From 605a279dbddfa6df3bd0ea705bab6cc3f21b7d42 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 18 Oct 2019 19:00:56 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/13xxx/CVE-2019-13541.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13545.json | 67 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13657.json | 5 +++ 2019/16xxx/CVE-2019-16089.json | 5 +++ 2019/16xxx/CVE-2019-16738.json | 5 +++ 2019/16xxx/CVE-2019-16746.json | 5 +++ 2019/16xxx/CVE-2019-16917.json | 7 +++- 2019/16xxx/CVE-2019-16926.json | 2 +- 2019/17xxx/CVE-2019-17114.json | 5 +++ 2019/17xxx/CVE-2019-17115.json | 5 +++ 2019/17xxx/CVE-2019-17116.json | 5 +++ 2019/17xxx/CVE-2019-17117.json | 5 +++ 2019/17xxx/CVE-2019-17118.json | 5 +++ 2019/17xxx/CVE-2019-17119.json | 5 +++ 2019/17xxx/CVE-2019-17120.json | 5 +++ 2019/2xxx/CVE-2019-2215.json | 5 +++ 2019/3xxx/CVE-2019-3010.json | 5 +++ 17 files changed, 206 insertions(+), 2 deletions(-) create mode 100644 2019/13xxx/CVE-2019-13541.json create mode 100644 2019/13xxx/CVE-2019-13545.json diff --git a/2019/13xxx/CVE-2019-13541.json b/2019/13xxx/CVE-2019-13541.json new file mode 100644 index 00000000000..a0465ab4134 --- /dev/null +++ b/2019/13xxx/CVE-2019-13541.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13541", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Horner Automation Cscape", + "version": { + "version_data": [ + { + "version_value": "Cscape 9.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-902/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-902/" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13545.json b/2019/13xxx/CVE-2019-13545.json new file mode 100644 index 00000000000..ed5526d6a89 --- /dev/null +++ b/2019/13xxx/CVE-2019-13545.json @@ -0,0 +1,67 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-13545", + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Horner Automation Cscape", + "version": { + "version_data": [ + { + "version_value": "Cscape 9.90 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS WRITE CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-903/", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-903/" + }, + { + "refsource": "MISC", + "name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02", + "url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution." + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13657.json b/2019/13xxx/CVE-2019-13657.json index 50e12f4e728..9b8b119ac4f 100644 --- a/2019/13xxx/CVE-2019-13657.json +++ b/2019/13xxx/CVE-2019-13657.json @@ -97,6 +97,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html", "url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html" + }, + { + "refsource": "FULLDISC", + "name": "20191018 CA20191015-01: Security Notice for CA Performance Management", + "url": "http://seclists.org/fulldisclosure/2019/Oct/37" } ] }, diff --git a/2019/16xxx/CVE-2019-16089.json b/2019/16xxx/CVE-2019-16089.json index 2d6af72c860..af55e18f9d2 100644 --- a/2019/16xxx/CVE-2019-16089.json +++ b/2019/16xxx/CVE-2019-16089.json @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20191004-0001/", "url": "https://security.netapp.com/advisory/ntap-20191004-0001/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K03814795?utm_source=f5support&utm_medium=RSS", + "url": "https://support.f5.com/csp/article/K03814795?utm_source=f5support&utm_medium=RSS" } ] } diff --git a/2019/16xxx/CVE-2019-16738.json b/2019/16xxx/CVE-2019-16738.json index b16e67b1a65..c4f607ec3b5 100644 --- a/2019/16xxx/CVE-2019-16738.json +++ b/2019/16xxx/CVE-2019-16738.json @@ -56,6 +56,11 @@ "url": "https://phabricator.wikimedia.org/T230402", "refsource": "MISC", "name": "https://phabricator.wikimedia.org/T230402" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-c4cdd73c74", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/" } ] } diff --git a/2019/16xxx/CVE-2019-16746.json b/2019/16xxx/CVE-2019-16746.json index 53c234bfec8..441d6c12ef0 100644 --- a/2019/16xxx/CVE-2019-16746.json +++ b/2019/16xxx/CVE-2019-16746.json @@ -56,6 +56,11 @@ "url": "https://marc.info/?l=linux-wireless&m=156901391225058&w=2", "refsource": "MISC", "name": "https://marc.info/?l=linux-wireless&m=156901391225058&w=2" + }, + { + "refsource": "FEDORA", + "name": "FEDORA-2019-057d691fd4", + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/" } ] } diff --git a/2019/16xxx/CVE-2019-16917.json b/2019/16xxx/CVE-2019-16917.json index 1c0fc9ff540..91c4e716936 100644 --- a/2019/16xxx/CVE-2019-16917.json +++ b/2019/16xxx/CVE-2019-16917.