admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-12-12 14:01:14 +00:00
parent a7978b54de
commit 9323f28720
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
19 changed files with 1047 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/10xxx/CVE-2019-10936.json
View File

@ -516,15 +516,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker\nto trigger a denial-of-service condition. The vulnerability can be triggered \nif a large amount of specially crafted UDP packets are sent to device.\n\nThe security vulnerability could be exploited by an attacker with network \naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), SIMATIC CFU PA (All versions < V1.2.0), SIMATIC ET 200AL (All versions), SIMATIC ET 200M (All versions), SIMATIC ET 200MP IM 155-5 PN BA (All versions < V4.3.0), SIMATIC ET 200MP IM 155-5 PN HF (All versions), SIMATIC ET 200MP IM 155-5 PN ST (All versions), SIMATIC ET 200S (All versions), SIMATIC ET 200SP IM 155-6 PN BA (All versions), SIMATIC ET 200SP IM 155-6 PN HA (All versions), SIMATIC ET 200SP IM 155-6 PN HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN HS (All versions), SIMATIC ET 200SP IM 155-6 PN ST (All versions), SIMATIC ET 200SP IM 155-6 PN/2 HF (All versions < V4.2.2), SIMATIC ET 200SP IM 155-6 PN/3 HF (All versions < V4.2.1), SIMATIC ET 200ecoPN (except 6ES7148-6JD00-0AB0 and 6ES7146-6FF00-0AB0) (All versions), SIMATIC ET 200pro (All versions), SIMATIC HMI Comfort Outdoor Panels 7\" & 15\" (All versions), SIMATIC HMI Comfort Panels 4\" - 22\" (All versions), SIMATIC HMI KTP Mobile Panels (All versions), SIMATIC PN/PN Coupler (All versions), SIMATIC PROFINET Driver (All versions < V2.1), SIMATIC S7-1200 CPU family (incl. F) (All versions), SIMATIC S7-1500 CPU family (incl. F) (All versions < V2.0), SIMATIC S7-300 CPU family (incl. F) (All versions), SIMATIC S7-400 PN/DP V7 (incl. F) (All versions), SIMATIC S7-400 V6 (incl F) and below (All versions), SIMATIC S7-400H V6 (All versions < V6.0.9), SIMATIC S7-410 V8 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINAMICS DCM (All versions < V1.5 HF1), SINAMICS DCP (All versions), SINAMICS G110M V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G120 V4.7 (PN Control Unit) (All versions < V4.7 SP10 HF5), SINAMICS G130 V4.7 (Control Unit) (All versions < 4.8), SINAMICS G150 (Control Unit) (All versions < 4.8), SINAMICS GH150 V4.7 (Control Unit) (All versions), SINAMICS GL150 V4.7 (Control Unit) (All versions), SINAMICS GM150 V4.7 (Control Unit) (All versions), SINAMICS S110 (Control Unit) (All versions), SINAMICS S120 V4.7 (Control Unit) (All versions), SINAMICS S150 (Control Unit) (All versions < 4.8), SINAMICS SL150 V4.7 (Control Unit) (All versions < V4.7 HF33), SINAMICS SM120 V4.7 (Control Unit) (All versions), SINUMERIK 828D (All versions < V4.8 SP5), SINUMERIK 840D sl (All versions). Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial-of-service condition. The vulnerability can be triggered if a large amount of specially crafted UDP packets are sent to device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13927.json
View File

@ -66,15 +66,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause\na denial of service condition on the device's web server by sending a\nspecially crafted HTTP message to the web server port (tcp/80).\n\nThe security vulnerability could be exploited by an attacker with network\naccess to an affected device. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise the availability of the device's web service.\nWhile the device itself stays operational, the web server responds with\nHTTP status code 404 (Not found) to any further request.\nA reboot is required to recover the web interface.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules PXA30-W0, PXA30-W1, PXA30-W2 (All firmware versions < V6.00.320), Desigo PX automation controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D with activated web server (All firmware versions < V6.00.320). The device contains a vulnerability that could allow an attacker to cause a denial of service condition on the device's web server by sending a specially crafted HTTP message to the web server port (tcp/80). The security vulnerability could be exploited by an attacker with network access to an affected device. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise the availability of the device's web service. While the device itself stays operational, the web server responds with HTTP status code 404 (Not found) to any further request. A reboot is required to recover the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-898181.pdf"
}
]
}

