admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-31 16:00:51 +00:00
parent 089e808623
commit 82f7b54efc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
4 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/7xxx/CVE-2019-7280.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prima Systems FlexAir devices have an Insufficient Session-ID Length."
"value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The session-ID is of an insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session and bypass authentication."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.applied-risk.com/resources/ar-2019-007",
"url": "https://www.applied-risk.com/resources/ar-2019-007"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02"
}
]
}

7
2019/7xxx/CVE-2019-7666.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prima Systems FlexAir devices allow authentication with MD5 hashes directly."
"value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The application allows improper authentication using the MD5 hash value of the password, which may allow an attacker with access to the database to login as admin without decrypting the password."
}
]
},
@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.applied-risk.com/resources/ar-2019-007",
"url": "https://www.applied-risk.com/resources/ar-2019-007"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02"
}
]
}

7
2019/7xxx/CVE-2019-7672.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Prima Systems FlexAir devices have Hard-coded Credentials."
"value": "Prima Systems FlexAir, Versions 2.3.38 and prior. The flash version of the web interface contains a hard-coded username and password, which may allow an authenticated attacker to escalate privileges."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://applied-risk.com/resources/ar-2019-007",
"url": "https://applied-risk.com/resources/ar-2019-007"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02"
}
]
}

7
2019/9xxx/CVE-2019-9189.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "On Prima Systems FlexAir devices through 2.4.9api3, an authenticated user can upload Python (.py) scripts and execute arbitrary code with root privileges."
"value": "Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access."
}
]
},
@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://applied-risk.com/resources/ar-2019-007",
"url": "https://applied-risk.com/resources/ar-2019-007"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-211-02"
}
]
}