admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-09 17:00:52 +00:00
parent fbe43b5f5f
commit afd5c19f55
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 266 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2017/18xxx/CVE-2017-18486.json Normal file
View File

@ -0,0 +1,77 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jitbit Helpdesk before 9.0.3 allows remote attackers to escalate privileges because of mishandling of the User/AutoLogin userHash parameter. By inspecting the token value provided in a password reset link, a user can leverage a weak PRNG to recover the shared secret used by the server for remote authentication. The shared secret can be used to escalate privileges by forging new tokens for any user. These tokens can be used to automatically log in as the affected user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day",
"refsource": "MISC",
"name": "https://www.trustedsec.com/2017/09/full-disclosure-jitbit-helpdesk-authentication-bypass-0-day"
},
{
"url": "https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass",
"refsource": "MISC",
"name": "https://github.com/Kc57/JitBit_Helpdesk_Auth_Bypass"
},
{
"url": "https://www.exploit-db.com/exploits/42776",
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/42776"
},
{
"url": "https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html",
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/144334/JitBit-Helpdesk-9.0.2-Broken-Authentication.html"
}
]
}
}

12
2018/11xxx/CVE-2018-11210.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so."
"value": "** DISPUTED ** TinyXML2 6.2.0 has a heap-based buffer over-read in the XMLDocument::Parse function in libtinyxml2.so. NOTE: The tinyxml2 developers have determined that the reported overflow is due to improper use of the library and not a vulnerability in tinyxml2."
}
]
},
@ -56,6 +56,16 @@
"name": "https://github.com/leethomason/tinyxml2/issues/675",
"refsource": "MISC",
"url": "https://github.com/leethomason/tinyxml2/issues/675"
},
{
"refsource": "MISC",
"name": "https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437",
"url": "https://github.com/leethomason/tinyxml2/issues/675#issuecomment-439933437"
},
{
"refsource": "MISC",
"name": "https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018",
"url": "https://github.com/leethomason/tinyxml2/issues/675#issuecomment-462194018"
}
]
}

5
2018/16xxx/CVE-2018-16888.json
View File

@ -76,6 +76,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:2091",
"url": "https://access.redhat.com/errata/RHSA-2019:2091"
},
{
"refsource": "MLIST",
"name": "[cassandra-user] 20190809 cassandra does not start with new systemd version",
"url": "https://lists.apache.org/thread.html/5960a34a524848cd722fd7ab7e2227eac10107b0f90d9d1e9c3caa74@%3Cuser.cassandra.apache.org%3E"
}
]
}

83
2019/12xxx/CVE-2019-12805.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "vuln@krcert.or.kr",
"DATE_PUBLIC": "2019-08-05T06:30:00.000Z",
"ID": "CVE-2019-12805",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "NC Launcher 2 Arbitrary Command Injection Vulnerability"
},
"description": {
"description_data": [
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "NCSOFT",
"product": {
"product_data": [
{
"product_name": "NC Launcher2",
"version": {
"version_data": [
{
"version_value": "2.4.1.691 and earlier"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35106",
"url": "https://www.boho.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=35106"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

64
2019/5xxx/CVE-2019-5395.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5395",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5395",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote arbitrary file upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote arbitrary file upload vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
}

64
2019/5xxx/CVE-2019-5396.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"description": {
"description_data": [
"CVE_data_meta": {
"ID": "CVE-2019-5396",
"ASSIGNER": "security-alert@hpe.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"vendor_name": "Hewlett Packard Enterprise (HPE)",
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processor",
"version": {
"version_data": [
{
"version_value": "prior to 5.0.5.1"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03942en_us"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote authentication bypass vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1."
}
]
}