admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-12 15:00:55 +00:00
parent 4acda71d9d
commit 2e5eab9d36
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 614 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

184
2019/0xxx/CVE-2019-0304.json
View File

@ -1,17 +1,187 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0304",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0304",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL32UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64NUC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KRNL64UC)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.21EXT"
},
{
"version_name": "<",
"version_value": "7.22"
},
{
"version_name": "<",
"version_value": "7.22EXT"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.73"
}
]
}
},
{
"product_name": "SAP NetWeaver AS ABAP Platform(KERNEL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.21"
},
{
"version_name": "<",
"version_value": "7.45"
},
{
"version_name": "<",
"version_value": "7.49"
},
{
"version_name": "<",
"version_value": "7.53"
},
{
"version_name": "<",
"version_value": "7.73"
}
]
}
}
]
}
}
]
}
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inject code or specifically manipulated command that can be executed by the application. An attacker could thereby control the behaviour of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2719530",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2719530"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
} }
] ]
} }

84
2019/0xxx/CVE-2019-0305.json
View File

@ -1,17 +1,87 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0305",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0305",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Process Integration(SAP_XIESR and SAP_XITOOL)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10 to 7.11"
},
{
"version_name": "<",
"version_value": "7.2"
},
{
"version_name": "<",
"version_value": "7.3"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.4"
},
{
"version_name": "<",
"version_value": "7.5"
}
]
}
}
]
}
}
]
}
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Java Server Pages (JSPs) provided by the SAP NetWeaver Process Integration (SAP_XIESR and SAP_XITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability. Successful exploitation of this vulnerability leads to unwanted modification of user's data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Clickjacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2755502",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2755502"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
} }
] ]
} }

64
2019/0xxx/CVE-2019-0306.json
View File

@ -1,17 +1,67 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0306",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0306",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP HANA Extended Application Services (advanced model)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "SAP HANA Extended Application Services (advanced model), version 1, allows authenticated low privileged XS Advanced Platform users such as SpaceAuditors to execute requests to obtain a complete list of SAP HANA user IDs and names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2771128",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2771128"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
} }
] ]
} }

64
2019/0xxx/CVE-2019-0307.json
View File

@ -1,17 +1,67 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0307",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0307",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager(Diagnostics Agent)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.2"
}
]
}
}
]
}
}
]
}
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2772266",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2772266"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
} }
] ]
} }

80
2019/0xxx/CVE-2019-0308.json
View File

@ -1,17 +1,83 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-0308",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-0308",
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP E-Commerce (Business-to-Consumer application)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.3"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.32"
},
{
"version_name": "<",
"version_value": "7.33"
},
{
"version_name": "<",
"version_value": "7.54"
}
]
}
}
]
}
}
]
}
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "An authenticated attacker in SAP E-Commerce (Business-to-Consumer application), versions 7.3, 7.31, 7.32, 7.33, 7.54, can change the price of the product to zero and also checkout, by injecting an HTML code in the application that will be executed whenever the victim logs in to the application even on a different machine, leading to Code Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2773493",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2773493"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242"
} }
] ]
} }

5
2019/10xxx/CVE-2019-10157.json
View File

@ -48,6 +48,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10157",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "108734",
"url": "http://www.securityfocus.com/bid/108734"
} }
] ]
}, },

5
2019/12xxx/CVE-2019-12764.json
View File

@ -56,6 +56,11 @@
"url": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate", "url": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate",
"refsource": "MISC", "refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate" "name": "https://developer.joomla.org/security-centre/785-20190603-core-acl-hardening-of-com-joomlaupdate"
},
{
"refsource": "BID",
"name": "108729",
"url": "http://www.securityfocus.com/bid/108729"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12766.json
View File

@ -56,6 +56,11 @@
"url": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field", "url": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field",
"refsource": "MISC", "refsource": "MISC",
"name": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field" "name": "https://developer.joomla.org/security-centre/784-20190602-core-xss-in-subform-field"
},
{
"refsource": "BID",
"name": "108735",
"url": "http://www.securityfocus.com/bid/108735"
} }
] ]
} }

5
2019/3xxx/CVE-2019-3872.json
View File

@ -48,6 +48,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3872",
"refsource": "CONFIRM" "refsource": "CONFIRM"
},
{
"refsource": "BID",
"name": "108732",
"url": "http://www.securityfocus.com/bid/108732"
} }
] ]
}, },

58
2019/3xxx/CVE-2019-3946.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3946",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3946",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fuji Electric V-Server",
"version": {
"version_data": [
{
"version_value": "Versions prior to 6.0.33.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-27",
"url": "https://www.tenable.com/security/research/tra-2019-27"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Fuji Electric V-Server before 6.0.33.0 is vulnerable to denial of service via a crafted UDP message sent to port 8005. An unauthenticated, remote attacker can crash vserver.exe due to an integer overflow in the UDP message handling logic."
} }
] ]
} }

58
2019/3xxx/CVE-2019-3947.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3947",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-3947",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Fuji Electric V-Server",
"version": {
"version_data": [
{
"version_value": "Versions prior to 6.0.33.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Plaintext storage of credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-27",
"url": "https://www.tenable.com/security/research/tra-2019-27"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Fuji Electric V-Server before 6.0.33.0 stores database credentials in project files as plaintext. An attacker that can gain access to the project file can recover the database credentials and gain access to the database server."
} }
] ]
} }

58
2019/9xxx/CVE-2019-9676.json
View File

@ -1,17 +1,61 @@
{ {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0", "data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-9676",
"ASSIGNER": "cybersecurity@dahuatech.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX",
"version": {
"version_data": [
{
"version_value": "Build before 2018/11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.dahuasecurity.com/support/cybersecurity/details/617",
"url": "https://www.dahuasecurity.com/support/cybersecurity/details/617"
}
]
},
"description": { "description": {
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "Buffer overflow vulnerability found in some Dahua IP Camera devices IPC-HFW1XXX,IPC-HDW1XXX,IPC-HFW2XXX Build before 2018/11. The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability."
} }
] ]
} }