admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-29 20:00:49 +00:00
parent 727e599ff8
commit ecae6900df
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
3 changed files with 62 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2018/18xxx/CVE-2018-18056.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.usenix.org/system/files/woot19-paper_schink.pdf",
"url": "https://www.usenix.org/system/files/woot19-paper_schink.pdf"
},
{
"refsource": "MISC",
"name": "https://www.usenix.org/conference/woot19/presentation/schink",
"url": "https://www.usenix.org/conference/woot19/presentation/schink"
}
]
}

9
2019/10xxx/CVE-2019-10751.json
View File

@ -19,7 +19,7 @@
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "All versions prior to version 1.0.3"
}
]
}
@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107",
"url": "https://snyk.io/vuln/SNYK-PYTHON-HTTPIE-460107"
},
{
"refsource": "MISC",
"name": "https://github.com/jakubroztocil/httpie/releases/tag/1.0.3",
"url": "https://github.com/jakubroztocil/httpie/releases/tag/1.0.3"
}
]
},
@ -55,7 +60,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of the HTTPie package are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control."
"value": "All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control."
}
]
}

56
2019/11xxx/CVE-2019-11396.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-11396",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-11396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder (files / folders and configuration) are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to obtain SYSTEM privileges. Arbitrary file creation can be achieved by abusing the SwuConfig.json file creation: an unprivileged user can replace these files by pseudo-symbolic links to arbitrary files. When an update occurs, a privileged service creates a file and sets its access rights, offering write access to the Everyone group in any directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20190802 Avira Free Security Suite 2019 - Exploiting Arbitrary File Writes for Local Elevation of Privilege",
"url": "https://seclists.org/fulldisclosure/2019/Aug/1"
}
]
}