admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-18 21:00:49 +00:00
parent de219a0c47
commit 8f7224f01b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 399 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2017/8xxx/CVE-2017-8328.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8328",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change a user's password. Also this is a systemic issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190609 Newly releases IoT security issues",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf"
}
]
}

58
2017/8xxx/CVE-2017-8330.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8330",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a UPnP functionality for devices to interface with the router and interact with the device. It seems that the \"NewInMessage\" SOAP parameter passed with a huge payload results in crashing the process. If the firmware version AL-R096 is dissected using binwalk tool, we obtain a cpio-root archive which contains the filesystem set up on the device that contains all the binaries. The binary \"miniupnpd\" is the one that has the vulnerable function that receives the values sent by the SOAP request. If we open this binary in IDA-pro we will notice that this follows a MIPS little endian format. The function WscDevPutMessage at address 0x0041DBB8 in IDA pro is identified to be receiving the values sent in the SOAP request. The SOAP parameter \"NewInMesage\" received at address 0x0041DC30 causes the miniupnpd process to finally crash when a second request is sent to the same process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190609 Newly releases IoT security issues",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf"
}
]
}

58
2017/8xxx/CVE-2017-8332.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8332",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking key words passing in the web traffic to prevent kids from watching content that might be deemed unsafe using the web management interface. It seems that the device does not implement any cross-site scripting protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a stored cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190609 Newly releases IoT security issues",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf"
}
]
}

58
2017/8xxx/CVE-2017-8334.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8334",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of blocking IP addresses using the web management interface. It seems that the device does not implement any cross-site scripting forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface into executing a cross-site scripting payload on the user's browser and execute any action on the device provided by the web management interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190609 Newly releases IoT security issues",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf"
}
]
}

58
2017/8xxx/CVE-2017-8337.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8337",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of executing various actions on the web management interface. It seems that the device does not implement any Origin header check which allows an attacker who can trick a user to navigate to an attacker's webpage to exploit this issue and brute force the password for the web management interface. It also allows an attacker to then execute any other actions which include management if rules, sensors attached to the devices using the websocket requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190609 Newly releases IoT security issues",
"url": "https://seclists.org/bugtraq/2019/Jun/8"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html",
"url": "http://packetstormsecurity.com/files/153227/Securifi-Almond-2015-Buffer-Overflow-Command-Injection-XSS-CSRF.html"
},
{
"refsource": "MISC",
"name": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf",
"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Securifi_Almond_plus_sec_issues.pdf"
}
]
}

5
2018/11xxx/CVE-2018-11784.json
View File

@ -178,6 +178,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1547",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1529",
"url": "https://access.redhat.com/errata/RHSA-2019:1529"
}
]
}

5
2018/8xxx/CVE-2018-8014.json
View File

@ -195,6 +195,11 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1529",
"url": "https://access.redhat.com/errata/RHSA-2019:1529"
}
]
}

5
2018/8xxx/CVE-2018-8034.json
View File

@ -206,6 +206,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1161",
"url": "https://access.redhat.com/errata/RHSA-2019:1161"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1529",
"url": "https://access.redhat.com/errata/RHSA-2019:1529"
}
]
}

5
2018/8xxx/CVE-2018-8037.json
View File

@ -140,6 +140,11 @@
"refsource": "MLIST",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1529",
"url": "https://access.redhat.com/errata/RHSA-2019:1529"
}
]
}

5
2019/0xxx/CVE-2019-0804.json
View File

@ -56,6 +56,11 @@
"refsource": "CONFIRM",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0804"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1527",
"url": "https://access.redhat.com/errata/RHSA-2019:1527"
}
]
}

2
2019/12xxx/CVE-2019-12395.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "In Webbukkit Dynmap 3.0-beta-3, with Spigot 1.13.2, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login despite an enabled login-required setting."
"value": "In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting."
}
]
},

61
2019/12xxx/CVE-2019-12592.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12592",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/",
"url": "https://www.cyberscoop.com/evernote-patches-flaw-google-chrome-extension/"
},
{
"refsource": "MISC",
"name": "https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/",
"url": "https://www.techrepublic.com/article/evernote-chrome-extension-vulnerability-allowed-attackers-to-steal-4-7m-users-data/"
}
]
}

18
2019/12xxx/CVE-2019-12877.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12877",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/2xxx/CVE-2019-2602.json
View File

@ -141,6 +141,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1325",
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1518",
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
}
]
}

5
2019/2xxx/CVE-2019-2684.json
View File

@ -141,6 +141,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1325",
"url": "https://access.redhat.com/errata/RHSA-2019:1325"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1518",
"url": "https://access.redhat.com/errata/RHSA-2019:1518"
}
]
}

5
2019/3xxx/CVE-2019-3827.json
View File

@ -53,6 +53,11 @@
"url": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31",
"name": "https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31",
"refsource": "CONFIRM"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1517",
"url": "https://access.redhat.com/errata/RHSA-2019:1517"
}
]
},

5
2019/9xxx/CVE-2019-9741.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:1300",
"url": "https://access.redhat.com/errata/RHSA-2019:1300"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1519",
"url": "https://access.redhat.com/errata/RHSA-2019:1519"
}
]
}