7
2019/13xxx/CVE-2019-13945.json
View File

@ -46,15 +46,16 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in S7-1200 CPU (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows\nadditional diagnostic functionality.\n\nThe security vulnerability could be exploited by an attacker with physical access\nto the UART interface during boot process.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known. \n"
"value": "A vulnerability has been identified in S7-1200 CPU (All versions). There is an access mode used during manufacturing of S7-1200 CPUs that allows additional diagnostic functionality. The security vulnerability could be exploited by an attacker with physical access to the UART interface during boot process. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-686531.pdf"
}
]
}

5
2019/14xxx/CVE-2019-14849.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-14849",
"ASSIGNER": "darunesh@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -68,4 +69,4 @@
]
]
}
}
}

77
2019/15xxx/CVE-2019-15930.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp allows Clickjacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

77
2019/15xxx/CVE-2019-15931.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp allows Directory Traversal, a different vulnerability than CVE-2019-16246."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

77
2019/15xxx/CVE-2019-15932.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15932",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp has Incorrect Access Control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

77
2019/15xxx/CVE-2019-15933.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp has SQL Injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

77
2019/15xxx/CVE-2019-15934.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

77
2019/15xxx/CVE-2019-15935.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

72
2019/15xxx/CVE-2019-15936.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp allows Insecure File Upload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.bishopfox.com/blog/news-category/advisories/",
"refsource": "MISC",
"name": "https://www.bishopfox.com/blog/news-category/advisories/"
},
{
"url": "https://bishopfox.com",
"refsource": "MISC",
"name": "https://bishopfox.com"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

72
2019/16xxx/CVE-2019-16246.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

105
2019/17xxx/CVE-2019-17358.json Normal file
View File

@ -0,0 +1,105 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.darkmatter.ae/xen1thlabs/",
"refsource": "MISC",
"name": "https://www.darkmatter.ae/xen1thlabs/"
},
{
"url": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109",
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/blob/79f29cddb5eb05cbaff486cd634285ef1fed9326/lib/functions.php#L3109"
},
{
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html",
"url": "https://lists.debian.org/debian-lts-announce/2019/12/msg00014.html"
},
{
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/issues/3026",
"url": "https://github.com/Cacti/cacti/issues/3026"
},
{
"refsource": "MISC",
"name": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8",
"url": "https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8"
},
{
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2019-17358"
},
{
"refsource": "MISC",
"name": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html",
"url": "https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-17358.html"
}
]
},
"impact": {
"cvss": {
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/A:N/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.0"
}
}
}

72
2019/17xxx/CVE-2019-17428.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.solismed.com/",
"refsource": "MISC",
"name": "https://www.solismed.com/"
},
{
"url": "https://know.bishopfox.com/advisories",
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories"
},
{
"refsource": "MISC",
"name": "https://know.bishopfox.com/advisories/solismed-critical",
"url": "https://know.bishopfox.com/advisories/solismed-critical"
}
]
}
}

82
2019/18xxx/CVE-2019-18345.json Normal file
View File

@ -0,0 +1,82 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrator, the attacker can for example add a new admin user to gain full access to the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.davical.org/",
"refsource": "MISC",
"name": "https://www.davical.org/"
},
{
"url": "https://wiki.davical.org/index.php/Main_Page",
"refsource": "MISC",
"name": "https://wiki.davical.org/index.php/Main_Page"
},
{
"url": "https://gitlab.com/davical-project/davical/blob/master/ChangeLog",
"refsource": "MISC",
"name": "https://gitlab.com/davical-project/davical/blob/master/ChangeLog"
},
{
"refsource": "MISC",
"name": "https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/",
"url": "https://hackdefense.com/publications/cve-2019-18345-davical-caldav-server-vulnerability/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155630/DAViCal-CalDAV-Server-1.1.8-Reflective-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/155630/DAViCal-CalDAV-Server-1.1.8-Reflective-Cross-Site-Scripting.html"
}
]
}
}

