From 28b81015f38cb721ce50349d23305fa2de99229a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 9 Sep 2019 13:01:00 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/21xxx/CVE-2018-21011.json | 67 ++++++++++++++++++++++++++++++++++ 2018/21xxx/CVE-2018-21012.json | 62 +++++++++++++++++++++++++++++++ 2018/21xxx/CVE-2018-21013.json | 62 +++++++++++++++++++++++++++++++ 2018/21xxx/CVE-2018-21014.json | 62 +++++++++++++++++++++++++++++++ 2019/10xxx/CVE-2019-10665.json | 56 +++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10666.json | 56 +++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10667.json | 56 +++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10668.json | 56 +++++++++++++++++++++++++--- 2019/10xxx/CVE-2019-10669.json | 61 ++++++++++++++++++++++++++++--- 2019/15xxx/CVE-2019-15639.json | 67 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15895.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16114.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16146.json | 62 +++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16148.json | 62 +++++++++++++++++++++++++++++++ 14 files changed, 833 insertions(+), 30 deletions(-) create mode 100644 2018/21xxx/CVE-2018-21011.json create mode 100644 2018/21xxx/CVE-2018-21012.json create mode 100644 2018/21xxx/CVE-2018-21013.json create mode 100644 2018/21xxx/CVE-2018-21014.json create mode 100644 2019/15xxx/CVE-2019-15639.json create mode 100644 2019/15xxx/CVE-2019-15895.json create mode 100644 2019/16xxx/CVE-2019-16114.json create mode 100644 2019/16xxx/CVE-2019-16146.json create mode 100644 2019/16xxx/CVE-2019-16148.json diff --git a/2018/21xxx/CVE-2018-21011.json b/2018/21xxx/CVE-2018-21011.json new file mode 100644 index 00000000000..a9da1be6185 --- /dev/null +++ b/2018/21xxx/CVE-2018-21011.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21011", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The charitable plugin before 1.5.14 for WordPress has unauthorized access to user and donation details." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/charitable/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/charitable/#developers" + }, + { + "refsource": "MISC", + "name": "https://www.wpcharitable.com/release-notes-security-release-1-5-14/", + "url": "https://www.wpcharitable.com/release-notes-security-release-1-5-14/" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21012.json b/2018/21xxx/CVE-2018-21012.json new file mode 100644 index 00000000000..bd805c89e9a --- /dev/null +++ b/2018/21xxx/CVE-2018-21012.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21012", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cf7-invisible-recaptcha/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cf7-invisible-recaptcha/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21013.json b/2018/21xxx/CVE-2018-21013.json new file mode 100644 index 00000000000..190792840cd --- /dev/null +++ b/2018/21xxx/CVE-2018-21013.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21013", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Swape theme before 1.2.1 for WordPress has incorrect access control, as demonstrated by allowing new administrator accounts via vectors involving xmlPath to wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9024", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9024" + } + ] + } +} \ No newline at end of file diff --git a/2018/21xxx/CVE-2018-21014.json b/2018/21xxx/CVE-2018-21014.json new file mode 100644 index 00000000000..a60def5586c --- /dev/null +++ b/2018/21xxx/CVE-2018-21014.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-21014", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/9007", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9007" + } + ] + } +} \ No newline at end of file diff --git a/2019/10xxx/CVE-2019-10665.json b/2019/10xxx/CVE-2019-10665.json index d5e0b02d14e..c5334f67bbf 100644 --- a/2019/10xxx/CVE-2019-10665.json +++ b/2019/10xxx/CVE-2019-10665.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10665", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10665", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqli_real_escape_string, which is only useful for preventing SQL injection attacks; other parameters are unfiltered. This allows an attacker to inject RRDtool syntax with newline characters via the html/graph.php script. RRDtool syntax is quite versatile and an attacker could leverage this to perform a number of attacks, including disclosing directory structure and filenames, file content, denial of service, or writing arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023/", + "url": "https://www.darkmatter.ae/xen1thlabs/librenms-rrdtool-injection-vulnerability-xl-19-023/" } ] } diff --git a/2019/10xxx/CVE-2019-10666.json b/2019/10xxx/CVE-2019-10666.json index 3a48a11338b..bf2ccfe9cd4 100644 --- a/2019/10xxx/CVE-2019-10666.json +++ b/2019/10xxx/CVE-2019-10666.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10666", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10666", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LibreNMS through 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP code from the included file. Exploitation of these scripts is made difficult by additional text being appended (typically .inc.php), which means an attacker would need to be able to control both a filename and its content on the server. However, exploitation can be achieved as demonstrated by the csv.php?report=../ substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/", + "url": "https://www.darkmatter.ae/xen1thlabs/librenms-limited-local-file-inclusion-via-directory-traversal-vulnerability-xl-19-020/" } ] } diff --git a/2019/10xxx/CVE-2019-10667.json b/2019/10xxx/CVE-2019-10667.json index 36263b6bf75..32d346f93fb 100644 --- a/2019/10xxx/CVE-2019-10667.json +++ b/2019/10xxx/CVE-2019-10667.