diff --git a/2014/10xxx/CVE-2014-10387.json b/2014/10xxx/CVE-2014-10387.json new file mode 100644 index 00000000000..a2dd9ccff2b --- /dev/null +++ b/2014/10xxx/CVE-2014-10387.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10388.json b/2014/10xxx/CVE-2014-10388.json new file mode 100644 index 00000000000..c91cf9e7c5e --- /dev/null +++ b/2014/10xxx/CVE-2014-10388.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10388", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10389.json b/2014/10xxx/CVE-2014-10389.json new file mode 100644 index 00000000000..bdbbf45e92f --- /dev/null +++ b/2014/10xxx/CVE-2014-10389.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10390.json b/2014/10xxx/CVE-2014-10390.json new file mode 100644 index 00000000000..fcf60062169 --- /dev/null +++ b/2014/10xxx/CVE-2014-10390.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10390", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10391.json b/2014/10xxx/CVE-2014-10391.json new file mode 100644 index 00000000000..b19d6e8e890 --- /dev/null +++ b/2014/10xxx/CVE-2014-10391.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10392.json b/2014/10xxx/CVE-2014-10392.json new file mode 100644 index 00000000000..062fa09ee5f --- /dev/null +++ b/2014/10xxx/CVE-2014-10392.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10392", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cforms2 plugin before 10.2 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cforms2/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cforms2/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10394.json b/2014/10xxx/CVE-2014-10394.json new file mode 100644 index 00000000000..ba36f6bb2b5 --- /dev/null +++ b/2014/10xxx/CVE-2014-10394.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/rich-counter/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/rich-counter/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9341.json b/2015/9xxx/CVE-2015-9341.json new file mode 100644 index 00000000000..bb62167f202 --- /dev/null +++ b/2015/9xxx/CVE-2015-9341.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-file-upload/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10930.json b/2016/10xxx/CVE-2016-10930.json new file mode 100644 index 00000000000..a87c0514abd --- /dev/null +++ b/2016/10xxx/CVE-2016-10930.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18586.json b/2017/18xxx/CVE-2017-18586.json new file mode 100644 index 00000000000..f72963af5ce --- /dev/null +++ b/2017/18xxx/CVE-2017-18586.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/insert-pages/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/insert-pages/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20988.json b/2018/20xxx/CVE-2018-20988.json new file mode 100644 index 00000000000..e92428e18c9 --- /dev/null +++ b/2018/20xxx/CVE-2018-20988.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20988", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wpgform/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wpgform/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12385.json b/2019/12xxx/CVE-2019-12385.json index 869f7860f8a..35a6348fd32 100644 --- a/2019/12xxx/CVE-2019-12385.json +++ b/2019/12xxx/CVE-2019-12385.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12385", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12385", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/", + "url": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/" } ] } diff --git a/2019/12xxx/CVE-2019-12386.json b/2019/12xxx/CVE-2019-12386.json index f7e341535bc..f22a957cb34 100644 --- a/2019/12xxx/CVE-2019-12386.json +++ b/2019/12xxx/CVE-2019-12386.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12386", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12386", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay \"add instance\" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/", + "url": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/" } ] } diff --git a/2019/12xxx/CVE-2019-12447.json b/2019/12xxx/CVE-2019-12447.json index 5043906eccc..ac3110c283e 100644 --- a/2019/12xxx/CVE-2019-12447.json +++ b/2019/12xxx/CVE-2019-12447.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://gitlab.gnome.org/GNOME/gvfs/compare/5cd76d627f4d1982b6e77a0e271ef9301732d09e...3895e09d784ebec0fbc4614d5c37068736120e1d", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/gvfs/compare/5cd76d627f4d1982b6e77a0e271ef9301732d09e...3895e09d784ebec0fbc4614d5c37068736120e1d" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1699", @@ -86,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e6b02af8b8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80", + "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80" } ] } diff --git a/2019/12xxx/CVE-2019-12448.json b/2019/12xxx/CVE-2019-12448.json index 7ebcecf1ae5..417e6fc3082 100644 --- a/2019/12xxx/CVE-2019-12448.json +++ b/2019/12xxx/CVE-2019-12448.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1699", @@ -86,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e6b02af8b8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5", + "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5" } ] } diff --git a/2019/12xxx/CVE-2019-12449.json b/2019/12xxx/CVE-2019-12449.json index 9bffe5a1e4f..2e61c75df26 100644 --- a/2019/12xxx/CVE-2019-12449.json +++ b/2019/12xxx/CVE-2019-12449.json @@ -52,11 +52,6 @@ }, "references": { "reference_data": [ - { - "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90", - "refsource": "MISC", - "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90" - }, { "refsource": "SUSE", "name": "openSUSE-SU-2019:1699", @@ -86,6 +81,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-e6b02af8b8", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8", + "url": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8" } ] } diff --git a/2019/12xxx/CVE-2019-12797.json b/2019/12xxx/CVE-2019-12797.json index 37da0b3f23b..6db9b43b055 100644 --- a/2019/12xxx/CVE-2019-12797.json +++ b/2019/12xxx/CVE-2019-12797.