admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-07 15:00:56 +00:00
parent a50b6f19db
commit 297fe92398
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
27 changed files with 480 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
2018/14xxx/CVE-2018-14383.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14383",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Transition Technologies \"The Scheduler\" app 5.1.3 for Jira allows XXE due to a weakly configured/parameterized XML parser. It was fixed in the versions 5.2.1 and 3.3.7"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=versions",
"refsource": "MISC",
"name": "https://marketplace.atlassian.com/apps/37456/the-scheduler?hosting=server&tab=versions"
},
{
"refsource": "MISC",
"name": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt",
"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-022_jira_plugin_the_scheduler.txt"
}
]
}

72
2018/20xxx/CVE-2018-20961.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/7fafcfdf6377b18b2a726ea554d6e593ba44349f"
},
{
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f",
"refsource": "MISC",
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7fafcfdf6377b18b2a726ea554d6e593ba44349f"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4",
"refsource": "MISC",
"name": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.4"
}
]
}
}

6
2019/10xxx/CVE-2019-10367.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10367",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1497",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1497"
}
]
}

6
2019/10xxx/CVE-2019-10368.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10368",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482"
}
]
}

6
2019/10xxx/CVE-2019-10369.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10369",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1482"
}
]
}

6
2019/10xxx/CVE-2019-10370.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10370",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-157"
}
]
}

6
2019/10xxx/CVE-2019-10371.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10371",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-795",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-795"
}
]
}

6
2019/10xxx/CVE-2019-10372.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10372",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-796"
}
]
}

6
2019/10xxx/CVE-2019-10373.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10373",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-879",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-879"
}
]
}

6
2019/10xxx/CVE-2019-10374.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10374",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-142"
}
]
}

6
2019/10xxx/CVE-2019-10375.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10375",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-569"
}
]
}

6
2019/10xxx/CVE-2019-10376.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10376",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-751",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-751"
}
]
}

6
2019/10xxx/CVE-2019-10377.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10377",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1099",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1099"
}
]
}

6
2019/10xxx/CVE-2019-10378.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10378",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1428"
}
]
}

6
2019/10xxx/CVE-2019-10379.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10379",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-591"
}
]
}

6
2019/10xxx/CVE-2019-10380.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10380",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-922"
}
]
}

6
2019/10xxx/CVE-2019-10381.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10381",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-931",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-931"
}
]
}

6
2019/10xxx/CVE-2019-10382.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10382",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1376",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1376"
}
]
}

6
2019/10xxx/CVE-2019-10385.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10385",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1430",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1430"
}
]
}

6
2019/10xxx/CVE-2019-10386.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10386",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1008",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1008"
}
]
}

6
2019/10xxx/CVE-2019-10387.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10387",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1008",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1008"
}
]
}

6
2019/10xxx/CVE-2019-10388.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10388",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053"
}
]
}

6
2019/10xxx/CVE-2019-10389.json
View File

@ -1,7 +1,8 @@
{
"CVE_data_meta": {
"ID": "CVE-2019-10389",
"ASSIGNER": "jenkinsci-cert@googlegroups.com"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
@ -53,7 +54,8 @@
"reference_data": [
{
"url": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053",
"refsource": "CONFIRM"
"refsource": "MISC",
"name": "https://jenkins.io/security/advisory/2019-08-07/#SECURITY-1053"
}
]
}

67
2019/14xxx/CVE-2019-14432.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect authentication of application WebSocket connections in Loom Desktop for Mac up to 0.16.0 allows remote code execution from either malicious JavaScript in a browser or hosts on the same network, during periods in which a user is recording a video with the application. The same attack vector can be used to crash the application at any time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html",
"url": "https://thomask.sdf.org/blog/2019/08/07/cve-2019-14432-loom-desktop-rce-vulnerability.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.loom.com/blog/loom-desktop-application-security-fix/",
"url": "https://www.loom.com/blog/loom-desktop-application-security-fix/"
}
]
}
}

67
2019/14xxx/CVE-2019-14743.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14743",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** In Valve Steam Client for Windows through 2019-08-07, HKLM\\SOFTWARE\\Wow6432Node\\Valve\\Steam has explicit \"Full control\" for the Users group, which allows local users to gain NT AUTHORITY\\SYSTEM access. NOTE: the vendor disputes the significance of this finding; the discoverer was reportedly told that the Steam threat model excludes \"Attacks that require physical access to the user's device\" and \"Attacks that require the ability to drop files in arbitrary locations on the user's filesystem\" (which might apply to the attacker's ability to create links under HKLM\\SOFTWARE\\Wow6432Node\\Valve\\Steam\\Apps)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://amonitoring.ru/article/steamclient-0day/",
"refsource": "MISC",
"name": "https://amonitoring.ru/article/steamclient-0day/"
},
{
"url": "https://habr.com/ru/company/pm/blog/462479/",
"refsource": "MISC",
"name": "https://habr.com/ru/company/pm/blog/462479/"
}
]
}
}

67
2019/14xxx/CVE-2019-14744.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt",
"refsource": "MISC",
"name": "https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt"
},
{
"url": "https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/",
"refsource": "MISC",
"name": "https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/"
}
]
}
}

72
2019/14xxx/CVE-2019-14745.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-14745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In radare2 before 3.7.0, a command injection vulnerability exists in bin_symbols() in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in executables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bananamafia.dev/post/r2-pwndebian/",
"refsource": "MISC",
"name": "https://bananamafia.dev/post/r2-pwndebian/"
},
{
"url": "https://github.com/radare/radare2/pull/14690",
"refsource": "MISC",
"name": "https://github.com/radare/radare2/pull/14690"
},
{
"url": "https://github.com/radare/radare2/releases/tag/3.7.0",
"refsource": "MISC",
"name": "https://github.com/radare/radare2/releases/tag/3.7.0"
}
]
}
}