From d8c249c53de684fadff8bce83fc6e04d13edb751 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 15 Mar 2019 17:08:26 -0400 Subject: [PATCH] - Synchronized data. --- 2019/5xxx/CVE-2019-5616.json | 50 +++++++++++++++- 2019/6xxx/CVE-2019-6149.json | 108 +++++++++++------------------------ 2019/9xxx/CVE-2019-9841.json | 18 ++++++ 3 files changed, 97 insertions(+), 79 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9841.json diff --git a/2019/5xxx/CVE-2019-5616.json b/2019/5xxx/CVE-2019-5616.json index abdfdb51ee67..1b7dc30ea5ad 100644 --- a/2019/5xxx/CVE-2019-5616.json +++ b/2019/5xxx/CVE-2019-5616.json @@ -1,11 +1,34 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "cve@rapid7.com", "DATE_PUBLIC" : "2019-03-12T15:00:00.000Z", "ID" : "CVE-2019-5616", - "STATE" : "RESERVED", + "STATE" : "PUBLIC", "TITLE" : "CircuitWerkes Sicon-8 Client-Side Authentication Read-Only Bypass" }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, "credit" : [ { "lang" : "eng", @@ -19,7 +42,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser." } ] }, @@ -45,6 +68,27 @@ "version" : "3.0" } }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/", + "refsource" : "MISC", + "url" : "https://blog.rapid7.com/2019/03/12/r7-2019-01-circuitwerkes-sicon-8-client-side-authentication-read-only-bypass-cve-2019-5616/" + } + ] + }, "source" : { "defect" : [ "R7-2019-01" diff --git a/2019/6xxx/CVE-2019-6149.json b/2019/6xxx/CVE-2019-6149.json index bc741cec5545..890a063096ef 100644 --- a/2019/6xxx/CVE-2019-6149.json +++ b/2019/6xxx/CVE-2019-6149.json @@ -1,89 +1,45 @@ { - "CVE_data_meta": { - "ASSIGNER": "psirt@lenovo.com", - "DATE_PUBLIC": "2019-03-14T16:00:00.000Z", - "ID": "CVE-2019-6149", - "STATE": "PUBLIC" + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "DATE_PUBLIC" : "2019-03-14T16:00:00.000Z", + "ID" : "CVE-2019-6149", + "STATE" : "RESERVED" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "Dynamic Power Reduction Utility", - "version": { - "version_data": [ - { - "affected": "<", - "version_value": "2.2.2.0" - } - ] - } - } - ] - }, - "vendor_name": "Lenovo" - } - ] - } - }, - "data_format": "MITRE", - "data_type": "CVE", - "data_version": "4.0", - "description": { - "description_data": [ + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ { - "lang": "eng", - "value": "An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges." + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] }, - "impact": { - "cvss": { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "HIGH", - "baseScore": 6.7, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "privilegesRequired": "HIGH", - "scope": "UNCHANGED", - "userInteraction": "NONE", - "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", - "version": "3.0" + "impact" : { + "cvss" : { + "attackComplexity" : "LOW", + "attackVector" : "LOCAL", + "availabilityImpact" : "HIGH", + "baseScore" : 6.7, + "baseSeverity" : "MEDIUM", + "confidentialityImpact" : "HIGH", + "integrityImpact" : "HIGH", + "privilegesRequired" : "HIGH", + "scope" : "UNCHANGED", + "userInteraction" : "NONE", + "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version" : "3.0" } }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "Privilege escalation" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "refsource": "CONFIRM", - "url": "https://support.lenovo.com/solutions/LEN-25674" - } - ] - }, - "solution": [ + "solution" : [ { - "lang": "eng", - "value": "Update Dynamic Power Reduction Utility to version 2.2.2.0." + "lang" : "eng", + "value" : "Update Dynamic Power Reduction Utility to version 2.2.2.0." } ], - "source": { - "advisory": "LEN-25674", - "discovery": "UNKNOWN" + "source" : { + "advisory" : "LEN-25674", + "discovery" : "UNKNOWN" } } diff --git a/2019/9xxx/CVE-2019-9841.json b/2019/9xxx/CVE-2019-9841.json new file mode 100644 index 000000000000..5ef71e4b117c --- /dev/null +++ b/2019/9xxx/CVE-2019-9841.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9841", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +}