admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-07-26 14:00:56 +00:00
parent 415a693fb9
commit dc76da3efc
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 73 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
2019/13xxx/CVE-2019-13024.json
View File

@ -34,7 +34,7 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "Centreon V19.04 allows the attacker to execute arbitrary system commands by using the value \"init_script\"-\"Monitoring Engine Binary\" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands)." "value": "Centreon 18.x before 18.10.6, 19.x before 19.04.3, and Centreon web before 2.8.29 allows the attacker to execute arbitrary system commands by using the value \"init_script\"-\"Monitoring Engine Binary\" in main.get.php to insert a arbitrary command into the database, and execute it by calling the vulnerable page www/include/configuration/configGenerate/xml/generateFiles.php (which passes the inserted value to the database to shell_exec without sanitizing it, allowing one to execute system arbitrary commands)."
} }
] ]
}, },
@ -66,6 +66,21 @@
"refsource": "MISC", "refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153504/Centreon-19.04-Remote-Code-Execution.html", "name": "http://packetstormsecurity.com/files/153504/Centreon-19.04-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/153504/Centreon-19.04-Remote-Code-Execution.html" "url": "http://packetstormsecurity.com/files/153504/Centreon-19.04-Remote-Code-Execution.html"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/centreon/centreon/pull/7694",
"url": "https://github.com/centreon/centreon/pull/7694"
},
{
"refsource": "CONFIRM",
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04/centreon-19.04.3.html",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-19.04/centreon-19.04.3.html"
},
{
"refsource": "CONFIRM",
"name": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.6.html",
"url": "https://documentation.centreon.com/docs/centreon/en/latest/release_notes/centreon-18.10/centreon-18.10.6.html"
} }
] ]
} }

7
2019/6xxx/CVE-2019-6002.json
View File

@ -3,7 +3,9 @@
"references": { "references": {
"reference_data": [ "reference_data": [
{ {
"url": "https://github.com/line/centraldogma/releases/tag/centraldogma-0.41.0" "url": "https://github.com/line/centraldogma/releases/tag/centraldogma-0.41.0",
"refsource": "MISC",
"name": "https://github.com/line/centraldogma/releases/tag/centraldogma-0.41.0"
} }
] ]
}, },
@ -41,7 +43,8 @@
}, },
"CVE_data_meta": { "CVE_data_meta": {
"ID": "CVE-2019-6002", "ID": "CVE-2019-6002",
"ASSIGNER": "vultures@jpcert.or.jp" "ASSIGNER": "vultures@jpcert.or.jp",
"STATE": "PUBLIC"
}, },
"data_format": "MITRE", "data_format": "MITRE",
"problemtype": { "problemtype": {

55
2019/9xxx/CVE-2019-9492.json
View File

@ -1,8 +1,31 @@
{ {
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2019-9492", "ID": "CVE-2019-9492",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "11.0 SP1, XG (12.0)"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow an authenticated attacker to gain code execution and terminate the product's process - disabling endpoint protection. The attacker must have already gained authentication and have local access to the vulnerable system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DLL Side-loading"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself",
"refsource": "MISC",
"name": "https://www.nsslabs.com/blog-posts/2019/7/24/your-advanced-endpoint-protection-aep-product-protects-your-computer-but-can-it-protect-itself"
},
{
"refsource": "CONFIRM",
"name": "https://success.trendmicro.com/solution/1123045",
"url": "https://success.trendmicro.com/solution/1123045"
} }
] ]
} }