From a7e6f69833ffc57e236fa9886dff6269e7bb6a48 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 19 Mar 2019 21:00:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/9xxx/CVE-2016-9166.json | 10 ++++--- 2018/10xxx/CVE-2018-10680.json | 5 ++++ 2018/11xxx/CVE-2018-11208.json | 5 ++++ 2018/11xxx/CVE-2018-11209.json | 5 ++++ 2018/11xxx/CVE-2018-11747.json | 10 ++++--- 2018/11xxx/CVE-2018-11789.json | 10 ++++--- 2018/19xxx/CVE-2018-19556.json | 7 ++++- 2018/7xxx/CVE-2018-7736.json | 7 ++++- 2018/7xxx/CVE-2018-7737.json | 7 ++++- 2019/5xxx/CVE-2019-5414.json | 10 ++++--- 2019/5xxx/CVE-2019-5416.json | 10 ++++--- 2019/5xxx/CVE-2019-5417.json | 10 ++++--- 2019/6xxx/CVE-2019-6282.json | 53 ++++++++++++++++++++++++++++++++-- 2019/6xxx/CVE-2019-6441.json | 53 ++++++++++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9887.json | 18 ++++++++++++ 15 files changed, 189 insertions(+), 31 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9887.json diff --git a/2016/9xxx/CVE-2016-9166.json b/2016/9xxx/CVE-2016-9166.json index 51eba48539c..6f9214ed4de 100644 --- a/2016/9xxx/CVE-2016-9166.json +++ b/2016/9xxx/CVE-2016-9166.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Downgrade of communication security" - } + "description": [ + { + "lang": "eng", + "value": "Downgrade of communication security" + } + ] } ] }, diff --git a/2018/10xxx/CVE-2018-10680.json b/2018/10xxx/CVE-2018-10680.json index ee692e461d3..f95258487d7 100644 --- a/2018/10xxx/CVE-2018-10680.json +++ b/2018/10xxx/CVE-2018-10680.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "https://github.com/zblogcn/zblogphp/issues/185", "refsource": "MISC", diff --git a/2018/11xxx/CVE-2018-11208.json b/2018/11xxx/CVE-2018-11208.json index 057d16d3253..c2c8729d12b 100644 --- a/2018/11xxx/CVE-2018-11208.json +++ b/2018/11xxx/CVE-2018-11208.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "https://github.com/zblogcn/zblogphp/issues/187", "refsource": "MISC", diff --git a/2018/11xxx/CVE-2018-11209.json b/2018/11xxx/CVE-2018-11209.json index afc2d017f03..27d8f4c8b00 100644 --- a/2018/11xxx/CVE-2018-11209.json +++ b/2018/11xxx/CVE-2018-11209.json @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "https://github.com/zblogcn/zblogphp/issues/188", "refsource": "MISC", diff --git a/2018/11xxx/CVE-2018-11747.json b/2018/11xxx/CVE-2018-11747.json index ba8ffebe03f..4f0e40f91a4 100644 --- a/2018/11xxx/CVE-2018-11747.json +++ b/2018/11xxx/CVE-2018-11747.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Insecure default" - } + "description": [ + { + "lang": "eng", + "value": "Insecure default" + } + ] } ] }, diff --git a/2018/11xxx/CVE-2018-11789.json b/2018/11xxx/CVE-2018-11789.json index 9a3a66afe25..86dd83891d0 100644 --- a/2018/11xxx/CVE-2018-11789.json +++ b/2018/11xxx/CVE-2018-11789.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Information Disclosure" - } + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] } ] }, diff --git a/2018/19xxx/CVE-2018-19556.json b/2018/19xxx/CVE-2018-19556.json index 9275fe3e95a..3289dbdac93 100644 --- a/2018/19xxx/CVE-2018-19556.json +++ b/2018/19xxx/CVE-2018-19556.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing." + "value": "** DISPUTED ** zb_system/admin/index.php?act=UploadMng in Z-BlogPHP 1.5 mishandles file preview, leading to content spoofing. NOTE: the software maintainer disputes that this is a vulnerability." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "https://github.com/novysodope/Z-BlogPHP1.5Zero/blob/bee6dba066b3f9aa378dcde63e1e0ffad6ad0f49/Url%20hijacking", "refsource": "MISC", diff --git a/2018/7xxx/CVE-2018-7736.json b/2018/7xxx/CVE-2018-7736.json index db8b0c323d2..a3eb390b463 100644 --- a/2018/7xxx/CVE-2018-7736.json +++ b/2018/7xxx/CVE-2018-7736.