diff --git a/1999/0xxx/CVE-1999-0095.json b/1999/0xxx/CVE-1999-0095.json index 61004c63755..7db04ff1742 100644 --- a/1999/0xxx/CVE-1999-0095.json +++ b/1999/0xxx/CVE-1999-0095.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit", "url": "http://www.openwall.com/lists/oss-security/2019/06/06/1" + }, + { + "refsource": "FULLDISC", + "name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)", + "url": "http://seclists.org/fulldisclosure/2019/Jun/16" } ] } diff --git a/1999/0xxx/CVE-1999-0145.json b/1999/0xxx/CVE-1999-0145.json index 8349105c7f4..f900cc7eaf3 100644 --- a/1999/0xxx/CVE-1999-0145.json +++ b/1999/0xxx/CVE-1999-0145.json @@ -81,6 +81,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit", "url": "http://www.openwall.com/lists/oss-security/2019/06/06/1" + }, + { + "refsource": "FULLDISC", + "name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)", + "url": "http://seclists.org/fulldisclosure/2019/Jun/16" } ] } diff --git a/2017/5xxx/CVE-2017-5953.json b/2017/5xxx/CVE-2017-5953.json index a1dbe4de52f..b806c8a520a 100644 --- a/2017/5xxx/CVE-2017-5953.json +++ b/2017/5xxx/CVE-2017-5953.json @@ -76,6 +76,11 @@ "name": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY", "refsource": "CONFIRM", "url": "https://groups.google.com/forum/#!topic/vim_dev/t-3RSdEnrHY" + }, + { + "refsource": "UBUNTU", + "name": "USN-4016-1", + "url": "https://usn.ubuntu.com/4016-1/" } ] } diff --git a/2019/10xxx/CVE-2019-10149.json b/2019/10xxx/CVE-2019-10149.json index 0588092bda1..b1045056d8c 100644 --- a/2019/10xxx/CVE-2019-10149.json +++ b/2019/10xxx/CVE-2019-10149.json @@ -108,6 +108,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html", "url": "http://packetstormsecurity.com/files/153218/Exim-4.9.1-Remote-Command-Execution.html" + }, + { + "refsource": "FULLDISC", + "name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)", + "url": "http://seclists.org/fulldisclosure/2019/Jun/16" } ] }, diff --git a/2019/12xxx/CVE-2019-12504.json b/2019/12xxx/CVE-2019-12504.json index 822283095e8..53daed9e1ef 100644 --- a/2019/12xxx/CVE-2019-12504.json +++ b/2019/12xxx/CVE-2019-12504.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html", "url": "http://packetstormsecurity.com/files/153185/Inateck-2.4-GHz-Wearable-Wireless-Presenter-WP2002-Keystroke-Injection.html" + }, + { + "refsource": "FULLDISC", + "name": "20190611 [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/Jun/14" } ] } diff --git a/2019/12xxx/CVE-2019-12506.json b/2019/12xxx/CVE-2019-12506.json index 5422ad40213..3d57b2bf3cb 100644 --- a/2019/12xxx/CVE-2019-12506.json +++ b/2019/12xxx/CVE-2019-12506.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html", "url": "http://packetstormsecurity.com/files/153186/Logitech-R700-Laser-Presentation-Remote-Keystroke-Injection.html" + }, + { + "refsource": "FULLDISC", + "name": "20190611 [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/Jun/15" } ] } diff --git a/2019/12xxx/CVE-2019-12735.json b/2019/12xxx/CVE-2019-12735.json index 7b3bd913dd4..f04994e11a9 100644 --- a/2019/12xxx/CVE-2019-12735.json +++ b/2019/12xxx/CVE-2019-12735.json @@ -81,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-d79f89346c", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2BMDSHTF754TITC6AQJPCS5IRIDMMIM7/" + }, + { + "refsource": "UBUNTU", + "name": "USN-4016-1", + "url": "https://usn.ubuntu.com/4016-1/" } ] } diff --git a/2019/3xxx/CVE-2019-3411.json b/2019/3xxx/CVE-2019-3411.json index c531768a96d..c49d940da35 100644 --- a/2019/3xxx/CVE-2019-3411.json +++ b/2019/3xxx/CVE-2019-3411.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2019-3411", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZTE MF920", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "All versions up to BD_R218V2.4" + } + ] + } + } + ] + }, + "vendor_name": "ZTE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by information leak vulnerability. Due to some interfaces can obtain the WebUI login password without login, an attacker can exploit the vulnerability to obtain sensitive information about the affected components." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3412.json b/2019/3xxx/CVE-2019-3412.json index 08ea17be3ba..fca0a9ac08c 100644 --- a/2019/3xxx/CVE-2019-3412.json +++ b/2019/3xxx/CVE-2019-3412.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2019-3412", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ZTE MF920", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "All versions up to BD_R218V2.4" + } + ] + } + } + ] + }, + "vendor_name": "ZTE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to BD_R218V2.4 of ZTE MF920 product are impacted by command execution vulnerability. Due to some interfaces do not adequately verify parameters, an attacker can execute arbitrary commands through specific interfaces." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010686" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/3xxx/CVE-2019-3413.json b/2019/3xxx/CVE-2019-3413.json index adfca569ea1..bed05c5d5b0 100644 --- a/2019/3xxx/CVE-2019-3413.json +++ b/2019/3xxx/CVE-2019-3413.json @@ -1,8 +1,32 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "psirt@zte.com.cn", "ID": "CVE-2019-3413", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NetNumen DAP", + "version": { + "version_data": [ + { + "affected": "<=", + "version_value": "All versions up to NetNumen DAP V20.18.40.R7.B1" + } + ] + } + } + ] + }, + "vendor_name": "ZTE" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +35,48 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "Medium", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010797", + "url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1010797" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file