admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-05 19:00:48 +00:00
parent 0df129e4e4
commit 425d56dd79
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
8 changed files with 441 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2019/12xxx/CVE-2019-12494.json
View File

@ -1,18 +1,86 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12494",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12494",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/gardener/vpn/issues/40",
"refsource": "MISC",
"name": "https://github.com/gardener/vpn/issues/40"
},
{
"url": "https://github.com/gardener/gardener/pull/874",
"refsource": "MISC",
"name": "https://github.com/gardener/gardener/pull/874"
},
{
"refsource": "CONFIRM",
"name": "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A",
"url": "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:H/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:N",
"version": "3.0"
}
}
}

53
2019/6xxx/CVE-2019-6800.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6800",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TitanHQ SpamTitan through 7.03, a vulnerability exists in the spam rule update function. Updates are downloaded over HTTP, including scripts which are subsequently executed with root permissions. An attacker with a privileged network position is trivially able to inject arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.spamtitan.com/category/spamtitan-news/",
"url": "https://www.spamtitan.com/category/spamtitan-news/"
},
{
"refsource": "MISC",
"name": "https://write-up.github.io/CVE-2019-6800/",
"url": "https://write-up.github.io/CVE-2019-6800/"
}
]
}

58
2019/7xxx/CVE-2019-7671.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7671",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prima Systems FlexAir devices allow Authenticated Stored XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://applied-risk.com/labs/advisories",
"refsource": "MISC",
"name": "https://applied-risk.com/labs/advisories"
},
{
"refsource": "MISC",
"name": "https://applied-risk.com/index.php/download_file/view/199/165",
"url": "https://applied-risk.com/index.php/download_file/view/199/165"
},
{
"refsource": "MISC",
"name": "https://applied-risk.com/resources/ar-2019-007",
"url": "https://applied-risk.com/resources/ar-2019-007"
}
]
}

58
2019/7xxx/CVE-2019-7672.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7672",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Prima Systems FlexAir devices have Hard-coded Credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://applied-risk.com/labs/advisories",
"refsource": "MISC",
"name": "https://applied-risk.com/labs/advisories"
},
{
"refsource": "MISC",
"name": "https://applied-risk.com/index.php/download_file/view/199/165",
"url": "https://applied-risk.com/index.php/download_file/view/199/165"
},
{
"refsource": "MISC",
"name": "https://applied-risk.com/resources/ar-2019-007",
"url": "https://applied-risk.com/resources/ar-2019-007"
}
]
}

53
2019/8xxx/CVE-2019-8385.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8385",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Thomson Reuters Desktop Extensions 1.9.0.358. An unauthenticated directory traversal and local file inclusion vulnerability in the ThomsonReuters.Desktop.Service.exe and ThomsonReuters.Desktop.exe allows a remote attacker to list or enumerate sensitive contents of files via a \\.. to port 6677. Additionally, this could allow for privilege escalation by dumping the affected machine's SAM and SYSTEM database files, as well as remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/152298/Thomson-Reuters-Concourse-And-Firm-Central-Local-File-Inclusion-Directory-Traversal.html"
},
{
"url": "https://www.thomsonreuters.com/en/products-services.html",
"refsource": "MISC",
"name": "https://www.thomsonreuters.com/en/products-services.html"
}
]
}

53
2019/9xxx/CVE-2019-9156.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9156",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gemalto DS3 Authentication Server 2.6.1-SP01 allows OS Command Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html",
"refsource": "MISC",
"name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/May/6",
"url": "http://seclists.org/fulldisclosure/2019/May/6"
}
]
}

53
2019/9xxx/CVE-2019-9157.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9157",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gemalto DS3 Authentication Server 2.6.1-SP01 allows Local File Disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html",
"refsource": "MISC",
"name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/May/6",
"url": "http://seclists.org/fulldisclosure/2019/May/6"
}
]
}

53
2019/9xxx/CVE-2019-9158.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9158",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html",
"refsource": "MISC",
"name": "https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/May/6",
"url": "http://seclists.org/fulldisclosure/2019/May/6"
}
]
}