admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-07 21:00:51 +00:00
parent 70f8e0f269
commit 491c14b4d6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
18 changed files with 485 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2012/5xxx/CVE-2012-5784.json
View File

@ -101,6 +101,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1497",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1526",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html"
}
]
}

5
2014/3xxx/CVE-2014-3596.json
View File

@ -106,6 +106,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1497",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00007.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1526",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00022.html"
}
]
}

5
2018/15xxx/CVE-2018-15587.json
View File

@ -106,6 +106,11 @@
"refsource": "DEBIAN",
"name": "DSA-4457",
"url": "https://www.debian.org/security/2019/dsa-4457"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1528",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00024.html"
}
]
}

5
2019/0xxx/CVE-2019-0221.json
View File

@ -74,6 +74,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190606-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190606-0001/"
},
{
"refsource": "MISC",
"name": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/",
"url": "https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/"
}
]
},

5
2019/11xxx/CVE-2019-11068.json
View File

@ -96,6 +96,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1428",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00052.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1527",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
}
]
}

72
2019/12xxx/CVE-2019-12504.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12504",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt"
},
{
"refsource": "BUGTRAQ",
"name": "20190604 [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability",
"url": "https://seclists.org/bugtraq/2019/Jun/3"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html",
"url": "http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html"
}
]
}

72
2019/12xxx/CVE-2019-12505.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12505",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 v1.3C is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-007.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-007.txt"
},
{
"refsource": "BUGTRAQ",
"name": "20190604 [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability",
"url": "https://seclists.org/bugtraq/2019/Jun/2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153184/Inateck-2.4-GHz-Wireless-Presenter-WP1001-Keystroke-Injection.html",
"url": "http://packetstormsecurity.com/files/153184/Inateck-2.4-GHz-Wireless-Presenter-WP1001-Keystroke-Injection.html"
}
]
}

72
2019/12xxx/CVE-2019-12506.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12506",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote R-R0010 is prone to keystroke injection attacks. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, e.g., to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of this device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt"
},
{
"refsource": "BUGTRAQ",
"name": "20190604 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability",
"url": "https://seclists.org/bugtraq/2019/Jun/4"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html",
"url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html"
}
]
}

5
2019/3xxx/CVE-2019-3820.json
View File

@ -76,6 +76,11 @@
"refsource": "UBUNTU",
"name": "USN-3966-1",
"url": "https://usn.ubuntu.com/3966-1/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1529",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00023.html"
}
]
}

64
2019/3xxx/CVE-2019-3956.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3956",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3956",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Solarwinds Dameware Remote Mini Controller",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 12.1.0.34"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauth Remote Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-26",
"url": "https://www.tenable.com/security/research/tra-2019-26"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information."
}
]
}

64
2019/3xxx/CVE-2019-3957.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-3957",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-3957",
"ASSIGNER": "vulnreport@tenable.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Solarwinds Dameware Remote Mini Controller",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 12.1.0.34"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauth Remote Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tenable.com/security/research/tra-2019-26",
"url": "https://www.tenable.com/security/research/tra-2019-26"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information."
}
]
}

5
2019/5xxx/CVE-2019-5419.json
View File

@ -102,6 +102,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1289",
"url": "https://access.redhat.com/errata/RHSA-2019:1289"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1527",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
}
]
},

5
2019/6xxx/CVE-2019-6736.json
View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-157/"
},
{
"refsource": "CONFIRM",
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-exec-command-injection-remote-code-execution-vulnerability/",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-exec-command-injection-remote-code-execution-vulnerability/"
}
]
},

5
2019/6xxx/CVE-2019-6737.json
View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-158/"
},
{
"refsource": "CONFIRM",
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-openfile-arbitrary-file-write-remote-code-execution-vulnerability/",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-openfile-arbitrary-file-write-remote-code-execution-vulnerability/"
}
]
},

5
2019/6xxx/CVE-2019-6738.json
View File

@ -57,6 +57,11 @@
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/",
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-159/"
},
{
"refsource": "CONFIRM",
"name": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-launch-remote-code-execution-vulnerability/",
"url": "https://www.bitdefender.com/support/security-advisories/bitdefender-safepay-launch-remote-code-execution-vulnerability/"
}
]
},

53
2019/9xxx/CVE-2019-9084.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9084",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Hoteldruid before 2.3.1, a division by zero was discovered in $num_tabelle in tab_tariffe.php (aka the numtariffa1 parameter) due to the mishandling of non-numeric values, as demonstrated by the /tab_tariffe.php?anno=[YEAR]&numtariffa1=1a URI. It could allow an administrator to conduct remote denial of service (disrupting certain business functions of the product)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.hoteldruid.com/en/download.html",
"refsource": "MISC",
"name": "http://www.hoteldruid.com/en/download.html"
},
{
"refsource": "MISC",
"name": "https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Hoteldruid_before_v2.3.1.txt",
"url": "https://metamorfosec.com/Files/Advisories/METS-2019-005-A_division_by_zero_in_Hoteldruid_before_v2.3.1.txt"
}
]
}

53
2019/9xxx/CVE-2019-9086.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9086",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HotelDruid before v2.3.1 has SQL Injection via the /visualizza_tabelle.php anno parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.hoteldruid.com/en/download.html",
"refsource": "MISC",
"name": "http://www.hoteldruid.com/en/download.html"
},
{
"refsource": "MISC",
"name": "https://metamorfosec.com/Files/Advisories/METS-2019-007-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt",
"url": "https://metamorfosec.com/Files/Advisories/METS-2019-007-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt"
}
]
}

53
2019/9xxx/CVE-2019-9087.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9087",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "HotelDruid before v2.3.1 has SQL Injection via the /tab_tariffe.php numtariffa1 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.hoteldruid.com/en/download.html",
"refsource": "MISC",
"name": "http://www.hoteldruid.com/en/download.html"
},
{
"refsource": "MISC",
"name": "https://metamorfosec.com/Files/Advisories/METS-2019-008-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt",
"url": "https://metamorfosec.com/Files/Advisories/METS-2019-008-A_SQL_Injection_in_HotelDruid_before_v2.3.1.txt"
}
]
}