66
2019/19xxx/CVE-2019-19198.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19198",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/scoutnet-kalender/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/scoutnet-kalender/#developers"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155615/WordPress-Scoutnet-Kalender-1.1.0-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/155615/WordPress-Scoutnet-Kalender-1.1.0-Cross-Site-Scripting.html"
},
{
"refsource": "MISC",
"name": "https://wpvulndb.com/vulnerabilities/9969",
"url": "https://wpvulndb.com/vulnerabilities/9969"
}
]
}

56
2019/19xxx/CVE-2019-19247.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19247",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ea.com/security/news/easec-2019-001-elevation-of-privilege-vulnerability-in-origin-client",
"url": "https://www.ea.com/security/news/easec-2019-001-elevation-of-privilege-vulnerability-in-origin-client"
}
]
}

56
2019/19xxx/CVE-2019-19248.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-19248",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-19248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.ea.com/security/news/easec-2019-001-elevation-of-privilege-vulnerability-in-origin-client",
"url": "https://www.ea.com/security/news/easec-2019-001-elevation-of-privilege-vulnerability-in-origin-client"
}
]
}

12
2019/6xxx/CVE-2019-6568.json
View File

@ -756,19 +756,21 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to\na denial-of-service condition. An attacker may cause a denial-of-service\nsituation which leads to a restart of the webserver of the affected device.\n\nThe security vulnerability could be exploited by an attacker with network\naccess to the affected systems. Successful exploitation requires no system\nprivileges and no user interaction. An attacker could use the vulnerability\nto compromise availability of the device.\n\nAt the time of advisory publication no public exploitation of this security\nvulnerability was known.\n"
"value": "A vulnerability has been identified in CP1604, CP1616, SIMATIC CP343-1 Advanced, SIMATIC CP443-1, SIMATIC CP443-1 Advanced, SIMATIC CP443-1 OPC UA, SIMATIC ET 200 SP Open Controller CPU 1515SP PC, SIMATIC ET 200 SP Open Controller CPU 1515SP PC2, SIMATIC HMI Comfort Outdoor Panels 7\" & 15\", SIMATIC HMI Comfort Panels 4\" - 22\", SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 und KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF181-EIP, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600R, SIMATIC S7-1500 CPU family, SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family, SIMATIC S7-400 PN (incl. F) V6 and below, SIMATIC S7-400 PN/DP V7 (incl. F), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP, SIMOCODE pro V PN, SINAMICS G130 V4.6 (Control Unit), SINAMICS G130 V4.7 (Control Unit), SINAMICS G130 V4.7 SP1 (Control Unit), SINAMICS G130 V4.8 (Control Unit), SINAMICS G130 V5.1 (Control Unit), SINAMICS G130 V5.1 SP1 (Control Unit), SINAMICS G150 V4.6 (Control Unit), SINAMICS G150 V4.7 (Control Unit), SINAMICS G150 V4.7 SP1 (Control Unit), SINAMICS G150 V4.8 (Control Unit), SINAMICS G150 V5.1 (Control Unit), SINAMICS G150 V5.1 SP1 (Control Unit), SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 (Control Unit), SINAMICS S120 V4.7 (Control Unit), SINAMICS S120 V4.7 SP1 (Control Unit), SINAMICS S120 V4.8 (Control Unit), SINAMICS S120 V5.1 (Control Unit), SINAMICS S120 V5.1 SP1 (Control Unit), SINAMICS S150 V4.6 (Control Unit), SINAMICS S150 V4.7 (Control Unit), SINAMICS S150 V4.7 SP1 (Control Unit), SINAMICS S150 V4.8 (Control Unit), SINAMICS S150 V5.1 (Control Unit), SINAMICS S150 V5.1 SP1 (Control Unit), SINAMICS S210 V5.1 (Control Unit), SINAMICS S210 V5.1 SP1 (Control Unit), SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SITOP Manager, SITOP PSU8600, SITOP UPS1600, TIM 1531 IRC. The webserver of the affected devices contains a vulnerability that may lead to a denial-of-service condition. An attacker may cause a denial-of-service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-530931.pdf"
}
]
}