diff --git a/2019/12xxx/CVE-2019-12155.json b/2019/12xxx/CVE-2019-12155.json index c5d74890cd6..dfb5dfa25a0 100644 --- a/2019/12xxx/CVE-2019-12155.json +++ b/2019/12xxx/CVE-2019-12155.json @@ -86,6 +86,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2041", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html" } ] } diff --git a/2019/13xxx/CVE-2019-13164.json b/2019/13xxx/CVE-2019-13164.json index 734af57ad76..734aa2ed5c3 100644 --- a/2019/13xxx/CVE-2019-13164.json +++ b/2019/13xxx/CVE-2019-13164.json @@ -96,6 +96,11 @@ "refsource": "BUGTRAQ", "name": "20190902 [SECURITY] [DSA 4512-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/Sep/3" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html" } ] } diff --git a/2019/14xxx/CVE-2019-14378.json b/2019/14xxx/CVE-2019-14378.json index d5c4f9777b3..c77e96c04ec 100644 --- a/2019/14xxx/CVE-2019-14378.json +++ b/2019/14xxx/CVE-2019-14378.json @@ -106,6 +106,11 @@ "refsource": "BUGTRAQ", "name": "20190902 [SECURITY] [DSA 4512-1] qemu security update", "url": "https://seclists.org/bugtraq/2019/Sep/3" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2059", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00008.html" } ] } diff --git a/2019/15xxx/CVE-2019-15043.json b/2019/15xxx/CVE-2019-15043.json new file mode 100644 index 00000000000..f8e103a97d9 --- /dev/null +++ b/2019/15xxx/CVE-2019-15043.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://community.grafana.com/t/release-notes-v6-3-x/19202", + "refsource": "MISC", + "name": "https://community.grafana.com/t/release-notes-v6-3-x/19202" + }, + { + "url": "https://github.com/grafana/grafana/releases", + "refsource": "MISC", + "name": "https://github.com/grafana/grafana/releases" + }, + { + "refsource": "CONFIRM", + "name": "https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569", + "url": "https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569" + }, + { + "refsource": "CONFIRM", + "name": "https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/", + "url": "https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15863.json b/2019/15xxx/CVE-2019-15863.json new file mode 100644 index 00000000000..6765da59824 --- /dev/null +++ b/2019/15xxx/CVE-2019-15863.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ConvertPlus plugin before 3.4.5 for WordPress has an unintended account creation (with the none role) via a request for variants." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.convertplug.com/plus/changelog/", + "refsource": "MISC", + "name": "https://www.convertplug.com/plus/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15864.json b/2019/15xxx/CVE-2019-15864.json new file mode 100644 index 00000000000..b59d94b0a6f --- /dev/null +++ b/2019/15xxx/CVE-2019-15864.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15864", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9338", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9338" + }, + { + "url": "https://wordpress.org/plugins/breadcrumbs-by-menu/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/breadcrumbs-by-menu/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15865.json b/2019/15xxx/CVE-2019-15865.json new file mode 100644 index 00000000000..31570f128c5 --- /dev/null +++ b/2019/15xxx/CVE-2019-15865.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9338", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9338" + }, + { + "url": "https://wordpress.org/plugins/breadcrumbs-by-menu/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/breadcrumbs-by-menu/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15866.json b/2019/15xxx/CVE-2019-15866.json new file mode 100644 index 00000000000..44e7c513aee --- /dev/null +++ b/2019/15xxx/CVE-2019-15866.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/crelly-slider/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/crelly-slider/#developers" + }, + { + "url": "https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin/", + "refsource": "MISC", + "name": "https://blog.nintechnet.com/arbitrary-file-upload-vulnerability-in-wordpress-crelly-slider-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15867.json b/2019/15xxx/CVE-2019-15867.json new file mode 100644 index 00000000000..3ec11fffe50 --- /dev/null +++ b/2019/15xxx/CVE-2019-15867.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15867", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9317", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9317" + }, + { + "url": "https://wordpress.org/plugins/slick-popup/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/slick-popup/#developers" + }, + { + "url": "https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/", + "refsource": "MISC", + "name": "https://www.wordfence.com/blog/2019/05/privilege-escalation-flaw-present-in-slick-popup-plugin/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15868.json b/2019/15xxx/CVE-2019-15868.json new file mode 100644 index 00000000000..3525d521904 --- /dev/null +++ b/2019/15xxx/CVE-2019-15868.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The affiliates-manager plugin before 2.6.6 for WordPress has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/affiliates-manager/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/affiliates-manager/#developers" + }, + { + "url": "https://wpvulndb.com/vulnerabilities/9335", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9335" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15869.json b/2019/15xxx/CVE-2019-15869.json new file mode 100644 index 00000000000..5f6f2e339cf --- /dev/null +++ b/2019/15xxx/CVE-2019-15869.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The JobCareer theme before 2.5.1 for WordPress has stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9322", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9322" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15870.json b/2019/15xxx/CVE-2019-15870.json new file mode 100644 index 00000000000..97f6a35e24f --- /dev/null +++ b/2019/15xxx/CVE-2019-15870.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9258", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9258" + } + ] + } +} \ No newline at end of file