admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-19 21:00:51 +00:00
parent 27610ad227
commit dafba69734
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
5 changed files with 224 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/12xxx/CVE-2019-12209.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:1708", "name": "openSUSE-SU-2019:1708",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1725",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
} }
] ]
} }

5
2019/12xxx/CVE-2019-12210.json
View File

@ -71,6 +71,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:1708", "name": "openSUSE-SU-2019:1708",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1725",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
} }
] ]
} }

62
2019/13xxx/CVE-2019-13991.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED photosensitivity."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://arxiv.org/abs/1907.00479",
"refsource": "MISC",
"name": "https://arxiv.org/abs/1907.00479"
}
]
}
}

151
2019/7xxx/CVE-2019-7590.json
View File

@ -1,9 +1,63 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "productsecurity@jci.com",
"DATE_PUBLIC": "2019-07-18T17:01:00.000Z",
"ID": "CVE-2019-7590", "ID": "CVE-2019-7590",
"STATE": "RESERVED" "STATE": "PUBLIC",
"TITLE": "exacqVision Server Unquoted Service Path"
}, },
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "exacqVision Server",
"version": {
"version_data": [
{
"version_affected": "?<",
"version_value": "8.4"
},
{
"version_affected": "!<=",
"version_value": "9.4"
},
{
"version_affected": "=",
"version_value": "9.6"
},
{
"version_affected": "=",
"version_value": "9.8"
},
{
"version_affected": "!>",
"version_value": "19.03"
}
]
}
}
]
},
"vendor_name": "Exacq Technologies, Inc."
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "Windows operating system with exacqVision Server version 9.6 or 9.8 installed."
}
],
"credit": [
{
"lang": "eng",
"value": "Gjoko 'LiquidWorm' Krstic"
}
],
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
"data_version": "4.0", "data_version": "4.0",
@ -11,8 +65,97 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "ExacqVision Server\u2019s services 'exacqVisionServer', 'dvrdhcpserver' and 'mdnsresponder' have an unquoted service path. If an authenticated user is able to insert code in their system root path it potentially can be executed during the application startup. This could allow the authenticated user to elevate privileges on the system. This issue affects: Exacq Technologies, Inc. exacqVision Server 9.6; 9.8. This issue does not affect: Exacq Technologies, Inc. exacqVision Server version 9.4 and prior versions; 19.03. It is not known whether this issue affects: Exacq Technologies, Inc. exacqVision Server versions prior to 8.4."
} }
] ]
} },
"exploit": [
{
"lang": "eng",
"value": "N/A"
}
],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-428 Unquoted Search Path or Element"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "The exacqVision Server unquoted service path privilege escalation vulnerability is possible in the Windows operating system."
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html",
"name": "https://packetstormsecurity.com/files/152128/exacqVision-9.8-Unquoted-Service-Path-Privilege-Escalation.html"
},
{
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php",
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5515.php"
},
{
"refsource": "MISC",
"url": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341",
"name": "https://gallery.technet.microsoft.com/scriptcenter/Windows-Unquoted-Service-190f0341"
},
{
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-199-01"
},
{
"refsource": "CONFIRM",
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to exacqVision Server 19.03"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Run Registry Editor and navigate to HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exacqVisionServer. Modify the ImagePath for to include quotations around the entire file path. Repeat this process for HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dvrdhcpserver and HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mdnsresponder"
}
]
} }

5
2019/9xxx/CVE-2019-9578.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE", "refsource": "SUSE",
"name": "openSUSE-SU-2019:1708", "name": "openSUSE-SU-2019:1708",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html" "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00012.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1725",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00018.html"
} }
] ]
} }