admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-04-30 19:00:47 +00:00
parent 587e34fcfc
commit 954eeb8199
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
28 changed files with 657 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2017/17xxx/CVE-2017-17848.json
View File

@ -76,6 +76,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/12xxx/CVE-2018-12019.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/12xxx/CVE-2018-12020.json
View File

@ -126,6 +126,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/12xxx/CVE-2018-12356.json
View File

@ -71,6 +71,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

48
2018/14xxx/CVE-2018-14874.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14874",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/error-based-sql-injection-vulnerability.html",
"url": "https://neetech18.blogspot.com/2019/03/error-based-sql-injection-vulnerability.html"
}
]
}

48
2018/14xxx/CVE-2018-14875.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14875",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/reflected-xss-vulnerability-in-polaris.html",
"url": "https://neetech18.blogspot.com/2019/03/reflected-xss-vulnerability-in-polaris.html"
}
]
}

48
2018/14xxx/CVE-2018-14930.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14930",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software.html",
"url": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software.html"
}
]
}

48
2018/14xxx/CVE-2018-14931.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. An open redirect exists via a /IntellectMain.jsp?IntellectSystem= URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html",
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html"
}
]
}

48
2018/15xxx/CVE-2018-15206.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15206",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BPC SmartVista 2 has CSRF via SVFE2/pages/admpages/roles/createrole.jsf."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/cross-site-request-forgery-smartvista.html",
"url": "https://neetech18.blogspot.com/2019/03/cross-site-request-forgery-smartvista.html"
}
]
}

48
2018/15xxx/CVE-2018-15207.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15207",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BPC SmartVista 2 has Improper Access Control in the SVFE module, where it fails to appropriately restrict access: a normal user is able to access the SVFE2/pages/finadmin/currconvrate/currconvrate.jsf functionality that should be only accessible to an admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html",
"url": "https://neetech18.blogspot.com/2019/03/incorrect-access-control-smart-vista.html"
}
]
}

48
2018/15xxx/CVE-2018-15208.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15208",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "BPC SmartVista 2 has Session Fixation via the JSESSIONID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://neetech18.blogspot.com/2019/03/session-fixation-smart-vista-svfe-2.html",
"url": "https://neetech18.blogspot.com/2019/03/session-fixation-smart-vista-svfe-2.html"
}
]
}

5
2018/15xxx/CVE-2018-15586.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/15xxx/CVE-2018-15587.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/15xxx/CVE-2018-15588.json
View File

@ -61,6 +61,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

5
2018/18xxx/CVE-2018-18509.json
View File

@ -16,6 +16,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
},

5
2018/19xxx/CVE-2018-19039.json
View File

@ -76,6 +76,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190416-0004/",
"url": "https://security.netapp.com/advisory/ntap-20190416-0004/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:0911",
"url": "https://access.redhat.com/errata/RHSA-2019:0911"
}
]
}

72
2018/20xxx/CVE-2018-20834.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20834",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-20834",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in node-tar before version 4.4.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/344595",
"refsource": "MISC",
"name": "https://hackerone.com/reports/344595"
},
{
"url": "https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8",
"refsource": "MISC",
"name": "https://github.com/npm/node-tar/commit/b0c58433c22f5e7fe8b1c76373f27e3f81dcd4c8"
},
{
"url": "https://github.com/npm/node-tar/compare/58a8d43...a5f7779",
"refsource": "MISC",
"name": "https://github.com/npm/node-tar/compare/58a8d43...a5f7779"
}
]
}

72
2018/20xxx/CVE-2018-20835.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2018-20835",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://hackerone.com/reports/344595",
"refsource": "MISC",
"name": "https://hackerone.com/reports/344595"
},
{
"url": "https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2",
"refsource": "MISC",
"name": "https://github.com/mafintosh/tar-fs/commit/06672828e6fa29ac8551b1b6f36c852a9a3c58a2"
},
{
"url": "https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f",
"refsource": "MISC",
"name": "https://github.com/mafintosh/tar-fs/compare/d590fc7...a35ce2f"
}
]
}

5
2019/0xxx/CVE-2019-0728.json
View File

@ -66,6 +66,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Spoofing OpenPGP and S/MIME Signatures in Emails (multiple clients)",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/4"
},
{
"refsource": "FULLDISC",
"name": "20190430 OpenPGP and S/MIME signature forgery attacks in multiple email clients",
"url": "http://seclists.org/fulldisclosure/2019/Apr/38"
}
]
}

3
2019/10xxx/CVE-2019-10131.json
View File

@ -4,7 +4,8 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-10131",
"ASSIGNER": "lpardo@redhat.com"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {

72
2019/11xxx/CVE-2019-11193.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11193",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11193",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileManager in InfinitumIT DirectAdmin through v1.561 has XSS via CMD_FILE_MANAGER, CMD_SHOW_USER, and CMD_SHOW_RESELLER; an attacker can bypass the CSRF protection with this, and take over the administration panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://numanozdemir.com/respdisc/directadmin.pdf",
"refsource": "MISC",
"name": "https://numanozdemir.com/respdisc/directadmin.pdf"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/152494/DirectAdmin-1.561-Cross-Site-Scripting.html"
},
{
"refsource": "EXPLOIT-DB",
"name": "46694",
"url": "https://www.exploit-db.com/exploits/46694"
}
]
}

5
2019/11xxx/CVE-2019-11557.json
View File

@ -61,6 +61,11 @@
"url": "https://wordpress.org/plugins/contact-form-builder/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/contact-form-builder/#developers"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Apr/35",
"url": "http://seclists.org/fulldisclosure/2019/Apr/35"
}
]
}

5
2019/11xxx/CVE-2019-11590.json
View File

@ -61,6 +61,11 @@
"url": "https://lists.openwall.net/full-disclosure/2019/04/05/11",
"refsource": "MISC",
"name": "https://lists.openwall.net/full-disclosure/2019/04/05/11"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Apr/36",
"url": "http://seclists.org/fulldisclosure/2019/Apr/36"
}
]
}

5
2019/11xxx/CVE-2019-11591.json
View File

@ -61,6 +61,11 @@
"url": "https://wordpress.org/plugins/contact-form-maker/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/contact-form-maker/#developers"
},
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Apr/37",
"url": "http://seclists.org/fulldisclosure/2019/Apr/37"
}
]
}

5
2019/11xxx/CVE-2019-11599.json
View File

@ -101,6 +101,11 @@
"refsource": "MLIST",
"name": "[oss-security] 20190430 Re: Linux kernel: multiple issues",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/1"
},
{
"refsource": "EXPLOIT-DB",
"name": "46781",
"url": "https://www.exploit-db.com/exploits/46781/"
}
]
}

18
2019/11xxx/CVE-2019-11604.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11604",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2019/11xxx/CVE-2019-11605.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11605",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

48
2019/9xxx/CVE-2019-9486.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9486",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject and execute code by hijacking the insecure communications with the service. This vulnerability also affects Telekom MagentaCLOUD through 5.7.0.0 and 1&1 Online Storage through 6.1.0.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint",
"url": "https://zer0-day.pw/articles/2019-04/HiDrive-LPE-via-Insecure-WCF-endpoint"
}
]
}