admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-19 16:00:52 +00:00
parent 14591610bc
commit 30ce9ee7f0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 386 additions and 372 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/13xxx/CVE-2019-13057.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190818 [SECURITY] [DLA 1891-1] openldap security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4078-2",
"url": "https://usn.ubuntu.com/4078-2/"
}
]
}

5
2019/13xxx/CVE-2019-13565.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190818 [SECURITY] [DLA 1891-1] openldap security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html"
},
{
"refsource": "UBUNTU",
"name": "USN-4078-2",
"url": "https://usn.ubuntu.com/4078-2/"
}
]
}

187
2019/6xxx/CVE-2019-6159.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "legacy System x IMM (IMM v1) firmware",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Christopher Arnold for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "legacy System x IMM (IMM v1) firmware",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-24785"
}
]
},
"solution": [
{
"lang": "eng",
"value": "A patch will not be available for this vulnerability as IMM (IMM v1) is approaching end of support.\n\nTo mitigate this vulnerability, users should:\n\nRestrict network access of the IMM web interface to only trusted networks.\nView IMM logs through an SSH session or the IMM web interface after disabling JavaScript in the web browser.\nSend IMM logs to a log management system that does not render JavaScript."
}
],
"source": {
"advisory": "LEN-24785",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo thanks Christopher Arnold for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability exists in various firmware versions of the legacy IBM System x IMM (IMM v1) embedded Baseboard Management Controller (BMC). This vulnerability could allow an unauthenticated user to cause JavaScript code to be stored in the IMM log which may then be executed in the user's web browser when IMM log records containing the JavaScript code are viewed. The JavaScript code is not executed on IMM itself. The later IMM2 (IMM v2) is not affected."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-24785",
"name": "https://support.lenovo.com/solutions/LEN-24785"
}
]
},
"solution": [
{
"lang": "eng",
"value": "A patch will not be available for this vulnerability as IMM (IMM v1) is approaching end of support.\n\nTo mitigate this vulnerability, users should:\n\nRestrict network access of the IMM web interface to only trusted networks.\nView IMM logs through an SSH session or the IMM web interface after disabling JavaScript in the web browser.\nSend IMM logs to a log management system that does not render JavaScript."
}
],
"source": {
"advisory": "LEN-24785",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6165.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PaperDisplay Hotkey Service",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "1.2.0.8"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Michael Bourque for reporting this issue. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PaperDisplay Hotkey Service",
"version": {
"version_data": [
{
"affected": "<=",
"version_value": "1.2.0.8"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27569"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Lenovo is not releasing updates to mitigate this vulnerability and users should uninstall PaperDisplay Hotkey Service. The Night light feature in Windows 10 provides similar functionality of the PaperDisplay Hotkey Service."
}
],
"source": {
"advisory": "LEN-27569",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Michael Bourque for reporting this issue. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A DLL search path vulnerability was reported in PaperDisplay Hotkey Service version 1.2.0.8 that could allow privilege escalation. Lenovo has ended support for PaperDisplay Hotkey software as the Night light feature introduced in Windows 10 Build 1703 provides similar features."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27569",
"name": "https://support.lenovo.com/solutions/LEN-27569"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Lenovo is not releasing updates to mitigate this vulnerability and users should uninstall PaperDisplay Hotkey Service. The Night light feature in Windows 10 provides similar functionality of the PaperDisplay Hotkey Service."
}
],
"source": {
"advisory": "LEN-27569",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6171.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Alex Matrosov and Alexandre Gazet for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-08T20:00:00.000Z",
"ID": "CVE-2019-6171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIOS",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Lenovo"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-27764"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to the version of BIOS (or later) described for your system in the Product Impact section of LEN-27764."
}
],
"source": {
"advisory": "LEN-27764",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Alex Matrosov and Alexandre Gazet for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was reported in various BIOS versions of older ThinkPad systems that could allow a user with administrative privileges or physical access the ability to update the Embedded Controller with unsigned firmware."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-27764",
"name": "https://support.lenovo.com/solutions/LEN-27764"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to the version of BIOS (or later) described for your system in the Product Impact section of LEN-27764."
}
],
"source": {
"advisory": "LEN-27764",
"discovery": "UNKNOWN"
}
}

187
2019/6xxx/CVE-2019-6178.json
View File

@ -1,95 +1,96 @@
{
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-16T20:00:00.000Z",
"ID": "CVE-2019-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAS products",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Iomega and LenovoEMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Rafael Pedrero for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@lenovo.com",
"DATE_PUBLIC": "2019-08-16T20:00:00.000Z",
"ID": "CVE-2019-6178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAS products",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "various"
}
]
}
}
]
},
"vendor_name": "Iomega and LenovoEMC"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/solutions/LEN-25557"
}
]
},
"solution": [
{
"lang": "eng",
"value": "To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks."
}
],
"source": {
"advisory": "LEN-25557",
"discovery": "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Lenovo would like to thank Rafael Pedrero for reporting this issue."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their contents."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://support.lenovo.com/solutions/LEN-25557",
"name": "https://support.lenovo.com/solutions/LEN-25557"
}
]
},
"solution": [
{
"lang": "eng",
"value": "To protect your device against this vulnerability, disable Personal Cloud. If Personal Cloud is enabled, avoid using sensitive share names and only use the device on trusted networks."
}
],
"source": {
"advisory": "LEN-25557",
"discovery": "UNKNOWN"
}
}