From 94c4b4c83995a0b069fa6bd653af34afcdf5bd95 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 30 Jul 2019 20:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2014/3xxx/CVE-2014-3828.json | 12 ++++++- 2014/3xxx/CVE-2014-3829.json | 12 ++++++- 2015/1xxx/CVE-2015-1560.json | 7 +++- 2015/1xxx/CVE-2015-1561.json | 7 +++- 2019/13xxx/CVE-2019-13026.json | 62 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13635.json | 5 +++ 2019/3xxx/CVE-2019-3948.json | 5 +++ 7 files changed, 106 insertions(+), 4 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13026.json diff --git a/2014/3xxx/CVE-2014-3828.json b/2014/3xxx/CVE-2014-3828.json index 6db71f84f64..3edf3212dcb 100644 --- a/2014/3xxx/CVE-2014-3828.json +++ b/2014/3xxx/CVE-2014-3828.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/." + "value": "Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index parameter to common/javascript/commandGetArgs/cmdGetExample.php in include/." } ] }, @@ -66,6 +66,16 @@ "name": "70648", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70648" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde", + "url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde" } ] } diff --git a/2014/3xxx/CVE-2014-3829.json b/2014/3xxx/CVE-2014-3829.json index 700ef2c9713..f823b20c50a 100644 --- a/2014/3xxx/CVE-2014-3829.json +++ b/2014/3xxx/CVE-2014-3829.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable." + "value": "displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the command_line variable." } ] }, @@ -61,6 +61,16 @@ "name": "VU#298796", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/298796" + }, + { + "refsource": "CONFIRM", + "name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html", + "url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-2.5/centreon-2.5.3.html" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde", + "url": "https://github.com/centreon/centreon/commit/cc2109804dd69057cb209037113796ec5ffdce90#diff-e328097503b14fbb117e0db798aefcde" } ] } diff --git a/2015/1xxx/CVE-2015-1560.json b/2015/1xxx/CVE-2015-1560.json index 355564b6388..a34970732fe 100644 --- a/2015/1xxx/CVE-2015-1560.json +++ b/2015/1xxx/CVE-2015-1560.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php." + "value": "SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php." } ] }, @@ -66,6 +66,11 @@ "name": "20150708 Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535961/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4", + "url": "https://github.com/centreon/centreon/commit/668a928f34dc0f67723d3db138c042eb7f979f28#diff-f69d4a3d3d177d024c22419357c1f4f4" } ] } diff --git a/2015/1xxx/CVE-2015-1561.json b/2015/1xxx/CVE-2015-1561.json index f29a6613cb4..b5b3b2d103d 100644 --- a/2015/1xxx/CVE-2015-1561.json +++ b/2015/1xxx/CVE-2015-1561.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter." + "value": "The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter." } ] }, @@ -66,6 +66,11 @@ "name": "20150708 Merethis Centreon - Unauthenticated blind SQLi and Authenticated Remote Command Execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/535961/100/0/threaded" + }, + { + "refsource": "MISC", + "name": "https://github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98a#diff-27550b563fa8d660b64bca871a219cb1", + "url": "https://github.com/centreon/centreon/commit/a78c60aad6fd5af9b51a6d5de5d65560ea37a98a#diff-27550b563fa8d660b64bca871a219cb1" } ] } diff --git a/2019/13xxx/CVE-2019-13026.json b/2019/13xxx/CVE-2019-13026.json new file mode 100644 index 00000000000..ba7ea054e75 --- /dev/null +++ b/2019/13xxx/CVE-2019-13026.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13026", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OXID eShop 6.0.x before 6.0.5 and 6.1.x before 6.1.4 allows SQL Injection via a crafted URL, leading to full access by an attacker. This includes all shopping cart options, customer data, and the database. No interaction between the attacker and the victim is necessary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://oxidforge.org/en/security-bulletin-2019-001.html", + "url": "https://oxidforge.org/en/security-bulletin-2019-001.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13635.json b/2019/13xxx/CVE-2019-13635.json index 6ad8c787bee..ea5da27d2ad 100644 --- a/2019/13xxx/CVE-2019-13635.json +++ b/2019/13xxx/CVE-2019-13635.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "https://seclists.org/bugtraq/2019/Jul/53", "url": "https://seclists.org/bugtraq/2019/Jul/53" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153821/WordPress-WP-Fastest-Cache-0.8.9.5-Directory-Traversal.html", + "url": "http://packetstormsecurity.com/files/153821/WordPress-WP-Fastest-Cache-0.8.9.5-Directory-Traversal.html" } ] } diff --git a/2019/3xxx/CVE-2019-3948.json b/2019/3xxx/CVE-2019-3948.json index 6ed17c3fd30..f6333266706 100644 --- a/2019/3xxx/CVE-2019-3948.json +++ b/2019/3xxx/CVE-2019-3948.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.tenable.com/security/research/tra-2019-36", "url": "https://www.tenable.com/security/research/tra-2019-36" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html", + "url": "http://packetstormsecurity.com/files/153813/Amcrest-Cameras-2.520.AC00.18.R-Unauthenticated-Audio-Streaming.html" } ] },