Auto Generated CVE annotations [Mon Jun 20 17:58:28 UTC 2022] 🤖

2022-06-20 17:58:28 +00:00 · 2022-06-20 17:58:28 +00:00 · ec58f83a13
parent 11b2ae6eb4
commit ec58f83a13
12 changed files with 21 additions and 12 deletions
--- a/cves/2016/CVE-2016-10924.yaml
+++ b/cves/2016/CVE-2016-10924.yaml
@ -10,6 +10,7 @@ info:
    - https://wpscan.com/vulnerability/13d5d17a-00a8-441e-bda1-2fd2b4158a6c
    - https://www.exploit-db.com/exploits/39575
    - https://nvd.nist.gov/vuln/detail/CVE-2016-10924
+    - https://wordpress.org/plugins/ebook-download/#developers
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2018/CVE-2018-10093.yaml
+++ b/cves/2018/CVE-2018-10093.yaml
@ -9,6 +9,8 @@ info:
  reference:
    - https://www.exploit-db.com/exploits/46164
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10093
+    - https://www.exploit-db.com/exploits/46164/
+    - http://seclists.org/fulldisclosure/2019/Jan/38
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
--- a/cves/2018/CVE-2018-10822.yaml
+++ b/cves/2018/CVE-2018-10822.yaml
@ -9,6 +9,7 @@ info:
    - https://www.exploit-db.com/exploits/45678
    - http://sploit.tech/2018/10/12/D-Link.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10822
+    - https://seclists.org/fulldisclosure/2018/Oct/36
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2018/CVE-2018-10823.yaml
+++ b/cves/2018/CVE-2018-10823.yaml
@ -9,6 +9,8 @@ info:
  reference:
    - https://www.exploit-db.com/exploits/45676
    - https://nvd.nist.gov/vuln/detail/CVE-2018-10823
+    - https://seclists.org/fulldisclosure/2018/Oct/36
+    - http://sploit.tech/2018/10/12/D-Link.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
--- a/cves/2018/CVE-2018-19753.yaml
+++ b/cves/2018/CVE-2018-19753.yaml
@ -9,6 +9,8 @@ info:
  reference:
    - https://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html
    - https://nvd.nist.gov/vuln/detail/CVE-2018-19753
+    - http://seclists.org/fulldisclosure/2018/Nov/66
+    - http://packetstormsecurity.com/files/150541/Tarantella-Enterprise-Directory-Traversal.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2018/CVE-2018-9118.yaml
+++ b/cves/2018/CVE-2018-9118.yaml
@ -6,13 +6,13 @@ info:
  severity: high
  description: |
    WordPress 99 Robots WP Background Takeover Advertisements 4.1.4 is susceptible to local file inclusion via exports/download.php.
-  remediation: |
-    Upgrade to 4.1.15.
  reference:
    - https://www.exploit-db.com/exploits/44417
    - https://wpvulndb.com/vulnerabilities/9056
    - https://99robots.com/docs/wp-background-takeover-advertisements/
    - https://nvd.nist.gov/vuln/detail/CVE-2018-9118
+  remediation: |
+    Upgrade to 4.1.15.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2019/CVE-2019-0193.yaml
+++ b/cves/2019/CVE-2019-0193.yaml
@ -6,13 +6,13 @@ info:
  severity: high
  description: |
    Apache Solr is vulnerable to remote code execution vulnerabilities via the DataImportHandler, an optional but popular module to pull in data from databases and other sources. The module has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk.
-  remediation: |
-    Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
  reference:
    - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2019-0193
    - https://paper.seebug.org/1009/
    - https://issues.apache.org/jira/browse/SOLR-13669
    - https://nvd.nist.gov/vuln/detail/CVE-2019-0193
+  remediation: |
+    Starting with version 8.2.0 of Solr, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
--- a/cves/2019/CVE-2019-12276.yaml
+++ b/cves/2019/CVE-2019-12276.yaml
@ -6,13 +6,13 @@ info:
  severity: high
  description: |
    GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.
-  remediation: |
-    A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
  reference:
    - https://security401.com/grandnode-path-traversal/
    - https://grandnode.com
    - https://github.com/grandnode/grandnode
    - https://nvd.nist.gov/vuln/detail/CVE-2019-12276
+  remediation: |
+    A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2019/CVE-2019-1653.yaml
+++ b/cves/2019/CVE-2019-1653.yaml
@ -6,13 +6,13 @@ info:
  severity: high
  description: |
    Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
-  remediation: |
-    Cisco has released firmware updates that address this vulnerability.
  reference:
    - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
    - https://www.exploit-db.com/exploits/46262/
    - https://www.exploit-db.com/exploits/46655/
    - https://nvd.nist.gov/vuln/detail/CVE-2019-1653
+  remediation: |
+    Cisco has released firmware updates that address this vulnerability.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
--- a/cves/2019/CVE-2019-19824.yaml
+++ b/cves/2019/CVE-2019-19824.yaml
@ -10,6 +10,7 @@ info:
    - https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
    - https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
    - https://nvd.nist.gov/vuln/detail/CVE-2019-19824
+    - https://sploit.tech
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
--- a/cves/2019/CVE-2019-20224.yaml
+++ b/cves/2019/CVE-2019-20224.yaml
@ -11,12 +11,12 @@ info:
    - https://gist.github.com/mhaskar/2153d66a0928492d76b799ba13b9e3f9
    - https://nvd.nist.gov/vuln/detail/CVE-2019-20224
    - https://drive.google.com/file/d/1DkWR5MylzeNr20jmHXTaAIJmf3YN-lnO/view
+  remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-20224
    cwe-id: CWE-78
-  remediation: This issue has been fixed in Pandora FMS 7.0 NG 742.
  tags: pandorafms,rce,cve,cve2019,authenticated,oast

 requests: