admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-13 01:00:54 +00:00
parent 00447b141e
commit 6d31350cd5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
2 changed files with 26 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2019/1010xxx/CVE-2019-1010309.json
View File

@ -1,66 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pacman",
"version": {
"version_data": [
{
"version_value": "prior to version 5.1.3 [fixed: 5.1.3 via commit 9702703633bec2c007730006de2aeec8587dfc84]"
}
]
}
}
]
},
"vendor_name": "pacman"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1010309",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "pacman prior to version 5.1.3 is affected by: Directory Traversal. The impact is: arbitrary file placement potentially leading to arbitrary root code execution. The component is: installing a remote package via a specified URL \"pacman -U <url>\". The problem was located in function curl_download_internal in lib/libalpm/dload.c line 535. The attack vector is: the victim must install a remote package via a specified URL from a malicious server (or a network MitM if downloading over HTTP). The fixed version is: 5.1.3 via commit 9702703633bec2c007730006de2aeec8587dfc84."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/commit/?id=d197d8ab82cf10650487518fb968067897a12775"
},
{
"url": "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde",
"refsource": "MISC",
"name": "https://git.archlinux.org/pacman.git/commit/?h=release/5.1.x&id=1bf767234363f7ad5933af3f7ce267c123017bde"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-9686. Reason: This candidate is a reservation duplicate of CVE-2019-9686. Notes: All CVE users should reference CVE-2019-9686 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

25
2019/5xxx/CVE-2019-5629.json
View File

@ -9,6 +9,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Rapid7",
"product": {
"product_data": [
{
@ -16,16 +17,13 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2.6.3",
"version_value": "2.6.3"
"version_value": "2.6.3 and prior"
}
]
}
}
]
},
"vendor_name": "Rapid7"
}
}
]
}
@ -80,6 +78,21 @@
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20190603 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation",
"url": "https://seclists.org/bugtraq/2019/Jun/0"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/153159/Rapid7-Windows-InsightIDR-Agent-2.6.3.14-Local-Privilege-Escalation.html"
},
{
"refsource": "FULLDISC",
"name": "20190611 Rapid7's Windows InsightIDR Agent: Local Privilege Escalation",
"url": "http://seclists.org/fulldisclosure/2019/Jun/13"
},
{
"name": "https://help.rapid7.com/insightagent/release-notes/archive/2019/05/#20190529",
"refsource": "CONFIRM",
@ -102,4 +115,4 @@
"advisory": "R7-2019-19",
"discovery": "EXTERNAL"
}
}
}