/CVE-2019-10038.json b/2019/10xxx/CVE-2019-10038.json index 042701d2668..bad19f078bf 100644 --- a/2019/10xxx/CVE-2019-10038.json +++ b/2019/10xxx/CVE-2019-10038.json @@ -1,17 +1,71 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10038", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10038", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing", + "refsource": "MISC", + "name": "https://drive.google.com/file/d/1cmWixK1vAh7oZ2y3Y3ZtVeSoTRp8c1Ts/view?usp=sharing" + }, + { + "refsource": "MISC", + "name": "https://evernote.com/security/updates", + "url": "https://evernote.com/security/updates" + }, + { + "refsource": "MISC", + "name": "https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html", + "url": "https://www.inputzero.io/2019/04/evernote-cve-2019-10038.html" } ] } diff --git a/2019/10xxx/CVE-2019-10045.json b/2019/10xxx/CVE-2019-10045.json index f9afdb7d74b..bf83298f666 100644 --- a/2019/10xxx/CVE-2019-10045.json +++ b/2019/10xxx/CVE-2019-10045.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10045", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10045", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The \"action\" get_sess_id in the web application of Pydio through 8.2.2 discloses the session cookie value in the response body, enabling scripts to get access to its value. This identifier can be reused by an attacker to impersonate a user and perform actions on behalf of him/her (if the session is still active)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.secureauth.com/labs/advisories", + "refsource": "MISC", + "name": "https://www.secureauth.com/labs/advisories" } ] } diff --git a/2019/10xxx/CVE-2019-10046.json b/2019/10xxx/CVE-2019-10046.json index eb7ccf91dad..1a052b93d2d 100644 --- a/2019/10xxx/CVE-2019-10046.json +++ b/2019/10xxx/CVE-2019-10046.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10046", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10046", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An unauthenticated attacker can obtain information about the Pydio 8.2.2 configuration including session timeout, libraries, and license information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.secureauth.com/labs/advisories", + "refsource": "MISC", + "name": "https://www.secureauth.com/labs/advisories" } ] } diff --git a/2019/10xxx/CVE-2019-10047.json b/2019/10xxx/CVE-2019-10047.json index dd7cf27a2ad..4e6de6bd250 100644 --- a/2019/10xxx/CVE-2019-10047.json +++ b/2019/10xxx/CVE-2019-10047.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10047", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10047", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored XSS vulnerability exists in the web application of Pydio through 8.2.2 that can be exploited by levering the file upload and file preview features of the application. An authenticated attacker can upload an HTML file containing JavaScript code and afterwards a file preview URL can be used to access the uploaded file. If a malicious user shares an uploaded HTML file containing JavaScript code with another user of the application, and tricks an authenticated victim into accessing a URL that results in the HTML code being interpreted by the web browser, then the included JavaScript code is executed under the context of the victim user session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.secureauth.com/labs/advisories", + "refsource": "MISC", + "name": "https://www.secureauth.com/labs/advisories" } ] } diff --git a/2019/10xxx/CVE-2019-10048.json b/2019/10xxx/CVE-2019-10048.json index 95c2a556e9e..f4a30068485 100644 --- a/2019/10xxx/CVE-2019-10048.json +++ b/2019/10xxx/CVE-2019-10048.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10048", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10048", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The ImageMagick plugin that is installed by default in Pydio through 8.2.2 does not perform the appropriate validation and sanitization of user supplied input in the plugin's configuration options, allowing arbitrary shell commands to be entered that result in command execution on the underlying operating system, with the privileges of the local user running the web server. The attacker must be authenticated into the application with an administrator user account in order to be able to edit the affected plugin configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.secureauth.com/labs/advisories", + "refsource": "MISC", + "name": "https://www.secureauth.com/labs/advisories" } ] } diff --git a/2019/10xxx/CVE-2019-10049.json b/2019/10xxx/CVE-2019-10049.json index 2a2fe8f3c47..a8af2ba01be 100644 --- a/2019/10xxx/CVE-2019-10049.json +++ b/2019/10xxx/CVE-2019-10049.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10049", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10049", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "It is possible for an attacker with regular user access to the web application of Pydio through 8.2.2 to trick an administrator user into opening a link shared through the application, that in turn opens a shared file that contains JavaScript code (that is executed in the context of the victim user to obtain sensitive information such as session identifiers and perform actions on behalf of him/her)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.secureauth.com/labs/advisories", + "refsource": "MISC", + "name": "https://www.secureauth.com/labs/advisories" } ] } diff --git a/2019/10xxx/CVE-2019-10069.json b/2019/10xxx/CVE-2019-10069.json index e15e30d0cc8..813c4df3027 100644 --- a/2019/10xxx/CVE-2019-10069.json +++ b/2019/10xxx/CVE-2019-10069.