diff --git a/2013/7xxx/CVE-2013-7483.json b/2013/7xxx/CVE-2013-7483.json new file mode 100644 index 00000000000..feebdc537e1 --- /dev/null +++ b/2013/7xxx/CVE-2013-7483.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2013-7483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/slidedeck2/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/slidedeck2/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10382.json b/2014/10xxx/CVE-2014-10382.json new file mode 100644 index 00000000000..5f0984e584b --- /dev/null +++ b/2014/10xxx/CVE-2014-10382.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/feature-comments/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/feature-comments/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10386.json b/2014/10xxx/CVE-2014-10386.json new file mode 100644 index 00000000000..7f68976bd64 --- /dev/null +++ b/2014/10xxx/CVE-2014-10386.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-live-chat-support/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-live-chat-support/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2014/10xxx/CVE-2014-10393.json b/2014/10xxx/CVE-2014-10393.json new file mode 100644 index 00000000000..202112911c7 --- /dev/null +++ b/2014/10xxx/CVE-2014-10393.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2014-10393", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cforms2 plugin before 10.5 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cforms2/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cforms2/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9334.json b/2015/9xxx/CVE-2015-9334.json new file mode 100644 index 00000000000..b855a639247 --- /dev/null +++ b/2015/9xxx/CVE-2015-9334.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The email-newsletter plugin through 20.15 for WordPress has SQL injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/email-newsletter/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/email-newsletter/#developers" + }, + { + "url": "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/", + "refsource": "MISC", + "name": "https://wordpress.org/support/topic/susceptible-to-sql-injection-attack/" + }, + { + "refsource": "MISC", + "name": "https://wordpress.org/plugins/email-newsletter/advanced/", + "url": "https://wordpress.org/plugins/email-newsletter/advanced/" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9338.json b/2015/9xxx/CVE-2015-9338.json new file mode 100644 index 00000000000..4300d0af49d --- /dev/null +++ b/2015/9xxx/CVE-2015-9338.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-file-upload/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9339.json b/2015/9xxx/CVE-2015-9339.json new file mode 100644 index 00000000000..b6445995118 --- /dev/null +++ b/2015/9xxx/CVE-2015-9339.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9339", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-file-upload/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2015/9xxx/CVE-2015-9340.json b/2015/9xxx/CVE-2015-9340.json new file mode 100644 index 00000000000..9107256fa99 --- /dev/null +++ b/2015/9xxx/CVE-2015-9340.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-9340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-file-upload plugin before 3.0.0 for WordPress has insufficient restrictions on upload of php, js, pht, php3, php4, php5, phtml, htm, html, and htaccess files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-file-upload/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10928.json b/2016/10xxx/CVE-2016-10928.json new file mode 100644 index 00000000000..7e2bb340b67 --- /dev/null +++ b/2016/10xxx/CVE-2016-10928.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The onelogin-saml-sso plugin before 2.2.0 for WordPress has a hardcoded @@@nopass@@@ password for just-in-time provisioned users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/onelogin-saml-sso/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/onelogin-saml-sso/#developers" + }, + { + "url": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da", + "refsource": "MISC", + "name": "https://github.com/onelogin/wordpress-saml/commit/fbe808e2fd8fde8cb7e6bf365c5334b5702262da" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10929.json b/2016/10xxx/CVE-2016-10929.json new file mode 100644 index 00000000000..9660bc90f81 --- /dev/null +++ b/2016/10xxx/CVE-2016-10929.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10929", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/advanced-ajax-page-loader/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/advanced-ajax-page-loader/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18578.json b/2017/18xxx/CVE-2017-18578.json new file mode 100644 index 00000000000..794c1cd28f5 --- /dev/null +++ b/2017/18xxx/CVE-2017-18578.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/crafty-social-buttons/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/crafty-social-buttons/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18579.json b/2017/18xxx/CVE-2017-18579.json new file mode 100644 index 00000000000..416c208ab97 --- /dev/null +++ b/2017/18xxx/CVE-2017-18579.