admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-08 22:18:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2019-01-18 13:04:17 -05:00
parent 219746ecb1
commit 21d7863afa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 235 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
2019/3xxx/CVE-2019-3906.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3906",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Premisys Identicard 3.1.190",
"version" : {
"version_data" : [
{
"version_value" : "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-01",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-01"
}
]
}

50
2019/3xxx/CVE-2019-3907.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3907",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Premisys Identicard 3.1.190",
"version" : {
"version_data" : [
{
"version_value" : "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798 Hard-coded Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-01",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-01"
}
]
}

50
2019/3xxx/CVE-2019-3908.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3908",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Premisys Identicard 3.1.190",
"version" : {
"version_data" : [
{
"version_value" : "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-259 Hard-coded Password"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-01",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-01"
}
]
}

50
2019/3xxx/CVE-2019-3909.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3909",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Premisys Identicard 3.1.190",
"version" : {
"version_data" : [
{
"version_value" : "Premisys Identicard 3.1.190"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Default Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-01",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-01"
}
]
}

50
2019/3xxx/CVE-2019-3910.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ASSIGNER" : "vulnreport@tenable.com",
"ID" : "CVE-2019-3910",
"STATE" : "RESERVED"
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Crestron AM-100 Before 1.6.0.2",
"version" : {
"version_data" : [
{
"version_value" : "Crestron AM-100 Before 1.6.0.2"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
@ -11,7 +34,28 @@
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value" : "Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2019-02",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2019-02"
}
]
}