admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-10-18 19:00:56 +00:00
parent e01d2f821d
commit 605a279dbd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
17 changed files with 206 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
2019/13xxx/CVE-2019-13541.json Normal file
View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13541",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Horner Automation Cscape",
"version": {
"version_data": [
{
"version_value": "Cscape 9.90 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-902/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-902/"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code."
}
]
}
}

67
2019/13xxx/CVE-2019-13545.json Normal file
View File

@ -0,0 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-13545",
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Horner Automation Cscape",
"version": {
"version_data": [
{
"version_value": "Cscape 9.90 and prior"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS WRITE CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-903/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-19-903/"
},
{
"refsource": "MISC",
"name": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02",
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-290-02"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution."
}
]
}
}

5
2019/13xxx/CVE-2019-13657.json
View File

@ -97,6 +97,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html",
"url": "http://packetstormsecurity.com/files/154904/CA-Performance-Management-Arbitrary-Command-Execution.html"
},
{
"refsource": "FULLDISC",
"name": "20191018 CA20191015-01: Security Notice for CA Performance Management",
"url": "http://seclists.org/fulldisclosure/2019/Oct/37"
}
]
},

5
2019/16xxx/CVE-2019-16089.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20191004-0001/",
"url": "https://security.netapp.com/advisory/ntap-20191004-0001/"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K03814795?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K03814795?utm_source=f5support&utm_medium=RSS"
}
]
}

5
2019/16xxx/CVE-2019-16738.json
View File

@ -56,6 +56,11 @@
"url": "https://phabricator.wikimedia.org/T230402",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T230402"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-c4cdd73c74",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/"
}
]
}

5
2019/16xxx/CVE-2019-16746.json
View File

@ -56,6 +56,11 @@
"url": "https://marc.info/?l=linux-wireless&m=156901391225058&w=2",
"refsource": "MISC",
"name": "https://marc.info/?l=linux-wireless&m=156901391225058&w=2"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2019-057d691fd4",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TASE2ESEZAER6DTZH3DJ4K2JNO46TVL7/"
}
]
}

7
2019/16xxx/CVE-2019-16917.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2032 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
"value": "WiKID Enterprise 2FA (two factor authentication) Enterprise Server through 4.2.0-b2047 is vulnerable to SQL injection through the searchDevices.jsp endpoint. The uid and domain parameters are used, unsanitized, in a SQL query constructed in the buildSearchWhereClause function."
}
]
},
@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

2
2019/16xxx/CVE-2019-16926.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "Flower 0.9.3 has XSS via a crafted worker name."
"value": "** DISPUTED ** Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren\u2019t user facing configuration options. They are internal backend config options and person having rights to change them already has full access."
}
]
},

5
2019/17xxx/CVE-2019-17114.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17115.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17116.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17117.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17118.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-csrf"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17119.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-sql-injection"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/17xxx/CVE-2019-17120.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting",
"url": "https://www.securitymetrics.com/blog/wikid-2fa-enterprise-server-cross-site-scripting"
},
{
"refsource": "FULLDISC",
"name": "20191018 WiKID 2FA Enterprise Server Multiple Issues",
"url": "http://seclists.org/fulldisclosure/2019/Oct/35"
}
]
}

5
2019/2xxx/CVE-2019-2215.json
View File

@ -48,6 +48,11 @@
"refsource": "CONFIRM",
"name": "https://source.android.com/security/bulletin/2019-10-01",
"url": "https://source.android.com/security/bulletin/2019-10-01"
},
{
"refsource": "FULLDISC",
"name": "20191018 CVE 2019-2215 Android Binder Use After Free",
"url": "http://seclists.org/fulldisclosure/2019/Oct/38"
}
]
},

5
2019/3xxx/CVE-2019-3010.json
View File

@ -57,6 +57,11 @@
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"refsource": "MISC",
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
},
{
"refsource": "FULLDISC",
"name": "20191018 CVE-2019-3010 - Local privilege escalation on Solaris 11.x via xscreensaver",
"url": "http://seclists.org/fulldisclosure/2019/Oct/39"
}
]
}