admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-08-22 19:00:49 +00:00
parent db2aace057
commit 3b5dfcc2aa
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
23 changed files with 1008 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2014/10xxx/CVE-2014-10387.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10388.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10389.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10390.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10391.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10392.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cforms2 plugin before 10.2 for WordPress has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/cforms2/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/cforms2/#developers"
}
]
}
}

62
2014/10xxx/CVE-2014-10394.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-10394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/rich-counter/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/rich-counter/#developers"
}
]
}
}

62
2015/9xxx/CVE-2015-9341.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-file-upload plugin before 3.4.1 for WordPress has insufficient restrictions on upload of .php.js files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-file-upload/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-file-upload/#developers"
}
]
}
}

62
2016/10xxx/CVE-2016-10930.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 7.1.0 for WordPress has insecure direct object reference via a ticket number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}

62
2017/18xxx/CVE-2017-18586.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-18586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The insert-pages plugin before 3.2.4 for WordPress has directory traversal via custom template paths."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/insert-pages/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/insert-pages/#developers"
}
]
}
}

62
2018/20xxx/CVE-2018-20988.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20988",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wpgform plugin before 0.94 for WordPress has eval injection in the CAPTCHA calculation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wpgform/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wpgform/#developers"
}
]
}
}

56
2019/12xxx/CVE-2019-12385.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12385",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches (even guest users) can dump any data contained in the database (sessions, hashed passwords, etc.). This may lead to a full compromise of admin accounts, when combined with the weak password generator algorithm used in the lostpassword functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/",
"url": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/"
}
]
}

56
2019/12xxx/CVE-2019-12386.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-12386",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2019-12386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Ampache through 3.9.1. A stored XSS exists in the localplay.php LocalPlay \"add instance\" functionality. The injected code is reflected in the instances menu. This vulnerability can be abused to force an admin to create a new privileged user whose credentials are known by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/",
"url": "https://www.tarlogic.com/en/blog/vulnerabilities-in-ampache/"
}
]
}

10
2019/12xxx/CVE-2019-12447.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/gvfs/compare/5cd76d627f4d1982b6e77a0e271ef9301732d09e...3895e09d784ebec0fbc4614d5c37068736120e1d",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/compare/5cd76d627f4d1982b6e77a0e271ef9301732d09e...3895e09d784ebec0fbc4614d5c37068736120e1d"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1699",
@ -86,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-e6b02af8b8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80",
"url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80"
}
]
}

10
2019/12xxx/CVE-2019-12448.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/commit/5cd76d627f4d1982b6e77a0e271ef9301732d09e"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1699",
@ -86,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-e6b02af8b8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5",
"url": "https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5"
}
]
}

10
2019/12xxx/CVE-2019-12449.json
View File

@ -52,11 +52,6 @@
},
"references": {
"reference_data": [
{
"url": "https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90",
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2019:1699",
@ -86,6 +81,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-e6b02af8b8",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/"
},
{
"refsource": "MISC",
"name": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8",
"url": "https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8"
}
]
}

7
2019/12xxx/CVE-2019-12797.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle, as demonstrated by turning off the vehicle's lights."
"value": "A clone version of an ELM327 OBD2 Bluetooth device has a hardcoded PIN, leading to arbitrary commands to an OBD-II bus of a vehicle."
}
]
},
@ -61,11 +61,6 @@
"refsource": "MISC",
"name": "https://www.kth.se/polopoly_fs/1.917488.1564430206!/elm327.pdf",
"url": "https://www.kth.se/polopoly_fs/1.917488.1564430206!/elm327.pdf"
},
{
"refsource": "MISC",
"name": "https://www.kth.se/polopoly_fs/1.914063.1561621564!/Marstorp%20%26%20Lindstrom%2C%20Security%20Testing%20of%20an%20OBD-II%20Connected%20IoT%20Device.pdf",
"url": "https://www.kth.se/polopoly_fs/1.914063.1561621564!/Marstorp%20%26%20Lindstrom%2C%20Security%20Testing%20of%20an%20OBD-II%20Connected%20IoT%20Device.pdf"
}
]
}

12
2019/13xxx/CVE-2019-13588.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX through 5.8.1 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter."
"value": "A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter."
}
]
},
@ -52,10 +52,20 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://sourceforge.net/p/wikindx/code/commit_browser",
"url": "https://sourceforge.net/p/wikindx/code/commit_browser"
},
{
"refsource": "CONFIRM",
"name": "https://sourceforge.net/p/wikindx/code/2794/",
"url": "https://sourceforge.net/p/wikindx/code/2794/"
},
{
"refsource": "CONFIRM",
"name": "https://sourceforge.net/p/wikindx/code/2801/tree//wikindx/trunk/CHANGELOG.txt?diff=51060a0c271846770c56c75a:2800",
"url": "https://sourceforge.net/p/wikindx/code/2801/tree//wikindx/trunk/CHANGELOG.txt?diff=51060a0c271846770c56c75a:2800"
}
]
}

67
2019/15xxx/CVE-2019-15060.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The traceroute function on the TP-Link TL-WR840N v4 router with firmware through 0.9.1 3.16 is vulnerable to remote code execution via a crafted payload in an IP address input field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://twitter.com/rapt00rvf",
"refsource": "MISC",
"name": "https://twitter.com/rapt00rvf"
},
{
"refsource": "MISC",
"name": "https://vitor-fernandes.github.io/First-CVE/",
"url": "https://vitor-fernandes.github.io/First-CVE/"
}
]
}
}

2
2019/15xxx/CVE-2019-15107.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Webmin 1.882 through 1.921. The parameter old in password_change.cgi contains a command injection vulnerability. NOTE: CVE-2019-15231 is an intentionally separate ID for the 1.890 case, which has different threat characteristics, and represents a non-identical code change (e.g., workarounds for other versions may not help to secure a 1.890 installation)."
"value": "An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
}
]
},

83
2019/15xxx/CVE-2019-15231.json
View File

@ -1,86 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2019-15231",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.890, in a default installation, contains a backdoor that allows an unauthenticated attacker to remotely execute commands. This CVE only refers to the backdoor that was enabled by default, and therefore is a separate CVE from CVE-2019-15107. NOTE: although the vendor's build infrastructure was compromised in 2018, the compromise is not known to affect any GitHub repository. Thus, the relatively uncommon case of an end user building their own copy of Webmin (from the 1.890 tag on GitHub) is thought to be safe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.webmin.com/security.html",
"refsource": "MISC",
"name": "http://www.webmin.com/security.html"
},
{
"url": "https://www.virtualmin.com/node/66890",
"refsource": "MISC",
"name": "https://www.virtualmin.com/node/66890"
},
{
"refsource": "MISC",
"name": "https://snyk.io/blog/a-year-old-dormant-malicious-remote-code-execution-vulnerability-discovered-in-webmin/",
"url": "https://snyk.io/blog/a-year-old-dormant-malicious-remote-code-execution-vulnerability-discovered-in-webmin/"
},
{
"refsource": "MISC",
"name": "http://webmin.com/exploit.html",
"url": "http://webmin.com/exploit.html"
},
{
"refsource": "MISC",
"name": "https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/",
"url": "https://arstechnica.com/information-technology/2019/08/the-year-long-rash-of-supply-chain-attacks-against-open-source-is-getting-worse/"
},
{
"refsource": "MISC",
"name": "https://duo.com/decipher/backdoor-found-in-webmin-utility",
"url": "https://duo.com/decipher/backdoor-found-in-webmin-utility"
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15107. Reason: This candidate is a duplicate of CVE-2019-15107. Notes: All CVE users should reference CVE-2019-15107 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

62
2019/15xxx/CVE-2019-15330.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The webp-express plugin before 0.14.11 for WordPress has insufficient protection against arbitrary file reading."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/webp-express/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/webp-express/#developers"
}
]
}
}

62
2019/15xxx/CVE-2019-15331.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wp-support-plus-responsive-ticket-system plugin before 9.1.2 for WordPress has HTML injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers",
"refsource": "MISC",
"name": "https://wordpress.org/plugins/wp-support-plus-responsive-ticket-system/#developers"
}
]
}
}