admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-06 20:00:52 +00:00
parent e6bac38e6c
commit 9fe236ba0d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
12 changed files with 333 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/8xxx/CVE-2018-8035.json
View File

@ -53,6 +53,11 @@
"refsource": "BID",
"name": "108195",
"url": "http://www.securityfocus.com/bid/108195"
},
{
"refsource": "MLIST",
"name": "[uima-dev] 20190606 Re: upcoming board report",
"url": "https://lists.apache.org/thread.html/2f49681259b375d53431605f1c557ef8a3ed0af01a488d2e1b330053@%3Cdev.uima.apache.org%3E"
}
]
},

5
2019/0xxx/CVE-2019-0119.json
View File

@ -53,6 +53,11 @@
"refsource": "BID",
"name": "108485",
"url": "http://www.securityfocus.com/bid/108485"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K85585101",
"url": "https://support.f5.com/csp/article/K85585101"
}
]
},

15
2019/0xxx/CVE-2019-0223.json
View File

@ -88,6 +88,21 @@
"refsource": "REDHAT",
"name": "RHSA-2019:0886",
"url": "https://access.redhat.com/errata/RHSA-2019:0886"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1399",
"url": "https://access.redhat.com/errata/RHSA-2019:1399"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1400",
"url": "https://access.redhat.com/errata/RHSA-2019:1400"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1398",
"url": "https://access.redhat.com/errata/RHSA-2019:1398"
}
]
},

20
2019/10xxx/CVE-2019-10009.json
View File

@ -52,6 +52,21 @@
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20190326 CVE-2019-10009 Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion",
"url": "http://seclists.org/fulldisclosure/2019/Mar/47"
},
{
"refsource": "EXPLOIT-DB",
"name": "46611",
"url": "https://www.exploit-db.com/exploits/46611/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html",
"url": "http://packetstormsecurity.com/files/152244/Titan-FTP-Server-2019-Build-3505-Directory-Traversal.html"
},
{
"refsource": "MISC",
"name": "https://seclists.org/fulldisclosure/2019/Mar/47",
@ -61,6 +76,11 @@
"refsource": "EXPLOIT-DB",
"name": "46611",
"url": "https://www.exploit-db.com/exploits/46611"
},
{
"refsource": "CONFIRM",
"name": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html",
"url": "http://www.southrivertech.com/software/regsoft/titanftp/v19/verhist_en.html"
}
]
}

5
2019/10xxx/CVE-2019-10149.json
View File

@ -83,6 +83,11 @@
"refsource": "BUGTRAQ",
"name": "20190605 [SECURITY] [DSA 4456-1] exim4 security update",
"url": "https://seclists.org/bugtraq/2019/Jun/5"
},
{
"refsource": "GENTOO",
"name": "GLSA-201906-01",
"url": "https://security.gentoo.org/glsa/201906-01"
}
]
},

56
2019/11xxx/CVE-2019-11523.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11523",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact with the device: for example, send the \"open door\" command, download the users list (which includes RFID codes and passcodes in cleartext), or update/create users. The same attack can be executed on a local network and over the internet (if the device is exposed on a public IP address)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc",
"url": "https://github.com/wizlab-it/anviz-m3-rfid-cve-2019-11523-poc"
}
]
}

64
2019/12xxx/CVE-2019-12492.json
View File

@ -1,18 +1,70 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12492",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Gallagher Command Centre before 7.80.939, 7.90.x before 7.90.961, and 8.x before 8.00.1128 allows arbitrary event creation and information disclosure via the FT Command Centre Service and FT Controller Service services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.gallagher.com/CVE-2019-12492",
"url": "https://security.gallagher.com/CVE-2019-12492"
},
{
"refsource": "CONFIRM",
"name": "https://security.gallagher.com/security-advisories",
"url": "https://security.gallagher.com/security-advisories"
}
]
},
"source": {
"discovery": "INTERNAL"
}
}

67
2019/12xxx/CVE-2019-12762.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607",
"refsource": "MISC",
"name": "https://medium.com/@juliodellaflora/ghost-touch-on-xiaomi-mi5s-plus-707998308607"
},
{
"url": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/",
"refsource": "MISC",
"name": "https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps/"
}
]
}
}

5
2019/3xxx/CVE-2019-3722.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
"ID": "CVE-2019-3722",
"STATE": "PUBLIC",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request.\n\n"
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain an XML external entity (XXE) injection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to read arbitrary server system files by supplying specially crafted document type definitions (DTDs) in an XML request."
}
]
},
@ -82,6 +82,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
}
]

5
2019/3xxx/CVE-2019-3723.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-06-03T17:00:00.000Z",
"ID": "CVE-2019-3723",
"STATE": "PUBLIC",
@ -43,7 +43,7 @@
"description_data": [
{
"lang": "eng",
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation\n\n"
"value": "Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete the contents of any existing file, due to improper input parameter validation"
}
]
},
@ -82,6 +82,7 @@
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en",
"url": "https://www.dell.com/support/article/us/en/04/sln317441/dsa-2019-074-dell-emc-openmanage-server-administrator-multiple-vulnerabilities?lang=en"
}
]

189
2019/3xxx/CVE-2019-3790.json
View File

@ -1,100 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2019-05-28T13:47:10.000Z",
"ID": "CVE-2019-3790",
"STATE": "PUBLIC",
"TITLE": "Ops Manager uaa client issues tokens after refresh token expiration"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.3",
"version_value": "2.3.16"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2019-05-28T13:47:10.000Z",
"ID": "CVE-2019-3790",
"STATE": "PUBLIC",
"TITLE": "Ops Manager uaa client issues tokens after refresh token expiration"
},
"source": {
"discovery": "UNKNOWN"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pivotal Ops Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.3",
"version_value": "2.3.16"
},
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.11"
},
{
"affected": "<",
"version_name": "2.2",
"version_value": "2.2.23"
},
{
"affected": "<",
"version_name": "2.5",
"version_value": "2.5.3"
}
]
}
}
]
},
{
"affected": "<",
"version_name": "2.4",
"version_value": "2.4.11"
},
{
"affected": "<",
"version_name": "2.2",
"version_value": "2.2.23"
},
{
"affected": "<",
"version_name": "2.5",
"version_value": "2.5.3"
}
]
"vendor_name": "Pivotal"
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324: Use of a Key Past its Expiration Date"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Pivotal Ops Manager, 2.2.x versions prior to 2.2.23, 2.3.x versions prior to 2.3.16, 2.4.x versions prior to 2.4.11, and 2.5.x versions prior to 2.5.3, contain configuration that circumvents refresh token expiration. A remote authenticated user can gain access to a browser session that was supposed to have expired, and access Ops Manager resources."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3790",
"name": "https://pivotal.io/security/cve-2019-3790"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-324: Use of a Key Past its Expiration Date"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "108512",
"url": "http://www.securityfocus.com/bid/108512"
},
{
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3790",
"name": "https://pivotal.io/security/cve-2019-3790"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
}
}

5
2019/9xxx/CVE-2019-9621.json
View File

@ -91,6 +91,11 @@
"refsource": "MISC",
"name": "https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html",
"url": "https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html",
"url": "http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html"
}
]
}