admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-06-17 19:00:47 +00:00
parent 027fb6831f
commit e072b7b8ae
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
14 changed files with 344 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/8xxx/CVE-2018-8029.json
View File

@ -68,6 +68,11 @@
"refsource": "MLIST",
"name": "[hbase-issues] 20190603 [jira] [Resolved] (HBASE-22499) Drop the support for several hadoop releases due to CVE-2018-8029",
"url": "https://lists.apache.org/thread.html/0b8d58e02dbd0fb8bf7320c514fe58da1d6728bdc150f1ba04e0d9fc@%3Cissues.hbase.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190617-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190617-0001/"
}
]
},

5
2019/0xxx/CVE-2019-0196.json
View File

@ -118,6 +118,11 @@
"refsource": "MLIST",
"name": "[httpd-cvs] 20190611 svn commit: r1046148 - in /websites/production/httpd/content: ./ mail",
"url": "https://lists.apache.org/thread.html/97a1c58e138ed58a364513b58d807a802e72bf6079ff81a10948ef7c@%3Ccvs.httpd.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190617-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
}
]
},

5
2019/0xxx/CVE-2019-0197.json
View File

@ -88,6 +88,11 @@
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K44591505",
"url": "https://support.f5.com/csp/article/K44591505"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190617-0002/",
"url": "https://security.netapp.com/advisory/ntap-20190617-0002/"
}
]
},

5
2019/10xxx/CVE-2019-10149.json
View File

@ -113,6 +113,11 @@
"refsource": "FULLDISC",
"name": "20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)",
"url": "http://seclists.org/fulldisclosure/2019/Jun/16"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153312/Exim-4.91-Local-Privilege-Escalation.html"
}
]
},

5
2019/10xxx/CVE-2019-10160.json
View File

@ -73,6 +73,11 @@
"url": "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468",
"name": "https://github.com/python/cpython/commit/fd1771dbdd28709716bd531580c40ae5ed814468",
"refsource": "CONFIRM"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190617-0003/",
"url": "https://security.netapp.com/advisory/ntap-20190617-0003/"
}
]
},

5
2019/11xxx/CVE-2019-11269.json
View File

@ -78,6 +78,11 @@
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-11269",
"name": "https://pivotal.io/security/cve-2019-11269"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html",
"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html"
}
]
},

66
2019/11xxx/CVE-2019-11409.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation that allows authenticated non-administrative attackers to execute commands on the host. This can further lead to remote code execution when combined with an XSS vulnerability also present in the FusionPBX Operator Panel module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/e43ca27ba2d9c0109a6bf198fe2f8d79f63e0611"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/153256/FusionPBX-4.4.3-Remote-Command-Execution.html"
},
{
"refsource": "MISC",
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
]
}

61
2019/11xxx/CVE-2019-11410.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11410",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "app/backup/index.php in the Backup Module in FreePBX 4.4.3 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute commands on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84",
"refsource": "MISC",
"name": "https://github.com/fusionpbx/fusionpbx/commit/0f965c89288de449236ad6de4f97960814ce8c84"
},
{
"refsource": "MISC",
"name": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html",
"url": "https://blog.gdssecurity.com/labs/2019/6/7/rce-using-caller-id-multiple-vulnerabilities-in-fusionpbx.html"
}
]
}

5
2019/3xxx/CVE-2019-3778.json
View File

@ -81,6 +81,11 @@
"name": "https://pivotal.io/security/cve-2019-3778",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2019-3778"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html",
"url": "http://packetstormsecurity.com/files/153299/Spring-Security-OAuth-2.3-Open-Redirection.html"
}
]
},

5
2019/4xxx/CVE-2019-4139.json
View File

@ -73,6 +73,11 @@
"refsource": "BID",
"name": "108527",
"url": "http://www.securityfocus.com/bid/108527"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190617-0004/",
"url": "https://security.netapp.com/advisory/ntap-20190617-0004/"
}
]
},

48
2019/7xxx/CVE-2019-7315.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7315",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/",
"url": "https://labs.nettitude.com/blog/cve-2019-7315-genie-access-wip3bvaf-ip-camera-directory-traversal/"
}
]
}

53
2019/7xxx/CVE-2019-7579.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7579",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered on Linksys WRT1900ACS 1.0.3.187766 devices. An ability exists for an unauthenticated user to browse a confidential ui/1.0.99.187766/dynamic/js/setup.js.localized file on the router's webserver, allowing for an attacker to identify possible passwords that the system uses to set the default guest network password. An attacker can use this list of 30 words along with a random 2 digit number to brute force their access onto a router's guest network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://robot-security.blogspot.com",
"refsource": "MISC",
"name": "https://robot-security.blogspot.com"
},
{
"refsource": "MISC",
"name": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/",
"url": "http://www.x0rsecurity.com/2019/06/09/my-second-cve-linksys-wrt-acs-cve-2019-7579-or-as-i-call-it-acceptance-no-one-considers-security-by-design/"
}
]
}

48
2019/8xxx/CVE-2019-8324.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8324",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. A crafted gem with a multi-line name is not handled correctly. Therefore, an attacker could inject arbitrary code to the stub line of gemspec, which is eval-ed by code in ensure_loadable_spec during the preinstall check."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/328571",
"refsource": "MISC",
"name": "https://hackerone.com/reports/328571"
}
]
}

48
2019/8xxx/CVE-2019-8325.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-8325",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in RubyGems 2.6 and later through 3.0.2. Since Gem::CommandManager#run calls alert_error without escaping, escape sequence injection is possible. (There are many ways to cause an error.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/317353",
"refsource": "MISC",
"name": "https://hackerone.com/reports/317353"
}
]
}