diff --git a/2018/17xxx/CVE-2018-17937.json b/2018/17xxx/CVE-2018-17937.json index 3b809e015bb..f76e52dc2cd 100644 --- a/2018/17xxx/CVE-2018-17937.json +++ b/2018/17xxx/CVE-2018-17937.json @@ -62,6 +62,11 @@ "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-310-01" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190330 [SECURITY] [DLA 1738-1] gpsd security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00040.html" } ] } diff --git a/2019/10xxx/CVE-2019-10655.json b/2019/10xxx/CVE-2019-10655.json new file mode 100644 index 00000000000..70e20d7a032 --- /dev/null +++ b/2019/10xxx/CVE-2019-10655.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10655", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GAC2500 1.0.3.35, GXP2200 1.0.3.27, GVC3202 1.0.3.51, GXV3275 before 1.0.3.219 Beta, and GXV3240 before 1.0.3.219 Beta devices allow unauthenticated remote code execution via shell metacharacters in a /manager?action=getlogcat priority field, in conjunction with a buffer overflow (via the phonecookie cookie) to overwrite a data structure and consequently bypass authentication. This can be exploited via CSRF because the cookie can be placed in an Accept HTTP header in an XMLHttpRequest call to lighttpd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10656.json b/2019/10xxx/CVE-2019-10656.json new file mode 100644 index 00000000000..79cb685e69b --- /dev/null +++ b/2019/10xxx/CVE-2019-10656.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GWN7000 before 1.0.6.32 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/uci.apply update_nds_webroot_from_tmp API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10657.json b/2019/10xxx/CVE-2019-10657.json new file mode 100644 index 00000000000..2978d899c7f --- /dev/null +++ b/2019/10xxx/CVE-2019-10657.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10657", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GWN7000 before 1.0.6.32 and GWN7610 before 1.0.8.18 devices allow remote authenticated users to discover passwords via a /ubus/uci.apply config request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10658.json b/2019/10xxx/CVE-2019-10658.json new file mode 100644 index 00000000000..13c8fe80897 --- /dev/null +++ b/2019/10xxx/CVE-2019-10658.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GWN7610 before 1.0.8.18 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the filename in a /ubus/controller.icc.update_nds_webroot_from_tmp update_nds_webroot_from_tmp API call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10659.json b/2019/10xxx/CVE-2019-10659.json new file mode 100644 index 00000000000..ef69173b2cc --- /dev/null +++ b/2019/10xxx/CVE-2019-10659.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10659", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GXV3370 before 1.0.1.41 and WP820 before 1.0.3.6 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in a /manager?action=getlogcat priority field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10660.json b/2019/10xxx/CVE-2019-10660.json new file mode 100644 index 00000000000..c2e8f8d9986 --- /dev/null +++ b/2019/10xxx/CVE-2019-10660.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10660", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream GXV3611IR_HD before 1.0.3.23 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the /goform/systemlog?cmd=set logserver field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10661.json b/2019/10xxx/CVE-2019-10661.json new file mode 100644 index 00000000000..99d61f31024 --- /dev/null +++ b/2019/10xxx/CVE-2019-10661.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Grandstream GXV3611IR_HD before 1.0.3.23 devices, the root account lacks a password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10662.json b/2019/10xxx/CVE-2019-10662.json new file mode 100644 index 00000000000..89a7529c040 --- /dev/null +++ b/2019/10xxx/CVE-2019-10662.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to execute arbitrary code via shell metacharacters in the backupUCMConfig file-backup parameter to the /cgi? URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10663.json b/2019/10xxx/CVE-2019-10663.json new file mode 100644 index 00000000000..433c47720ec --- /dev/null +++ b/2019/10xxx/CVE-2019-10663.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-10663", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Grandstream UCM6204 before 1.0.19.20 devices allow remote authenticated users to conduct SQL injection attacks via the sord parameter in a listCodeblueGroup API call to the /cgi? URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1", + "refsource": "MISC", + "name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=23920&dl=1" + } + ] + } +} \ No newline at end of file