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The corner-ad plugin before 1.0.8 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/corner-ad/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/corner-ad/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2017/18xxx/CVE-2017-18585.json b/2017/18xxx/CVE-2017-18585.json new file mode 100644 index 00000000000..c8033221ea6 --- /dev/null +++ b/2017/18xxx/CVE-2017-18585.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-18585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The posts-in-page plugin before 1.3.0 for WordPress has ic_add_posts template='../ directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/posts-in-page/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/posts-in-page/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2017/02/13/authenticated-local-file-inclusion-lfi-vulnerability-in-posts-in-page/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2017/02/13/authenticated-local-file-inclusion-lfi-vulnerability-in-posts-in-page/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20986.json b/2018/20xxx/CVE-2018-20986.json new file mode 100644 index 00000000000..13c7a86263d --- /dev/null +++ b/2018/20xxx/CVE-2018-20986.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20986", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/advanced-custom-fields/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/advanced-custom-fields/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20987.json b/2018/20xxx/CVE-2018-20987.json new file mode 100644 index 00000000000..e2a8d57eee6 --- /dev/null +++ b/2018/20xxx/CVE-2018-20987.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/newsletters-lite/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/newsletters-lite/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13139.json b/2019/13xxx/CVE-2019-13139.json new file mode 100644 index 00000000000..bf250ddd51a --- /dev/null +++ b/2019/13xxx/CVE-2019-13139.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13139", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the \"docker build\" command would be able to gain command execution. An issue exists in the way \"docker build\" processes remote git URLs, and results in command injection into the underlying \"git clone\" command, leading to code execution in the context of the user executing the \"docker build\" command. This occurs because git ref can be misinterpreted as a flag." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/moby/moby/pull/38944", + "refsource": "MISC", + "name": "https://github.com/moby/moby/pull/38944" + }, + { + "url": "https://docs.docker.com/engine/release-notes/#18094", + "refsource": "MISC", + "name": "https://docs.docker.com/engine/release-notes/#18094" + }, + { + "refsource": "MISC", + "name": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/", + "url": "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15325.json b/2019/15xxx/CVE-2019-15325.json new file mode 100644 index 00000000000..54ba29194d4 --- /dev/null +++ b/2019/15xxx/CVE-2019-15325.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15325", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In GalliumOS 3.0, CONFIG_SECURITY_YAMA is disabled but /etc/sysctl.d/10-ptrace.conf tries to set /proc/sys/kernel/yama/ptrace_scope to 1, which might increase risk because of the appearance that a protection mechanism is present when actually it is not." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.kernel.org/doc/Documentation/security/Yama.txt", + "refsource": "MISC", + "name": "https://www.kernel.org/doc/Documentation/security/Yama.txt" + }, + { + "url": "https://github.com/GalliumOS/galliumos-distro/issues/514", + "refsource": "MISC", + "name": "https://github.com/GalliumOS/galliumos-distro/issues/514" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15326.json b/2019/15xxx/CVE-2019-15326.json new file mode 100644 index 00000000000..cdeb3b75ada --- /dev/null +++ b/2019/15xxx/CVE-2019-15326.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import-users-from-csv-with-meta plugin before 1.14.2.1 for WordPress has directory traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15327.json b/2019/15xxx/CVE-2019-15327.json new file mode 100644 index 00000000000..f5105a3e887 --- /dev/null +++ b/2019/15xxx/CVE-2019-15327.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15327", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15328.json b/2019/15xxx/CVE-2019-15328.json new file mode 100644 index 00000000000..6767b5e4e06 --- /dev/null +++ b/2019/15xxx/CVE-2019-15328.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15329.json b/2019/15xxx/CVE-2019-15329.json new file mode 100644 index 00000000000..b682558d013 --- /dev/null +++ b/2019/15xxx/CVE-2019-15329.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/import-users-from-csv-with-meta/#developers" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta?rev=2050450" + } + ] + } +} \ No newline at end of file