Skip to content

Commit

Permalink
"-Synchronized-Data."
Browse files Browse the repository at this point in the history
  • Loading branch information
@cve-team
cve-team committed Jul 13, 2019
1 parent b7b8777 commit cd620a4
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 120 deletions.
66 changes: 6 additions & 60 deletions 2019/1010xxx/CVE-2019-1010311.json
View file
Original file line number Diff line number Diff line change
@@ -1,71 +1,17 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2019-1010311",
"STATE": "PUBLIC"
"ASSIGNER": "[email protected]",
"STATE": "REJECT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monit",
"version": {
"version_data": [
{
"version_value": "Version 5.25.2 and earlier [fixed: Version 5.25.3 and later]"
}
]
}
}
]
},
"vendor_name": "Tildeslash"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tildeslash Monit Version 5.25.2 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Execute javascript in a victim s browser; disable all monitoring for a particular host or service. The component is: In function do_viewlog() on line 910 in Monit/src/http/cervlet.c, an attacker controlled log file is copied into an HTTP response without any HTML escaping. The attack vector is: An authenticated remote attacker can exploit the vulnerability over a network. The fixed version is: Version 5.25.3 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c"
},
{
"url": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_xss.py"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11454. Reason: This candidate is a reservation duplicate of CVE-2019-11454. Notes: All CVE users should reference CVE-2019-11454 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
Expand Down
66 changes: 6 additions & 60 deletions 2019/1010xxx/CVE-2019-1010312.json
View file
Original file line number Diff line number Diff line change
@@ -1,71 +1,17 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "[email protected]",
"ID": "CVE-2019-1010312",
"STATE": "PUBLIC"
"ASSIGNER": "[email protected]",
"STATE": "REJECT"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Monit",
"version": {
"version_data": [
{
"version_value": "Version 5.25.2 and earlier [fixed: Version 5.25.3 and later]"
}
]
}
}
]
},
"vendor_name": "Tildeslash"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tildeslash Monit Version 5.25.2 and earlier is affected by: Buffer Over-read. The impact is: Disclosure of memory contents in an HTTP response, and Denial of Service. The component is: In function Util_urlDecode() on lines 1553 -1563 in Monit/src/util.c, a crafted POST parameter can cause the buffer index to increment to a value greater than the length of the buffer. The attack vector is: An authenticated remote attacker can exploit the vulnerability by sending a HTTP POST request that contains a maliciously crafted body parameter. The fixed version is: Version 5.25.3 and later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a"
},
{
"url": "https://bitbucket.org/tildeslash/monit/src/e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9/CHANGES?at=master&fileviewer=file-view-default",
"refsource": "MISC",
"name": "https://bitbucket.org/tildeslash/monit/src/e9e458ae169c1155cdcd9ca956c0cb4b8d5614f9/CHANGES?at=master&fileviewer=file-view-default"
},
{
"url": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py",
"refsource": "MISC",
"name": "https://github.com/dzflack/exploits/blob/master/unix/monit_buffer_overread.py"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-11455. Reason: This candidate is a reservation duplicate of CVE-2019-11455. Notes: All CVE users should reference CVE-2019-11455 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
Expand Down
5 changes: 5 additions & 0 deletions 2019/11xxx/CVE-2019-11810.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20190617 [SECURITY] [DLA 1823-1] linux security update",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00010.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K50484570",
"url": "https://support.f5.com/csp/article/K50484570"
}
]
}
Expand Down

0 comments on commit cd620a4

Please sign in to comment.