admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-13 00:00:46 +00:00
parent b7b87772f2
commit cd620a4518
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 19 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2019/1010xxx/CVE-2019-1010311.json
View File

@ -1,71 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monit",
"version": {
"version_data": [
{
"version_value": "Version 5.25.2 and earlier [fixed: Version 5.25.3 and later]"
}
]
}
}
]
},
"vendor_name": "Tildeslash"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1010311",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11454. Reason: This candidate is a reservation duplicate of CVE-2019-11454. Notes: All CVE users should reference CVE-2019-11454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

68
2019/1010xxx/CVE-2019-1010312.json
View File

@ -1,71 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"ID": "CVE-2019-1010312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monit",
"version": {
"version_data": [
{
"version_value": "Version 5.25.2 and earlier [fixed: Version 5.25.3 and later]"
}
]
}
}
]
},
"vendor_name": "Tildeslash"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-1010312",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a"
},
{
"url": "https://bitbucket.org/tildeslash/monit/src/e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9/CHANGES?at=master&fileviewer=file-view-default",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/src/e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9/CHANGES?at=master&fileviewer=file-view-default"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11455. Reason: This candidate is a reservation duplicate of CVE-2019-11455. Notes: All CVE users should reference CVE-2019-11455 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

5
2019/11xxx/CVE-2019-11810.json
View File

@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K50484570",
"url": "https://support.f5.com/csp/article/K50484570"
}
]
}