From 809a70f879f25ed3b62e0b5029996fee29750e1a Mon Sep 17 00:00:00 2001 From: ghost Date: Tue, 5 Nov 2024 07:20:12 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index 9353c50587..4542f1b5b1 100644 --- a/cves.json +++ b/cves.json @@ -658,6 +658,7 @@ {"ID":"CVE-2018-9205","Info":{"Name":"Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion","Severity":"high","Description":"In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-9205.yaml"} {"ID":"CVE-2018-9845","Info":{"Name":"Etherpad Lite \u003c1.6.4 - Admin Authentication Bypass","Severity":"critical","Description":"Etherpad Lite before 1.6.4 is exploitable for admin access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9845.yaml"} {"ID":"CVE-2018-9995","Info":{"Name":"TBK DVR4104/DVR4216 Devices - Authentication Bypass","Severity":"critical","Description":"TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and\nMDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass\nauthentication via a \"Cookie: uid=admin\" header, as demonstrated by a device.rsp?opt=user\u0026cmd=list request that provides credentials within JSON data in a response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-9995.yaml"} +{"ID":"CVE-2019-0192","Info":{"Name":"Apache Solr - Deserialization of Untrusted Data","Severity":"critical","Description":"In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0192.yaml"} {"ID":"CVE-2019-0193","Info":{"Name":"Apache Solr DataImportHandler \u003c8.2.0 - Remote Code Execution","Severity":"high","Description":"Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's \"dataConfig\" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-0193.yaml"} {"ID":"CVE-2019-0221","Info":{"Name":"Apache Tomcat - Cross-Site Scripting","Severity":"medium","Description":"Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39, and 7.0.0 to 7.0.93 are vulnerable to cross-site scripting because the SSI printenv command echoes user provided data without escaping. Note: SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-0221.yaml"} {"ID":"CVE-2019-0230","Info":{"Name":"Apache Struts \u003c=2.5.20 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation when evaluated on raw user input in tag attributes, which may lead to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-0230.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 18f2c8b87c..b82ae2eaf5 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -c77ca3eb1da3be95060f6c73e85b69a9 +acf2f904db971d325adc78100e1df8d0