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10069", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10069", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Godot through 3.1, remote code execution is possible due to the deserialization policy not being applied correctly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://godotengine.org/news", + "refsource": "MISC", + "name": "https://godotengine.org/news" + }, + { + "refsource": "MISC", + "name": "https://github.com/godotengine/godot/pull/27398", + "url": "https://github.com/godotengine/godot/pull/27398" } ] } diff --git a/2019/10xxx/CVE-2019-10123.json b/2019/10xxx/CVE-2019-10123.json index 76f966cae77..be12373dcb0 100644 --- a/2019/10xxx/CVE-2019-10123.json +++ b/2019/10xxx/CVE-2019-10123.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10123", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10123", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL Injection in Advanced InfoData Systems (AIS) ESEL-Server 67 (which is the backend for the AIS logistics mobile app) allows an anonymous attacker to execute arbitrary code in the context of the user of the MSSQL database. The default user for the database is the 'sa' user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ais.de", + "refsource": "MISC", + "name": "https://www.ais.de" + }, + { + "refsource": "MISC", + "name": "https://github.com/rapid7/metasploit-framework/pull/11641/", + "url": "https://github.com/rapid7/metasploit-framework/pull/11641/" } ] } diff --git a/2019/5xxx/CVE-2019-5678.json b/2019/5xxx/CVE-2019-5678.json index d4f6a95f07e..3f48b1125d6 100644 --- a/2019/5xxx/CVE-2019-5678.json +++ b/2019/5xxx/CVE-2019-5678.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5678", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5678", + "ASSIGNER": "psirt@nvidia.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NVIDIA", + "product": { + "product_data": [ + { + "product_name": "NVIDIA GeForce Experience", + "version": { + "version_data": [ + { + "version_value": "3.19" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "code execution, denial of service, information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4806" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial of service or information disclosure." } ] } diff --git a/2019/6xxx/CVE-2019-6725.json b/2019/6xxx/CVE-2019-6725.json index 698b679c63d..ad4f3da33b8 100644 --- a/2019/6xxx/CVE-2019-6725.json +++ b/2019/6xxx/CVE-2019-6725.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6725", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The rpWLANRedirect.asp ASP page is accessible without authentication on ZyXEL P-660HN-T1 V2 (2.00(AAKK.3)) devices. After accessing the page, the admin user's password can be obtained by viewing the HTML source code, and the interface of the modem can be accessed as admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190531 Unauthorized Access Vulnerability in ZyXEL P-660HN-T1 V2 (2.00(AAKK.3))", + "url": "https://seclists.org/bugtraq/2019/May/78" } ] } diff --git a/2019/9xxx/CVE-2019-9105.json b/2019/9xxx/CVE-2019-9105.json index cafe673931a..cf6692c5048 100644 --- a/2019/9xxx/CVE-2019-9105.json +++ b/2019/9xxx/CVE-2019-9105.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9105", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to make several types of API calls without authentication, as demonstrated by retrieving password hashes via an inc/utils/REST_API.php?command=CallAPI&customurl=alladminusers call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf", + "refsource": "MISC", + "name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf" + }, + { + "url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/" } ] } diff --git a/2019/9xxx/CVE-2019-9106.json b/2019/9xxx/CVE-2019-9106.json index a1c23d2859b..de767a61f51 100644 --- a/2019/9xxx/CVE-2019-9106.json +++ b/2019/9xxx/CVE-2019-9106.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9106", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Small 05.01 build 1137 devices allows remote attackers to execute or include local .php files, as demonstrated by menu=php://filter/convert.base64-encode/resource=index.php to read index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf", + "refsource": "MISC", + "name": "https://www.saet.org/wp-content/uploads/2017/04/Depliant_TEBE-TEBE_Small.pdf" + }, + { + "url": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/", + "refsource": "MISC", + "name": "https://members.backbox.org/saet-tebe-small-supervisor-multiple-vulnerabilities/" } ] } diff --git a/2019/9xxx/CVE-2019-9653.json b/2019/9xxx/CVE-2019-9653.json index 554af14b78f..2a127c61bba 100644 --- a/2019/9xxx/CVE-2019-9653.json +++ b/2019/9xxx/CVE-2019-9653.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9653", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NUUO Network Video Recorder Firmware 1.7.x through 3.3.x allows unauthenticated attackers to execute arbitrary commands via shell metacharacters to handle_load_config.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.nuuo.com/DownloadMainpage.php", + "refsource": "MISC", + "name": "https://www.nuuo.com/DownloadMainpage.php" + }, + { + "url": "https://www.nccst.nat.gov.tw/NewsRSS?lang=en&RSSType=mssecurity", + "refsource": "MISC", + "name": "https://www.nccst.nat.gov.tw/NewsRSS?lang=en&RSSType=mssecurity" + }, + { + "refsource": "MISC", + "name": "https://github.com/grayoneday/CVE-2019-9653", + "url": "https://github.com/grayoneday/CVE-2019-9653" } ] }