diff --git a/2016/10xxx/CVE-2016-10931.json b/2016/10xxx/CVE-2016-10931.json new file mode 100644 index 00000000000..a45ddbe0ef2 --- /dev/null +++ b/2016/10xxx/CVE-2016-10931.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10931", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the openssl crate before 0.9.0 for Rust. There is an SSL/TLS man-in-the-middle vulnerability because certificate verification is off by default and there is no API for hostname verification." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rustsec.org/advisories/RUSTSEC-2016-0001.html", + "refsource": "MISC", + "name": "https://rustsec.org/advisories/RUSTSEC-2016-0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15478.json b/2019/15xxx/CVE-2019-15478.json new file mode 100644 index 00000000000..595fad0d620 --- /dev/null +++ b/2019/15xxx/CVE-2019-15478.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Status Board 1.1.81 has reflected XSS via logic.ts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jameswlane/status-board/pull/949", + "refsource": "MISC", + "name": "https://github.com/jameswlane/status-board/pull/949" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15489.json b/2019/15xxx/CVE-2019-15489.json new file mode 100644 index 00000000000..5e06a2ef892 --- /dev/null +++ b/2019/15xxx/CVE-2019-15489.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Laracommerce/laracom/pull/211", + "refsource": "MISC", + "name": "https://github.com/Laracommerce/laracom/pull/211" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15506.json b/2019/15xxx/CVE-2019-15506.json new file mode 100644 index 00000000000..18870c67f02 --- /dev/null +++ b/2019/15xxx/CVE-2019-15506.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15506", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Kaseya Virtual System Administrator (VSA) through 9.4.0.37. It has a critical information disclosure vulnerability. An unauthenticated attacker can send properly formatted requests to the web application and download sensitive files and information. For example, the /DATAREPORTS directory can be farmed for reports. Because this directory contains the results of reports such as NMAP, Patch Status, and Active Directory domain metadata, an attacker can easily collect this critical information and parse it for information. There are a number of directories affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "http://help.kaseya.com/WebHelp/EN/RN/index.asp#VSAReleaseNotes.htm", + "refsource": "MISC", + "name": "http://help.kaseya.com/WebHelp/EN/RN/index.asp#VSAReleaseNotes.htm" + }, + { + "refsource": "MISC", + "name": "http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access/", + "url": "http://dfdrconsulting.com/2019/cyber-security/cve-2019-15506-kaseya-vsa-critical-information-disclosure-unauthenticated-access/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15532.json b/2019/15xxx/CVE-2019-15532.json new file mode 100644 index 00000000000..405200ee255 --- /dev/null +++ b/2019/15xxx/CVE-2019-15532.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gchq/CyberChef/issues/544", + "refsource": "MISC", + "name": "https://github.com/gchq/CyberChef/issues/544" + }, + { + "url": "https://github.com/gchq/CyberChef/issues/539", + "refsource": "MISC", + "name": "https://github.com/gchq/CyberChef/issues/539" + }, + { + "url": "https://github.com/gchq/CyberChef/commit/01f0625d6a177f9c5df9281f12a27c814c2d8bcf", + "refsource": "MISC", + "name": "https://github.com/gchq/CyberChef/commit/01f0625d6a177f9c5df9281f12a27c814c2d8bcf" + }, + { + "url": "https://github.com/gchq/CyberChef/compare/v8.31.1...v8.31.2", + "refsource": "MISC", + "name": "https://github.com/gchq/CyberChef/compare/v8.31.1...v8.31.2" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15534.json b/2019/15xxx/CVE-2019-15534.json new file mode 100644 index 00000000000..a69e74383ce --- /dev/null +++ b/2019/15xxx/CVE-2019-15534.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Raml-Module-Builder 26.4.0 allows SQL Injection in PostgresClient.update." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/folio-org/raml-module-builder/pull/501", + "refsource": "MISC", + "name": "https://github.com/folio-org/raml-module-builder/pull/501" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15541.json b/2019/15xxx/CVE-2019-15541.json new file mode 100644 index 00000000000..c372eb531bd --- /dev/null +++ b/2019/15xxx/CVE-2019-15541.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16.0 for Rust allows attackers to cause a denial of service (loop of conn_event and ready) by arranging for a client to never be writable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ctz/rustls/compare/cd66549...17ee52c", + "refsource": "MISC", + "name": "https://github.com/ctz/rustls/compare/cd66549...17ee52c" + }, + { + "url": "https://github.com/ctz/rustls/commit/a93ee1abd2ab19ebe4bf9d684d56637ee54a6074", + "refsource": "MISC", + "name": "https://github.com/ctz/rustls/commit/a93ee1abd2ab19ebe4bf9d684d56637ee54a6074" + }, + { + "url": "https://github.com/ctz/rustls/issues/285", + "refsource": "MISC", + "name": "https://github.com/ctz/rustls/issues/285" + } + ] + } +} \ No newline at end of file