diff --git a/2019/13xxx/CVE-2019-13120.json b/2019/13xxx/CVE-2019-13120.json new file mode 100644 index 00000000000..a361d453762 --- /dev/null +++ b/2019/13xxx/CVE-2019-13120.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Amazon FreeRTOS up to and including v1.4.8 for AWS lacks length checking in prvProcessReceivedPublish, resulting in leakage of arbitrary memory contents on a device to an attacker. An attacker sends a malformed MQTT publish packet, and waits for an MQTTACK packet containing the leaked data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://aws.amazon.com/cn/freertos/security-updates/", + "url": "https://aws.amazon.com/cn/freertos/security-updates/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15505.json b/2019/15xxx/CVE-2019-15505.json index a2275375d7a..f1004d4e471 100644 --- a/2019/15xxx/CVE-2019-15505.json +++ b/2019/15xxx/CVE-2019-15505.json @@ -81,6 +81,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20190905-0002/", "url": "https://security.netapp.com/advisory/ntap-20190905-0002/" + }, + { + "refsource": "CONFIRM", + "name": "https://support.f5.com/csp/article/K28222050", + "url": "https://support.f5.com/csp/article/K28222050" } ] } diff --git a/2019/16xxx/CVE-2019-16913.json b/2019/16xxx/CVE-2019-16913.json new file mode 100644 index 00000000000..c77985065d2 --- /dev/null +++ b/2019/16xxx/CVE-2019-16913.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PC Protect Antivirus v4.14.31 installs by default to %PROGRAMFILES(X86)%\\PCProtect with very weak folder permissions, granting any user full permission \"Everyone: (F)\" to the contents of the directory and its subfolders. In addition, the program installs a service called SecurityService that runs as LocalSystem. This allows any user to escalate privileges to \"NT AUTHORITY\\SYSTEM\" by substituting the service's binary with a Trojan horse." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/", + "url": "https://flipflopsecurity.wordpress.com/2019/10/07/pc-protect-v4-14-31-privilege-esclation/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17132.json b/2019/17xxx/CVE-2019-17132.json index 987820ecdee..a50d88963fe 100644 --- a/2019/17xxx/CVE-2019-17132.json +++ b/2019/17xxx/CVE-2019-17132.json @@ -56,6 +56,11 @@ "url": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2", "refsource": "MISC", "name": "https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2" + }, + { + "refsource": "FULLDISC", + "name": "20191007 [KIS-2019-02] vBulletin <= 5.5.4 (updateAvatar) Remote Code Execution Vulnerability", + "url": "http://seclists.org/fulldisclosure/2019/Oct/9" } ] } diff --git a/2019/17xxx/CVE-2019-17239.json b/2019/17xxx/CVE-2019-17239.json new file mode 100644 index 00000000000..b815fe9c600 --- /dev/null +++ b/2019/17xxx/CVE-2019-17239.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/download-plugins-dashboard/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/download-plugins-dashboard/#developers" + } + ] + } +} \ No newline at end of file