From 84271794bae5876ee329d9e7dc8e5e83d259c886 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 25 Apr 2019 18:00:46 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/18xxx/CVE-2017-18367.json | 5 ++ 2018/1xxx/CVE-2018-1360.json | 64 ++++++++++++++++++--- 2019/10xxx/CVE-2019-10955.json | 101 ++++++++++++++++++++++++++++++++- 2019/11xxx/CVE-2019-11448.json | 5 ++ 2019/11xxx/CVE-2019-11469.json | 5 ++ 2019/11xxx/CVE-2019-11502.json | 5 ++ 2019/11xxx/CVE-2019-11503.json | 5 ++ 2019/11xxx/CVE-2019-11533.json | 18 ++++++ 2019/11xxx/CVE-2019-11534.json | 18 ++++++ 2019/11xxx/CVE-2019-11535.json | 18 ++++++ 2019/7xxx/CVE-2019-7438.json | 5 ++ 2019/7xxx/CVE-2019-7439.json | 5 ++ 2019/9xxx/CVE-2019-9135.json | 2 +- 2019/9xxx/CVE-2019-9137.json | 72 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9138.json | 72 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9139.json | 72 ++++++++++++++++++++++- 16 files changed, 452 insertions(+), 20 deletions(-) create mode 100644 2019/11xxx/CVE-2019-11533.json create mode 100644 2019/11xxx/CVE-2019-11534.json create mode 100644 2019/11xxx/CVE-2019-11535.json diff --git a/2017/18xxx/CVE-2017-18367.json b/2017/18xxx/CVE-2017-18367.json index 401916e0dc2..008101cb97c 100644 --- a/2017/18xxx/CVE-2017-18367.json +++ b/2017/18xxx/CVE-2017-18367.json @@ -61,6 +61,11 @@ "url": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e", "refsource": "MISC", "name": "https://github.com/seccomp/libseccomp-golang/commit/06e7a29f36a34b8cf419aeb87b979ee508e58f9e" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190425 Re: CVE Request: golang-seccomp incorrectly handles multiple syscall arguments", + "url": "http://www.openwall.com/lists/oss-security/2019/04/25/6" } ] } diff --git a/2018/1xxx/CVE-2018-1360.json b/2018/1xxx/CVE-2018-1360.json index b204eebf9da..ee1202e73bf 100644 --- a/2018/1xxx/CVE-2018-1360.json +++ b/2018/1xxx/CVE-2018-1360.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2018-1360", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-1360", + "ASSIGNER": "psirt@fortinet.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Fortinet, Inc.", + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiManager", + "version": { + "version_data": [ + { + "version_value": "5.2.0 to 5.2.7" + }, + { + "version_value": "5.4.0" + }, + { + "version_value": "5.4.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://fortiguard.com/advisory/FG-IR-18-051", + "url": "https://fortiguard.com/advisory/FG-IR-18-051" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses." } ] } diff --git a/2019/10xxx/CVE-2019-10955.json b/2019/10xxx/CVE-2019-10955.json index ba60b5dd90a..56a23ac8224 100644 --- a/2019/10xxx/CVE-2019-10955.json +++ b/2019/10xxx/CVE-2019-10955.json @@ -4,14 +4,109 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10955", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Rockwell Automation", + "product": { + "product_data": [ + { + "product_name": "MicroLogix 1400 Controllers", + "version": { + "version_data": [ + { + "version_value": "Series A" + }, + { + "version_value": "All Versions Series B" + }, + { + "version_value": "v15.002 and earlier" + } + ] + } + }, + { + "product_name": "MicroLogix 1100 Controllers", + "version": { + "version_data": [ + { + "version_value": "v14.00 and earlier" + } + ] + } + }, + { + "product_name": "CompactLogix 5370 L1 controllers", + "version": { + "version_data": [ + { + "version_value": "v30.014 and earlier" + } + ] + } + }, + { + "product_name": "CompactLogix 5370 L2 controllers", + "version": { + "version_data": [ + { + "version_value": "v30.014 and earlier" + } + ] + } + }, + { + "product_name": "CompactLogix 5370 L3 controllers", + "version": { + "version_data": [ + { + "version_value": "v30.014 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL REDIRECTION TO UNTRUSTED SITE ('OPEN REDIRECT') CWE-601" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01" + }, + { + "refsource": "BID", + "name": "108049", + "url": "https://www.securityfocus.com/bid/108049" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Rockwell Automation MicroLogix 1400 Controllers Series A, All Versions Series B, v15.002 and earlier, MicroLogix 1100 Controllers v14.00 and earlier, CompactLogix 5370 L1 controllers v30.014 and earlier, CompactLogix 5370 L2 controllers v30.014 and earlier, CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier, an open redirect vulnerability could allow a remote unauthenticated attacker to input a malicious link to redirect users to a malicious site that could run or download arbitrary malware on the user\u2019s machine." } ] } diff --git a/2019/11xxx/CVE-2019-11448.json b/2019/11xxx/CVE-2019-11448.json index 2177a49a101..9335f7ec177 100644 --- a/2019/11xxx/CVE-2019-11448.json +++ b/2019/11xxx/CVE-2019-11448.json @@ -66,6 +66,11 @@ "url": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html", "refsource": "MISC", "name": "https://pentest.com.tr/exploits/ManageEngine-App-Manager-14-SQLi-Remote-Code-Execution.