admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-05-24 16:00:47 +00:00
parent ecde59dd3b
commit 4b8e9f6bd6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
10 changed files with 357 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2019/0xxx/CVE-2019-0841.json
View File

@ -120,6 +120,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-360/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153009/Internet-Explorer-JavaScript-Privilege-Escalation.html"
}
]
}

5
2019/0xxx/CVE-2019-0863.json
View File

@ -196,6 +196,11 @@
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863",
"refsource": "MISC",
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0863"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153008/Angry-Polar-Bear-2-Microsoft-Windows-Error-Reporting-Local-Privilege-Escalation.html"
}
]
}

61
2019/11xxx/CVE-2019-11875.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11875",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user account to connect to the Blue Prism server, but the roles associated to this account are not required to have any permissions. First of all, the application files are modified to grant full permissions on the client side. In a test environment (or his own instance of the software) an attacker is able to grant himself full privileges also on the server side. He can then, for instance, create a process with malicious behavior and export it to disk. With the modified client, it is possible to import the exported file as a release and overwrite any existing process in the database. Eventually, the bots execute the malicious process. The server does not check the user's permissions for the aforementioned actions, such that a modification of the client software enables this kind of attack. Possible scenarios may involve changing bank accounts or setting passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-002.txt",
"refsource": "MISC",
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-002.txt"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153007/Blue-Prism-Robotic-Process-Automation-RPA-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153007/Blue-Prism-Robotic-Process-Automation-RPA-Privilege-Escalation.html"
}
]
}

61
2019/11xxx/CVE-2019-11876.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11876",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/",
"refsource": "MISC",
"name": "https://www.prestashop.com/forums/forum/2-prestashop-news-and-releases/"
},
{
"refsource": "MISC",
"name": "https://www.logicallysecure.com/blog/xss-presta-xss-drupal/",
"url": "https://www.logicallysecure.com/blog/xss-presta-xss-drupal/"
}
]
}

61
2019/12xxx/CVE-2019-12150.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12150",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Karamasoft UltimateEditor 1 does not ensure that an uploaded file is an image or document (neither file types nor extensions are restricted). The attacker must use the Attach icon to perform an upload. An uploaded file is accessible under the UltimateEditorInclude/UserFiles/ URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.karamasoft.com",
"refsource": "MISC",
"name": "https://www.karamasoft.com"
},
{
"refsource": "MISC",
"name": "https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload",
"url": "https://github.com/Gr4y21/My-CVE-IDs/blob/master/CVE-2019-12150/Karamasoft%20Arbitrary%20File%20Upload"
}
]
}

61
2019/12xxx/CVE-2019-12155.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12155",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "interface_release_resource in hw/display/qxl.c in QEMU 4.0.0 has a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg01321.html"
},
{
"refsource": "CONFIRM",
"name": "http://www.openwall.com/lists/oss-security/2019/05/22/1",
"url": "http://www.openwall.com/lists/oss-security/2019/05/22/1"
}
]
}

61
2019/12xxx/CVE-2019-12195.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12195",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-Link TL-WR840N v5 00000005 devices allow XSS via the network name. The attacker must log into the router by breaking the password and going to the admin login page by THC-HYDRA to get the network name. With an XSS payload, the network name changed automatically and the internet connection was disconnected. All the users become disconnected from the internet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tp-link.com/us/security",
"refsource": "MISC",
"name": "https://www.tp-link.com/us/security"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/153027/TP-LINK-TL-WR840N-Cross-Site-Scripting.html"
}
]
}

62
2019/12xxx/CVE-2019-12315.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the \"print from file\" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gist.github.com/med0x2e/2715d32602ba688ea3bc239a3d5f8214",
"refsource": "MISC",
"name": "https://gist.github.com/med0x2e/2715d32602ba688ea3bc239a3d5f8214"
}
]
}
}

5
2019/4xxx/CVE-2019-4279.json
View File

@ -21,6 +21,11 @@
"refsource": "XF",
"title": "X-Force Vulnerability Report",
"name": "ibm-websphere-cve20194279-code-exec (160445)"
},
{
"refsource": "BID",
"name": "108450",
"url": "http://www.securityfocus.com/bid/108450"
}
]
},

5
2019/4xxx/CVE-2019-4293.json
View File

@ -12,6 +12,11 @@
"name": "ibm-storwize-cve20194293-info-disc (160699)",
"title": "X-Force Vulnerability Report",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/160699"
},
{
"refsource": "BID",
"name": "108445",
"url": "http://www.securityfocus.com/bid/108445"
}
]
},