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2032 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function." + "value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function." } ] }, @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/16xxx/CVE-2019-16926.json b/2019/16xxx/CVE-2019-16926.json index 431c185e15a..cad7b730c78 100644 --- a/2019/16xxx/CVE-2019-16926.json +++ b/2019/16xxx/CVE-2019-16926.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Flower 0.9.3 has XSS via a crafted worker name." + "value": "** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren\u2019t user facing configuration options. They are internal backend config options and person having rights to change them already has full access." } ] }, diff --git a/2019/17xxx/CVE-2019-17114.json b/2019/17xxx/CVE-2019-17114.json index ca684645d85..f6f57cc36f3 100644 --- a/2019/17xxx/CVE-2019-17114.json +++ b/2019/17xxx/CVE-2019-17114.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17115.json b/2019/17xxx/CVE-2019-17115.json index 07fc3bc6b23..933bf4d894a 100644 --- a/2019/17xxx/CVE-2019-17115.json +++ b/2019/17xxx/CVE-2019-17115.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17116.json b/2019/17xxx/CVE-2019-17116.json index ce358944ef1..eb9dd271845 100644 --- a/2019/17xxx/CVE-2019-17116.json +++ b/2019/17xxx/CVE-2019-17116.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17117.json b/2019/17xxx/CVE-2019-17117.json index 2738ea8143f..b592a42fafd 100644 --- a/2019/17xxx/CVE-2019-17117.json +++ b/2019/17xxx/CVE-2019-17117.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17118.json b/2019/17xxx/CVE-2019-17118.json index bb71e9e6f5a..a7214db664b 100644 --- a/2019/17xxx/CVE-2019-17118.json +++ b/2019/17xxx/CVE-2019-17118.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17119.json b/2019/17xxx/CVE-2019-17119.json index 9a5d6ecfd25..82b23a51a1e 100644 --- a/2019/17xxx/CVE-2019-17119.json +++ b/2019/17xxx/CVE-2019-17119.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/17xxx/CVE-2019-17120.json b/2019/17xxx/CVE-2019-17120.json index d67c1eb17f2..5f11717d4b9 100644 --- a/2019/17xxx/CVE-2019-17120.json +++ b/2019/17xxx/CVE-2019-17120.json @@ -56,6 +56,11 @@ "refsource": "MISC", "name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting", "url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting" + }, + { + "refsource": "FULLDISC", + "name": "20191018 WiKID 2FA Enterprise Server Multiple Issues", + "url": "http://seclists.org/fulldisclosure/2019/Oct/35" } ] } diff --git a/2019/2xxx/CVE-2019-2215.json b/2019/2xxx/CVE-2019-2215.json index fe9b3d393ef..79274293149 100644 --- a/2019/2xxx/CVE-2019-2215.json +++ b/2019/2xxx/CVE-2019-2215.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://source.android.com/security/bulletin/2019-10-01", "url": "https://source.android.com/security/bulletin/2019-10-01" + }, + { + "refsource": "FULLDISC", + "name": "20191018 CVE 2019-2215 Android Binder Use After Free", + "url": "http://seclists.org/fulldisclosure/2019/Oct/38" } ] }, diff --git a/2019/3xxx/CVE-2019-3010.json b/2019/3xxx/CVE-2019-3010.json index 1500e9259e4..494eb5544ee 100644 --- a/2019/3xxx/CVE-2019-3010.json +++ b/2019/3xxx/CVE-2019-3010.json @@ -57,6 +57,11 @@ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "refsource": "FULLDISC", + "name": "20191018 CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver", + "url": "http://seclists.org/fulldisclosure/2019/Oct/39" } ] }