admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-29 20:01:09 +00:00
parent 32573ad07b
commit f27f57e279
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
6 changed files with 163 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
2011/1xxx/CVE-2011-1408.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1408",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"refsource": "MISC",
"name": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098",
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"refsource": "CONFIRM",
"name": "https://ikiwiki.info/security/#index40h2",
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"refsource": "MISC",
"name": "https://www.tenable.com/plugins/nessus/55157",
"url": "https://www.tenable.com/plugins/nessus/55157"
}
]
}

48
2018/18xxx/CVE-2018-18931.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\\TRMS\\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the Carousel.Service.exe file with a custom malicious executable. This service is independent of the associated IIS web site, which means that this service can be manipulated by an attacker without losing access to vulnerabilities in the web interface (which would potentially be used in conjunction with this attack, to control the service). Once the attacker has replaced Carousel.Service.exe, the server can be restarted using the command \"shutdown -r -t 0\" from a web shell, causing the system to reboot and launching the malicious Carousel.Service.exe as SYSTEM on startup. If this malicious Carousel.Service.exe is configured to launch a reverse shell back to the attacker, then upon reboot the attacker will have a fully privileged remote command-line environment to manipulate the system further."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/",
"refsource": "MISC",
"name": "https://www.drewgreen.net/vulnerabilities-in-tightrope-media-systems-carousel/"
}
]
}

53
2018/19xxx/CVE-2018-19151.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19151",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "qtum through 0.16 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service. The attacker sends invalid headers/blocks. The attack requires no stake and can fill the victim's disk and RAM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806",
"refsource": "MISC",
"name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf",
"refsource": "MISC",
"name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"
}
]
}

10
2019/10xxx/CVE-2019-10743.json
View File

@ -15,11 +15,11 @@
"product": {
"product_data": [
{
"product_name": "archiver",
"product_name": "github.com/mholt/archiver/cmd/arc",
"version": {
"version_data": [
{
"version_value": "All versions"
"version_value": "versions 3.0.0 and later"
}
]
}
@ -56,8 +56,8 @@
},
{
"refsource": "MISC",
"name": "https://github.com/mholt/archiver/pull/169",
"url": "https://github.com/mholt/archiver/pull/169"
"name": "https://github.com/mholt/archiver/pull/169,",
"url": "https://github.com/mholt/archiver/pull/169,"
}
]
},
@ -65,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "All versions of archiver allow attacker to perform a Zip Slip attack via the \"unarchive\" functions. It is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder. For instance, a zip may hold a file with a \"../../file.exe\" location and thus break out of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily."
"value": "github.com/mholt/archiver/cmd/arc package versions 3.0.0 and later are vulnerable to an Arbitrary File Write via Archive Extraction (Zip Slip). The package is exploited using a specially crafted zip archive, that holds path traversal filenames. When exploited, a filename in a malicious archive is concatenated to the target extraction directory, which results in the final path ending up outside of the target folder."
}
]
}

5
2019/14xxx/CVE-2019-14287.json
View File

@ -151,11 +151,6 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3209",
"url": "https://access.redhat.com/errata/RHSA-2019:3209"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3219",
"url": "https://access.redhat.com/errata/RHSA-2019:3219"
}
]
}

5
2019/15xxx/CVE-2019-15903.json
View File

@ -161,11 +161,6 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3210",
"url": "https://access.redhat.com/errata/RHSA-2019:3210"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3237",
"url": "https://access.redhat.com/errata/RHSA-2019:3237"
}
]
}