From 6c24b3ffbd75ee7fc84bd5cb490c2318d08a0f3b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 13 Mar 2019 03:42:44 -0400 Subject: [PATCH] - Synchronized data. --- 2018/20xxx/CVE-2018-20621.json | 48 ++++++++++++++++++++++++-- 2019/9xxx/CVE-2019-9741.json | 62 ++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+), 2 deletions(-) create mode 100644 2019/9xxx/CVE-2019-9741.json diff --git a/2018/20xxx/CVE-2018-20621.json b/2018/20xxx/CVE-2018-20621.json index 8b900d2e2f9..0ef42df1f89 100644 --- a/2018/20xxx/CVE-2018-20621.json +++ b/2018/20xxx/CVE-2018-20621.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-20621", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Microvirt MEmu 6.0.6. The MemuService.exe service binary is vulnerable to local privilege escalation through binary planting due to insecure permissions set at install time. This allows code to be run as NT AUTHORITY/SYSTEM." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-20621", + "refsource" : "MISC", + "url" : "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2018-20621" } ] } diff --git a/2019/9xxx/CVE-2019-9741.json b/2019/9xxx/CVE-2019-9741.json new file mode 100644 index 00000000000..8ff63986dc8 --- /dev/null +++ b/2019/9xxx/CVE-2019-9741.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9741", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \\r\\n followed by an HTTP header or a Redis command." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/golang/go/issues/30794", + "refsource" : "MISC", + "url" : "https://github.com/golang/go/issues/30794" + } + ] + } +}