admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-26 16:00:46 +00:00
parent ce3ba802e7
commit b1be9df2ba
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
15 changed files with 310 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2014/5xxx/CVE-2014-5431.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5431",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5431",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hard-coded password CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 contains a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase. Baxter has released a new version of the SIGMA Spectrum Infusion System, version 8, which incorporates hardware and software changes."
}
]
}

58
2014/5xxx/CVE-2014-5432.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5432",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5432",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16."
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass issues CWE-592"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes."
}
]
}

58
2014/5xxx/CVE-2014-5433.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5433",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2014-5433",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Baxter",
"product": {
"product_data": [
{
"product_name": "SIGMA Spectrum Infusion System",
"version": {
"version_data": [
{
"version_value": "6.05 (model 35700BAX) with wireless battery module (WBM) version 16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16, which may allow an attacker to gain access the host network. Baxter has released a new version of the SIGMA Spectrum Infusion System, Version 8, which incorporates hardware and software changes."
}
]
}

53
2018/19xxx/CVE-2018-19856.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19856",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "GitLab CE/EE before 11.3.12, 11.4.x before 11.4.10, and 11.5.x before 11.5.3 allows Directory Traversal in Templates API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/",
"refsource": "MISC",
"name": "https://about.gitlab.com/2018/12/06/critical-security-release-gitlab-11-dot-5-dot-3-released/"
},
{
"refsource": "MISC",
"name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54857",
"url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/54857"
}
]
}

5
2019/3xxx/CVE-2019-3855.json
View File

@ -91,6 +91,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3856.json
View File

@ -61,6 +61,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3856",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3857.json
View File

@ -61,6 +61,11 @@
"url": "https://www.libssh2.org/CVE-2019-3857.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3857.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3858.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3859.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3860.json
View File

@ -53,6 +53,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3860",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3861.json
View File

@ -53,6 +53,11 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3861",
"refsource": "CONFIRM"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3862.json
View File

@ -83,6 +83,11 @@
"refsource": "CONFIRM",
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-767"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

5
2019/3xxx/CVE-2019-3863.json
View File

@ -61,6 +61,11 @@
"url": "https://www.libssh2.org/CVE-2019-3863.html",
"refsource": "MISC",
"name": "https://www.libssh2.org/CVE-2019-3863.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190326 [SECURITY] [DLA 1730-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00032.html"
}
]
},

58
2019/7xxx/CVE-2019-7646.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7646",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the \"Package Name\" field via the add_package module parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151630/CentOS-Web-Panel-0.9.8.763-Cross-Site-Scripting.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151630/CentOS-Web-Panel-0.9.8.763-Cross-Site-Scripting.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46349",
"url": "https://www.exploit-db.com/exploits/46349/"
},
{
"refsource": "MISC",
"name": "https://www.dineshmohanty.com/centos-web-panel-xss",
"url": "https://www.dineshmohanty.com/centos-web-panel-xss"
}
]
}

5
2019/9xxx/CVE-2019-9185.json
View File

@ -66,6 +66,11 @@
"name": "https://github.com/bolt/bolt/blob/v3.6.5/changelog.md",
"refsource": "MISC",
"url": "https://github.com/bolt/bolt/blob/v3.6.5/changelog.md"
},
{
"refsource": "MISC",
"name": "https://www.hacksecproject.com/?p=293",
"url": "https://www.hacksecproject.com/?p=293"
}
]
}