From 3619384c3fbd2387b14138d111525780e5f38a10 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 24 Oct 2019 16:01:05 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/11xxx/CVE-2019-11021.json | 61 +++++++++++++++++++++++++++++---- 2019/15xxx/CVE-2019-15929.json | 62 ++++++++++++++++++++++++++++++++++ 2019/18xxx/CVE-2019-18196.json | 62 ++++++++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5012.json | 58 +++++++++++++++++++++++++++---- 2019/5xxx/CVE-2019-5013.json | 58 +++++++++++++++++++++++++++---- 2019/6xxx/CVE-2019-6572.json | 5 +++ 2019/6xxx/CVE-2019-6576.json | 5 +++ 2019/6xxx/CVE-2019-6577.json | 5 +++ 2019/9xxx/CVE-2019-9699.json | 58 +++++++++++++++++++++++++++---- 9 files changed, 347 insertions(+), 27 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15929.json create mode 100644 2019/18xxx/CVE-2019-18196.json diff --git a/2019/11xxx/CVE-2019-11021.json b/2019/11xxx/CVE-2019-11021.json index 25ed31a82f2..bd48d15953c 100644 --- a/2019/11xxx/CVE-2019-11021.json +++ b/2019/11xxx/CVE-2019-11021.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11021", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11021", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.schlix.com/html/schlix-cms-downloads.html", + "refsource": "MISC", + "name": "https://www.schlix.com/html/schlix-cms-downloads.html" + }, + { + "refsource": "MISC", + "name": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/", + "url": "https://gurelahmet.com/schlix-cms-v2-1-8-7-authenticated-unrestricted-file-upload-to-rce/" } ] } diff --git a/2019/15xxx/CVE-2019-15929.json b/2019/15xxx/CVE-2019-15929.json new file mode 100644 index 00000000000..d8a7c18fc4f --- /dev/null +++ b/2019/15xxx/CVE-2019-15929.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31", + "url": "https://github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#317---2019-01-31" + } + ] + } +} \ No newline at end of file diff --git a/2019/18xxx/CVE-2019-18196.json b/2019/18xxx/CVE-2019-18196.json new file mode 100644 index 00000000000..e0d9c4c7a46 --- /dev/null +++ b/2019/18xxx/CVE-2019-18196.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-18196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 (fixed in 11.0.214397), 12.0.181268 (fixed in 12.0.214399), 13.2.36215 (fixed in 13.2.36216), and 14.6.4835 (fixed in 14.7.1965) on Windows could allow an attacker to perform code execution on a target system via a service restart where the DLL was previously installed with administrative privileges. Exploitation requires that an attacker be able to create a new file in the TeamViewer application directory; directory permissions restrict that by default." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://community.teamviewer.com/t5/Announcements/Security-bulletin-CVE-2019-18196/td-p/74564", + "url": "https://community.teamviewer.com/t5/Announcements/Security-bulletin-CVE-2019-18196/td-p/74564" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5012.json b/2019/5xxx/CVE-2019-5012.json index e10047ce134..efcb68e63f2 100644 --- a/2019/5xxx/CVE-2019-5012.json +++ b/2019/5xxx/CVE-2019-5012.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5012", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5012", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Wacom", + "version": { + "version_data": [ + { + "version_value": "Wacom macOS - Driver 6.3.32-3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0760" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit." } ] } diff --git a/2019/5xxx/CVE-2019-5013.json b/2019/5xxx/CVE-2019-5013.json index 9070577523d..e34ffe63356 100644 --- a/2019/5xxx/CVE-2019-5013.json +++ b/2019/5xxx/CVE-2019-5013.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-5013", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-5013", + "ASSIGNER": "talos-cna@cisco.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Wacom", + "version": { + "version_data": [ + { + "version_value": "Wacom macOS - Driver 6.3.32-3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "improper input validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0761", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0761" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit." } ] } diff --git a/2019/6xxx/CVE-2019-6572.json b/2019/6xxx/CVE-2019-6572.json index e30008fb2c5..a06e5aed8f0 100644 --- a/2019/6xxx/CVE-2019-6572.json +++ b/2019/6xxx/CVE-2019-6572.json @@ -113,6 +113,11 @@ "refsource": "BID", "name": "108412", "url": "http://www.securityfocus.com/bid/108412" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09" } ] }, diff --git a/2019/6xxx/CVE-2019-6576.json b/2019/6xxx/CVE-2019-6576.json index 42c9fd5b19d..ab262d40216 100644 --- a/2019/6xxx/CVE-2019-6576.json +++ b/2019/6xxx/CVE-2019-6576.json @@ -113,6 +113,11 @@ "refsource": "BID", "name": "108412", "url": "http://www.securityfocus.com/bid/108412" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09" } ] }, diff --git a/2019/6xxx/CVE-2019-6577.json b/2019/6xxx/CVE-2019-6577.json index b1663013e84..d730fec939b 100644 --- a/2019/6xxx/CVE-2019-6577.json +++ b/2019/6xxx/CVE-2019-6577.json @@ -113,6 +113,11 @@ "refsource": "BID", "name": "108412", "url": "http://www.securityfocus.com/bid/108412" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09", + "url": "https://www.us-cert.gov/ics/advisories/ICSA-19-134-09" } ] }, diff --git a/2019/9xxx/CVE-2019-9699.json b/2019/9xxx/CVE-2019-9699.json index 4a424de0087..675d66680e6 100644 --- a/2019/9xxx/CVE-2019-9699.json +++ b/2019/9xxx/CVE-2019-9699.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-9699", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-9699", + "ASSIGNER": "secure@symantec.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Symantec", + "product": { + "product_data": [ + { + "product_name": "Symantec Messaging Gateway", + "version": { + "version_data": [ + { + "version_value": "Prior to 10.7.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://support.symantec.com/en_US/article.SYMSA1482.html", + "url": "https://support.symantec.com/en_US/article.SYMSA1482.html" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data." } ] }