admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-01-16 14:01:14 +00:00
parent 8481fbce88
commit ad996290a7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
2019/18xxx/CVE-2019-18935.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (In 2019.3.1023 but not earlier versions, a non-default setting can prevent exploitation.)"
"value": "Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)"
}
]
},
@ -86,6 +86,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/155720/Telerik-UI-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)",
"url": "https://www.telerik.com/support/whats-new/aspnet-ajax/release-history/ui-for-asp-net-ajax-r1-2020-(version-2020-1-114)"
}
]
}