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11448.html" } ] } diff --git a/2019/11xxx/CVE-2019-11469.json b/2019/11xxx/CVE-2019-11469.json index 5131e6aa52f..62e240bc983 100644 --- a/2019/11xxx/CVE-2019-11469.json +++ b/2019/11xxx/CVE-2019-11469.json @@ -71,6 +71,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html", "url": "http://packetstormsecurity.com/files/152607/ManageEngine-Applications-Manager-14.0-SQL-Injection-Command-Injection.html" + }, + { + "refsource": "CONFIRM", + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2019-11469.html" } ] } diff --git a/2019/11xxx/CVE-2019-11502.json b/2019/11xxx/CVE-2019-11502.json index 6cec40a0da6..f2a4e1adde7 100644 --- a/2019/11xxx/CVE-2019-11502.json +++ b/2019/11xxx/CVE-2019-11502.json @@ -61,6 +61,11 @@ "url": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1", "refsource": "MISC", "name": "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary", + "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7" } ] } diff --git a/2019/11xxx/CVE-2019-11503.json b/2019/11xxx/CVE-2019-11503.json index 3d9fa6337ea..a8c9a42bf1b 100644 --- a/2019/11xxx/CVE-2019-11503.json +++ b/2019/11xxx/CVE-2019-11503.json @@ -61,6 +61,11 @@ "url": "https://github.com/snapcore/snapd/pull/6642", "refsource": "MISC", "name": "https://github.com/snapcore/snapd/pull/6642" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20190425 Re: Security issues in snapcraft snap-confine set*id binary", + "url": "http://www.openwall.com/lists/oss-security/2019/04/25/7" } ] } diff --git a/2019/11xxx/CVE-2019-11533.json b/2019/11xxx/CVE-2019-11533.json new file mode 100644 index 00000000000..90b2b040770 --- /dev/null +++ b/2019/11xxx/CVE-2019-11533.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11533", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11534.json b/2019/11xxx/CVE-2019-11534.json new file mode 100644 index 00000000000..ce90f055306 --- /dev/null +++ b/2019/11xxx/CVE-2019-11534.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11534", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/11xxx/CVE-2019-11535.json b/2019/11xxx/CVE-2019-11535.json new file mode 100644 index 00000000000..9efa0956baa --- /dev/null +++ b/2019/11xxx/CVE-2019-11535.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-11535", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/7xxx/CVE-2019-7438.json b/2019/7xxx/CVE-2019-7438.json index 254d401f445..ea7a0db3f5a 100644 --- a/2019/7xxx/CVE-2019-7438.json +++ b/2019/7xxx/CVE-2019-7438.json @@ -66,6 +66,11 @@ "refsource": "EXPLOIT-DB", "name": "46751", "url": "https://www.exploit-db.com/exploits/46751/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/152625/JioFi-4G-M2S-1.0.2-Cross-Site-Scripting.html" } ] } diff --git a/2019/7xxx/CVE-2019-7439.json b/2019/7xxx/CVE-2019-7439.json index af46856cdbc..77e6ba666f4 100644 --- a/2019/7xxx/CVE-2019-7439.json +++ b/2019/7xxx/CVE-2019-7439.json @@ -61,6 +61,11 @@ "refsource": "EXPLOIT-DB", "name": "46752", "url": "https://www.exploit-db.com/exploits/46752/" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/152626/JioFi-4G-M2S-1.0.2-Denial-Of-Service.html", + "url": "http://packetstormsecurity.com/files/152626/JioFi-4G-M2S-1.0.2-Denial-Of-Service.html" } ] } diff --git a/2019/9xxx/CVE-2019-9135.json b/2019/9xxx/CVE-2019-9135.json index 17a4d48894f..0af3f44d8f9 100644 --- a/2019/9xxx/CVE-2019-9135.json +++ b/2019/9xxx/CVE-2019-9135.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. ." + "value": "DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] }, diff --git a/2019/9xxx/CVE-2019-9137.json b/2019/9xxx/CVE-2019-9137.json index 5284bac3d84..00f8506743a 100644 --- a/2019/9xxx/CVE-2019-9137.json +++ b/2019/9xxx/CVE-2019-9137.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9137", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTalk Co,Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "fixed in 8.98.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed Image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9138.json b/2019/9xxx/CVE-2019-9138.json index e5dae563015..5f4511a163e 100644 --- a/2019/9xxx/CVE-2019-9138.json +++ b/2019/9xxx/CVE-2019-9138.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9138", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTalk Co,Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "fixed in 8.98.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PhotoShop file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2019/9xxx/CVE-2019-9139.json b/2019/9xxx/CVE-2019-9139.json index 366e5a1ff02..e2f27a74dce 100644 --- a/2019/9xxx/CVE-2019-9139.json +++ b/2019/9xxx/CVE-2019-9139.json @@ -1,8 +1,31 @@ { "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", + "ASSIGNER": "vuln@krcert.or.kr", "ID": "CVE-2019-9139", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "HumanTalk Co,Ltd", + "product": { + "product_data": [ + { + "product_name": "DaviewIndy", + "version": { + "version_data": [ + { + "version_value": "fixed in 8.98.8" + } + ] + } + } + ] + } + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,8 +34,51 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "DaviewIndy 8.98.7 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.6" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-190 Integer Overflow or Wraparound" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995", + "name": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=34995" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file