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle, as demonstrated by turning off the vehicle's lights." + "value": "A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle." } ] }, @@ -61,11 +61,6 @@ "refsource": "MISC", "name": "https://www.kth.se/polopoly_fs/1.917488.1564430206!/elm327.pdf", "url": "https://www.kth.se/polopoly_fs/1.917488.1564430206!/elm327.pdf" - }, - { - "refsource": "MISC", - "name": "https://www.kth.se/polopoly_fs/1.914063.1561621564!/Marstorp%20%26%20Lindstrom%2C%20Security%20Testing%20of%20an%20OBD-II%20Connected%20IoT%20Device.pdf", - "url": "https://www.kth.se/polopoly_fs/1.914063.1561621564!/Marstorp%20%26%20Lindstrom%2C%20Security%20Testing%20of%20an%20OBD-II%20Connected%20IoT%20Device.pdf" } ] } diff --git a/2019/13xxx/CVE-2019-13588.json b/2019/13xxx/CVE-2019-13588.json index 35dc8a5190f..fa7be5b95f9 100644 --- a/2019/13xxx/CVE-2019-13588.json +++ b/2019/13xxx/CVE-2019-13588.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX through 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter." + "value": "A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter." } ] }, @@ -52,10 +52,20 @@ }, "references": { "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://sourceforge.net/p/wikindx/code/commit_browser", + "url": "https://sourceforge.net/p/wikindx/code/commit_browser" + }, { "refsource": "CONFIRM", "name": "https://sourceforge.net/p/wikindx/code/2794/", "url": "https://sourceforge.net/p/wikindx/code/2794/" + }, + { + "refsource": "CONFIRM", + "name": "https://sourceforge.net/p/wikindx/code/2801/tree//wikindx/trunk/CHANGELOG.txt?diff=51060a0c271846770c56c75a:2800", + "url": "https://sourceforge.net/p/wikindx/code/2801/tree//wikindx/trunk/CHANGELOG.txt?diff=51060a0c271846770c56c75a:2800" } ] } diff --git a/2019/15xxx/CVE-2019-15060.json b/2019/15xxx/CVE-2019-15060.json new file mode 100644 index 00000000000..b40998fff4c --- /dev/null +++ b/2019/15xxx/CVE-2019-15060.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://twitter.com/rapt00rvf", + "refsource": "MISC", + "name": "https://twitter.com/rapt00rvf" + }, + { + "refsource": "MISC", + "name": "https://vitor-fernandes.github.io/First-CVE/", + "url": "https://vitor-fernandes.github.io/First-CVE/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15107.json b/2019/15xxx/CVE-2019-15107.json index cde0899afda..a63f05d13d0 100644 --- a/2019/15xxx/CVE-2019-15107.json +++ b/2019/15xxx/CVE-2019-15107.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "An issue was discovered in Webmin 1.882 through 1.921. The parameter old in password_change.cgi contains a command injection vulnerability. NOTE: CVE-2019-15231 is an intentionally separate ID for the 1.890 case, which has different threat characteristics, and represents a non-identical code change (e.g., workarounds for other versions may not help to secure a 1.890 installation)." + "value": "An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability." } ] }, diff --git a/2019/15xxx/CVE-2019-15231.json b/2019/15xxx/CVE-2019-15231.json index 6949d504c30..0c13a8426e1 100644 --- a/2019/15xxx/CVE-2019-15231.json +++ b/2019/15xxx/CVE-2019-15231.json @@ -1,86 +1,17 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-15231", - "STATE": "PUBLIC" - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "product": { - "product_data": [ - { - "product_name": "n/a", - "version": { - "version_data": [ - { - "version_value": "n/a" - } - ] - } - } - ] - }, - "vendor_name": "n/a" - } - ] - } - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-15231", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, "description": { "description_data": [ { "lang": "eng", - "value": "Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This CVE only refers to the backdoor that was enabled by default, and therefore is a separate CVE from CVE-2019-15107. NOTE: although the vendor's build infrastructure was compromised in 2018, the compromise is not known to affect any GitHub repository. Thus, the relatively uncommon case of an end user building their own copy of Webmin (from the 1.890 tag on GitHub) is thought to be safe." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "n/a" - } - ] - } - ] - }, - "references": { - "reference_data": [ - { - "url": "http://www.webmin.com/security.html", - "refsource": "MISC", - "name": "http://www.webmin.com/security.html" - }, - { - "url": "https://www.virtualmin.com/node/66890", - "refsource": "MISC", - "name": "https://www.virtualmin.com/node/66890" - }, - { - "refsource": "MISC", - "name": "https://snyk.io/blog/a-year-old-dormant-malicious-remote-code-execution-vulnerability-discovered-in-webmin/", - "url": "https://snyk.io/blog/a-year-old-dormant-malicious-remote-code-execution-vulnerability-discovered-in-webmin/" - }, - { - "refsource": "MISC", - "name": "http://webmin.com/exploit.html", - "url": "http://webmin.com/exploit.html" - }, - { - "refsource": "MISC", - "name": "https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/", - "url": "https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/" - }, - { - "refsource": "MISC", - "name": "https://duo.com/decipher/backdoor-found-in-webmin-utility", - "url": "https://duo.com/decipher/backdoor-found-in-webmin-utility" + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15107. Reason: This candidate is a duplicate of CVE-2019-15107. Notes: All CVE users should reference CVE-2019-15107 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/15xxx/CVE-2019-15330.json b/2019/15xxx/CVE-2019-15330.json new file mode 100644 index 00000000000..99c3079eec4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15330.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15330", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/webp-express/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/webp-express/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15331.json b/2019/15xxx/CVE-2019-15331.json new file mode 100644 index 00000000000..a82c74738c0 --- /dev/null +++ b/2019/15xxx/CVE-2019-15331.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15331", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers" + } + ] + } +} \ No newline at end of file