From 49b6823a922638db30786696fafe968fc9a6b1d8 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 18:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/3xxx/CVE-2019-3495.json | 58 ++++++++++++++++++++++++++++++++++-- 2019/3xxx/CVE-2019-3496.json | 58 ++++++++++++++++++++++++++++++++++-- 2019/3xxx/CVE-2019-3497.json | 58 ++++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9634.json | 5 ++++ 2019/9xxx/CVE-2019-9658.json | 5 ++++ 2019/9xxx/CVE-2019-9735.json | 5 ++++ 6 files changed, 183 insertions(+), 6 deletions(-) diff --git a/2019/3xxx/CVE-2019-3495.json b/2019/3xxx/CVE-2019-3495.json index 5f18fd89cda..bf40fd05134 100644 --- a/2019/3xxx/CVE-2019-3495.json +++ b/2019/3xxx/CVE-2019-3495.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-3495", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. network/mesh/edit-nds.php is vulnerable to arbitrary file upload, allowing an attacker to upload .php files and execute code on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html" + }, + { + "refsource": "MLIST", + "name": "[fulldisclosure] 20190106 Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x", + "url": "http://seclists.org/fulldisclosure/2019/Jan/23" + }, + { + "refsource": "MISC", + "name": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/", + "url": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/" } ] } diff --git a/2019/3xxx/CVE-2019-3496.json b/2019/3xxx/CVE-2019-3496.json index 93bdbaf2a10..e9e13b28f20 100644 --- a/2019/3xxx/CVE-2019-3496.json +++ b/2019/3xxx/CVE-2019-3496.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-3496", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Wifi-soft UniBox controller 3.x devices. The tools/controller/diagnostic_tools_controller Diagnostic Tools Controller is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html" + }, + { + "refsource": "MLIST", + "name": "[fulldisclosure] 20190106 Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x", + "url": "http://seclists.org/fulldisclosure/2019/Jan/23" + }, + { + "refsource": "MISC", + "name": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/", + "url": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/" } ] } diff --git a/2019/3xxx/CVE-2019-3497.json b/2019/3xxx/CVE-2019-3497.json index 43ae27cd57d..8399f453cd8 100644 --- a/2019/3xxx/CVE-2019-3497.json +++ b/2019/3xxx/CVE-2019-3497.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-3497", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151077/Wifi-soft-Unibox-2.x-Remote-Command-Code-Injection.html" + }, + { + "refsource": "MLIST", + "name": "[fulldisclosure] 20190106 Multiple Root RCE in Unibox Wifi Access Controller 0.x - 3.x", + "url": "http://seclists.org/fulldisclosure/2019/Jan/23" + }, + { + "refsource": "MISC", + "name": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/", + "url": "https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/" } ] } diff --git a/2019/9xxx/CVE-2019-9634.json b/2019/9xxx/CVE-2019-9634.json index c71a8f3e350..4c5284361db 100644 --- a/2019/9xxx/CVE-2019-9634.json +++ b/2019/9xxx/CVE-2019-9634.json @@ -56,6 +56,11 @@ "name": "https://github.com/golang/go/issues/30642", "refsource": "MISC", "url": "https://github.com/golang/go/issues/30642" + }, + { + "refsource": "BID", + "name": "107450", + "url": "http://www.securityfocus.com/bid/107450" } ] } diff --git a/2019/9xxx/CVE-2019-9658.json b/2019/9xxx/CVE-2019-9658.json index a316722cdda..6fa16e9f297 100644 --- a/2019/9xxx/CVE-2019-9658.json +++ b/2019/9xxx/CVE-2019-9658.json @@ -71,6 +71,11 @@ "name": "https://checkstyle.org/releasenotes.html#Release_8.18", "refsource": "MISC", "url": "https://checkstyle.org/releasenotes.html#Release_8.18" + }, + { + "refsource": "MLIST", + "name": "[james-server-dev] 20190318 [james-project] 01/03: JAMES-2693 Update com.puppycrawl.tools:checkstyle to respond to CVE-2019-9658", + "url": "https://lists.apache.org/thread.html/7eea10e7be4c21060cb1e79f6524c6e6559ba833b1465cd2870a56b9@%3Cserver-dev.james.apache.org%3E" } ] } diff --git a/2019/9xxx/CVE-2019-9735.json b/2019/9xxx/CVE-2019-9735.json index 98599d0701c..464a72e813d 100644 --- a/2019/9xxx/CVE-2019-9735.json +++ b/2019/9xxx/CVE-2019-9735.json @@ -66,6 +66,11 @@ "refsource": "CONFIRM", "name": "https://security.openstack.org/ossa/OSSA-2019-001.html", "url": "https://security.openstack.org/ossa/OSSA-2019-001.html" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190318 [OSSA-2019-001] Unsupported dport option prevents applying security groups in OpenStack Neutron (CVE-2019-9735)", + "url": "http://www.openwall.com/lists/oss-security/2019/03/18/2" } ] }