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10667", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10667", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018/", + "url": "https://www.darkmatter.ae/xen1thlabs/librenms-information-disclosure-vulnerability-xl-19-018/" } ] } diff --git a/2019/10xxx/CVE-2019-10668.json b/2019/10xxx/CVE-2019-10668.json index 810679a4957..94ea0db52db 100644 --- a/2019/10xxx/CVE-2019-10668.json +++ b/2019/10xxx/CVE-2019-10668.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10668", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10668", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LibreNMS through 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected to be publicly accessible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016/", + "url": "https://www.darkmatter.ae/xen1thlabs/librenms-authentication-bypass-vulnerability-xl-19-016/" } ] } diff --git a/2019/10xxx/CVE-2019-10669.json b/2019/10xxx/CVE-2019-10669.json index 1df24d75bae..576b2b5780e 100644 --- a/2019/10xxx/CVE-2019-10669.json +++ b/2019/10xxx/CVE-2019-10669.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-10669", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-10669", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function to sanitize command arguments as it does not escape a number of command line syntax characters such as ` (backtick), allowing an attacker to inject commands into the variable $rrd_cmd, which gets executed via passthru()." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html", + "url": "http://packetstormsecurity.com/files/154391/LibreNMS-Collectd-Command-Injection.html" + }, + { + "refsource": "MISC", + "name": "https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/", + "url": "https://www.darkmatter.ae/xen1thlabs/librenms-command-injection-vulnerability-xl-19-017/" } ] } diff --git a/2019/15xxx/CVE-2019-15639.json b/2019/15xxx/CVE-2019-15639.json new file mode 100644 index 00000000000..74a33c23403 --- /dev/null +++ b/2019/15xxx/CVE-2019-15639.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15639", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "main/translate.c in Sangoma Asterisk 13.28.0 and 16.5.0 allows a remote attacker to send a specific RTP packet during a call and cause a crash in a specific scenario." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html", + "url": "http://packetstormsecurity.com/files/154372/Asterisk-Project-Security-Advisory-AST-2019-005.html" + }, + { + "refsource": "CONFIRM", + "name": "http://downloads.asterisk.org/pub/security/AST-2019-005.html", + "url": "http://downloads.asterisk.org/pub/security/AST-2019-005.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15895.json b/2019/15xxx/CVE-2019-15895.json new file mode 100644 index 00000000000..223b25a0542 --- /dev/null +++ b/2019/15xxx/CVE-2019-15895.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "search-exclude.php in the \"Search Exclude\" plugin through 1.2.2 for WordPress allows unauthenticated options changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/search-exclude/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/search-exclude/#developers" + }, + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9870", + "url": "https://wpvulndb.com/vulnerabilities/9870" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16114.json b/2019/16xxx/CVE-2019-16114.json new file mode 100644 index 00000000000..32998fe1da7 --- /dev/null +++ b/2019/16xxx/CVE-2019-16114.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16114", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ATutor 2.2.4, an unauthenticated attacker can change the application settings and force it to use his crafted database, which allows him to gain access to the application. Next, he can change the directory that the application uploads files to, which allows him to achieve remote code execution. This occurs because install/include/header.php does not restrict certain changes (to db_host, db_login, db_password, and content_dir) within install/include/step5.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/atutor/ATutor/commits/master", + "refsource": "MISC", + "name": "https://github.com/atutor/ATutor/commits/master" + }, + { + "refsource": "MISC", + "name": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2019-16114/README.md", + "url": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2019-16114/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16146.json b/2019/16xxx/CVE-2019-16146.json new file mode 100644 index 00000000000..f7415bce429 --- /dev/null +++ b/2019/16xxx/CVE-2019-16146.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16146", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gophish through 0.8.0 allows XSS via a username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gophish/gophish/pull/1547", + "refsource": "MISC", + "name": "https://github.com/gophish/gophish/pull/1547" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16148.json b/2019/16xxx/CVE-2019-16148.json new file mode 100644 index 00000000000..905ce84a785 --- /dev/null +++ b/2019/16xxx/CVE-2019-16148.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16148", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sakai through 12.6 allows XSS via a chat user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/sakaiproject/sakai/pull/6971", + "refsource": "MISC", + "name": "https://github.com/sakaiproject/sakai/pull/6971" + } + ] + } +} \ No newline at end of file