admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-09-19 16:00:54 +00:00
parent 298b4d2ae5
commit 9fbfd14fe7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 199 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2018/14xxx/CVE-2018-14494.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget."
"value": "** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware."
}
]
},

2
2018/14xxx/CVE-2018-14495.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vivotek FD8136 devices allow Remote Command Injection, aka \"another command injection vulnerability in our target device,\" a different issue than CVE-2018-14494."
"value": "** DISPUTED ** Vivotek FD8136 devices allow Remote Command Injection, aka \"another command injection vulnerability in our target device,\" a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance."
}
]
},

2
2018/14xxx/CVE-2018-14496.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi."
"value": "** DISPUTED ** Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance."
}
]
},

62
2019/16xxx/CVE-2019-16412.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In goform/setSysTools on Tenda N301 wireless routers, attackers can trigger a device crash via a zero wanMTU value. (Prohibition of this zero value is only enforced within the GUI.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/Gr3gPr1est/BugReport/blob/master/CVE-2019-16412.pdf",
"url": "https://github.com/Gr3gPr1est/BugReport/blob/master/CVE-2019-16412.pdf"
}
]
}
}

62
2019/16xxx/CVE-2019-16510.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady in mms/iso_mms/server/mms_server.c, as demonstrated by server_example_goose."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/mz-automation/libiec61850/issues/164",
"refsource": "MISC",
"name": "https://github.com/mz-automation/libiec61850/issues/164"
}
]
}
}

72
2019/16xxx/CVE-2019-16511.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/wixtoolset/issues/issues/6075",
"refsource": "MISC",
"name": "https://github.com/wixtoolset/issues/issues/6075"
},
{
"url": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/",
"refsource": "MISC",
"name": "https://wixtoolset.org/development/wips/6075-dtf-zip-slip/"
},
{
"url": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/",
"refsource": "MISC",
"name": "https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/"
}
]
}
}