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter." + "value": "** DISPUTED ** In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. NOTE: the software maintainer disputes that this is a vulnerability." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "44406", "refsource": "EXPLOIT-DB", diff --git a/2018/7xxx/CVE-2018-7737.json b/2018/7xxx/CVE-2018-7737.json index ba60f07a047..28b1d6b1a83 100644 --- a/2018/7xxx/CVE-2018-7737.json +++ b/2018/7xxx/CVE-2018-7737.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php." + "value": "** DISPUTED ** In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php. NOTE: the software maintainer disputes that this is a vulnerability." } ] }, @@ -52,6 +52,11 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://github.com/zblogcn/zblogphp/issues/205", + "url": "https://github.com/zblogcn/zblogphp/issues/205" + }, { "name": "https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage", "refsource": "MISC", diff --git a/2019/5xxx/CVE-2019-5414.json b/2019/5xxx/CVE-2019-5414.json index 1557bc0dd9b..acfcccc1195 100644 --- a/2019/5xxx/CVE-2019-5414.json +++ b/2019/5xxx/CVE-2019-5414.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Command Injection - Generic (CWE-77)" - } + "description": [ + { + "lang": "eng", + "value": "Command Injection - Generic (CWE-77)" + } + ] } ] }, diff --git a/2019/5xxx/CVE-2019-5416.json b/2019/5xxx/CVE-2019-5416.json index e3ac29699e7..25fe547ef46 100644 --- a/2019/5xxx/CVE-2019-5416.json +++ b/2019/5xxx/CVE-2019-5416.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Path Traversal (CWE-22)" - } + "description": [ + { + "lang": "eng", + "value": "Path Traversal (CWE-22)" + } + ] } ] }, diff --git a/2019/5xxx/CVE-2019-5417.json b/2019/5xxx/CVE-2019-5417.json index 32c38f9ef73..a8ce5d16d80 100644 --- a/2019/5xxx/CVE-2019-5417.json +++ b/2019/5xxx/CVE-2019-5417.json @@ -33,10 +33,12 @@ "problemtype": { "problemtype_data": [ { - "description": { - "lang": "eng", - "value": "Directory Traversal (Local File Inclusion)" - } + "description": [ + { + "lang": "eng", + "value": "Directory Traversal (Local File Inclusion)" + } + ] } ] }, diff --git a/2019/6xxx/CVE-2019-6282.json b/2019/6xxx/CVE-2019-6282.json index 337c4fc069f..aa44031c3b2 100644 --- a/2019/6xxx/CVE-2019-6282.json +++ b/2019/6xxx/CVE-2019-6282.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6282", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151275/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151275/PLC-Wireless-Router-GPN2.4P21-C-CN-Cross-Site-Request-Forgery.html" + }, + { + "url": "https://www.youtube.com/watch?v=x-r4lnWPdzY", + "refsource": "MISC", + "name": "https://www.youtube.com/watch?v=x-r4lnWPdzY" } ] } diff --git a/2019/6xxx/CVE-2019-6441.json b/2019/6xxx/CVE-2019-6441.json index b43eaa2801f..ca0254c1804 100644 --- a/2019/6xxx/CVE-2019-6441.json +++ b/2019/6xxx/CVE-2019-6441.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-6441", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html", + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/151202/Coship-Wireless-Router-Unauthenticated-Admin-Password-Reset.html" + }, + { + "refsource": "EXPLOIT-DB", + "name": "46180", + "url": "https://www.exploit-db.com/exploits/46180/" } ] } diff --git a/2019/9xxx/CVE-2019-9887.json b/2019/9xxx/CVE-2019-9887.json new file mode 100644 index 00000000000..ad41c29175d --- /dev/null +++ b/2019/9xxx/CVE-2019-9887.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9887", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file