admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Adding TWCERT/CC CVE-2019-15067 CVE-2019-15068 CVE-2019-15069

Browse Source
This commit is contained in:
yinnping 2019-09-25 21:14:48 +08:00
parent f6b0da9fab
commit d74d3f53c0
3 changed files with 249 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

83
2019/15xxx/CVE-2019-15067.json Normal file
View File

@ -0,0 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15067",
"STATE": "PUBLIC",
"TITLE": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A2-25DE",
"version": {
"version_data": [
{
"version_affected": "?<=",
"version_name": "Firmware",
"version_value": "SECFS-2013-10-16-13:42:58-629c30ee-60c68be6"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng, Julian Chen"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authentication bypass vulnerability discovered in Smart Battery A2-25DE, a multifunctional portable charger, firmware version ?<= SECFS-2013-10-16-13:42:58-629c30ee-60c68be6. An attacker can bypass authentication and gain privilege by modifying the login page."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908002"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=44"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

83
2019/15xxx/CVE-2019-15068.json Normal file
View File

@ -0,0 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15068",
"STATE": "PUBLIC",
"TITLE": "A broken access control vulnerability discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?<=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A broken access control vulnerability in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 allows an attacker to get/reset administrators password without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908003"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=45",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=45"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

83
2019/15xxx/CVE-2019-15069.json Normal file
View File

@ -0,0 +1,83 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-09-24T16:00:00.000Z",
"ID": "CVE-2019-15069",
"STATE": "PUBLIC",
"TITLE": "An unsafe authentication interface was discovered in Smart Battery A4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Smart Battery A4",
"version": {
"version_data": [
{
"version_affected": "?<=",
"version_name": "Firmware",
"version_value": "r1.7.9"
}
]
}
}
]
},
"vendor_name": "Gigastone"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Leon Chen, Y.D. Chen, Laura Tzou, Mars Cheng"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unsafe authentication interface was discovered in Smart Battery A4, a multifunctional portable charger, firmware version ?<= r1.7.9 . An attacker can bypass authentication without modifying device file and gain web page management privilege."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe authentication interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908004"
},
{
"name": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=46",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/subpages/ServeThePublic/public_document_details.aspx?lang=en-US&id=46"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}