From ab3da64b676cfb012247beee7051aab99be9bb0e Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Sep 2019 13:00:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10946.json | 67 +++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10947.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10948.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10949.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10950.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10951.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10952.json | 72 ++++++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10953.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10954.json | 62 +++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10955.json | 67 +++++++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12516.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12517.json | 61 +++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12922.json | 56 +++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13363.json | 72 ++++++++++++++++++++++++++++++++++ 2019/13xxx/CVE-2019-13364.json | 72 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15030.json | 67 +++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15031.json | 67 +++++++++++++++++++++++++++++++ 17 files changed, 1098 insertions(+), 18 deletions(-) create mode 100644 2016/10xxx/CVE-2016-10946.json create mode 100644 2016/10xxx/CVE-2016-10947.json create mode 100644 2016/10xxx/CVE-2016-10948.json create mode 100644 2016/10xxx/CVE-2016-10949.json create mode 100644 2016/10xxx/CVE-2016-10950.json create mode 100644 2016/10xxx/CVE-2016-10951.json create mode 100644 2016/10xxx/CVE-2016-10952.json create mode 100644 2016/10xxx/CVE-2016-10953.json create mode 100644 2016/10xxx/CVE-2016-10954.json create mode 100644 2016/10xxx/CVE-2016-10955.json create mode 100644 2019/13xxx/CVE-2019-13363.json create mode 100644 2019/13xxx/CVE-2019-13364.json create mode 100644 2019/15xxx/CVE-2019-15030.json create mode 100644 2019/15xxx/CVE-2019-15031.json diff --git a/2016/10xxx/CVE-2016-10946.json b/2016/10xxx/CVE-2016-10946.json new file mode 100644 index 00000000000..768bfa7b992 --- /dev/null +++ b/2016/10xxx/CVE-2016-10946.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The wp-d3 plugin before 2.4.1 for WordPress has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8679", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8679" + }, + { + "url": "https://wordpress.org/plugins/wp-d3/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/wp-d3/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10947.json b/2016/10xxx/CVE-2016-10947.json new file mode 100644 index 00000000000..882bc586e52 --- /dev/null +++ b/2016/10xxx/CVE-2016-10947.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.dxw.com/advisories/sql-injection-in-post-indexer-allows-super-admins-to-read-the-contents-of-the-database/", + "refsource": "MISC", + "name": "https://advisories.dxw.com/advisories/sql-injection-in-post-indexer-allows-super-admins-to-read-the-contents-of-the-database/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10948.json b/2016/10xxx/CVE-2016-10948.json new file mode 100644 index 00000000000..dd914eb60bd --- /dev/null +++ b/2016/10xxx/CVE-2016-10948.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10948", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Post Indexer plugin before 3.0.6.2 for WordPress has incorrect handling of data passed to the unserialize function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/", + "refsource": "MISC", + "name": "https://advisories.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10949.json b/2016/10xxx/CVE-2016-10949.json new file mode 100644 index 00000000000..63ee52dd187 --- /dev/null +++ b/2016/10xxx/CVE-2016-10949.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/", + "refsource": "MISC", + "name": "https://advisories.dxw.com/advisories/sql-injection-and-unserialization-vulnerability-in-relevanssi-premium-could-allow-admins-to-execute-arbitrary-code-in-some-circumstances/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10950.json b/2016/10xxx/CVE-2016-10950.json new file mode 100644 index 00000000000..b1a791901af --- /dev/null +++ b/2016/10xxx/CVE-2016-10950.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10950", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8673", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8673" + }, + { + "url": "https://wordpress.org/plugins/sirv/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/sirv/#developers" + }, + { + "url": "http://lenonleite.com.br/en/2016/11/10/sirv-1-3-1-plugin-for-wordpress/", + "refsource": "MISC", + "name": "http://lenonleite.com.br/en/2016/11/10/sirv-1-3-1-plugin-for-wordpress/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10951.json b/2016/10xxx/CVE-2016-10951.json new file mode 100644 index 00000000000..1e7e39c61a1 --- /dev/null +++ b/2016/10xxx/CVE-2016-10951.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10951", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8672", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8672" + }, + { + "url": "https://wordpress.org/plugins/fs-shopping-cart/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/fs-shopping-cart/#developers" + }, + { + "url": "http://lenonleite.com.br/en/2016/11/10/firestorm-shopping-cart-ecommerce-plugin-2-07-02-for-wordpress/", + "refsource": "MISC", + "name": "http://lenonleite.com.br/en/2016/11/10/firestorm-shopping-cart-ecommerce-plugin-2-07-02-for-wordpress/" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10952.json b/2016/10xxx/CVE-2016-10952.json new file mode 100644 index 00000000000..18ea55a5599 --- /dev/null +++ b/2016/10xxx/CVE-2016-10952.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10952", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8649", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8649" + }, + { + "url": "https://wordpress.org/plugins/quotes-collection/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/quotes-collection/#developers" + }, + { + "url": "https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_quotes_collection_wordpress_plugin.html", + "refsource": "MISC", + "name": "https://sumofpwn.nl/advisory/2016/cross_site_scripting_vulnerability_in_quotes_collection_wordpress_plugin.html" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10953.json b/2016/10xxx/CVE-2016-10953.json new file mode 100644 index 00000000000..cea42f291d3 --- /dev/null +++ b/2016/10xxx/CVE-2016-10953.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10953", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Headway theme before 3.8.9 for WordPress has XSS via the license key field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wptavern.com/headway-3-8-9-patches-potential-xss-vulnerability", + "refsource": "MISC", + "name": "https://wptavern.com/headway-3-8-9-patches-potential-xss-vulnerability" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10954.json b/2016/10xxx/CVE-2016-10954.json new file mode 100644 index 00000000000..7c71dfd7d42 --- /dev/null +++ b/2016/10xxx/CVE-2016-10954.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://lifeforms.nl/20160919/unrestricted-upload-neosense", + "refsource": "MISC", + "name": "https://lifeforms.nl/20160919/unrestricted-upload-neosense" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10955.json b/2016/10xxx/CVE-2016-10955.json new file mode 100644 index 00000000000..68c13ab976a --- /dev/null +++ b/2016/10xxx/CVE-2016-10955.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8612", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8612" + }, + { + "url": "https://wordpress.org/plugins/cysteme-finder/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cysteme-finder/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12516.json b/2019/12xxx/CVE-2019-12516.json index 09b26960fb3..3316e9c0a1f 100644 --- a/2019/12xxx/CVE-2019-12516.json +++ b/2019/12xxx/CVE-2019-12516.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12516", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12516", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The slickquiz plugin through 1.3.7.1 for WordPress allows SQL Injection by Subscriber users, as demonstrated by a /wp-admin/admin.php?page=slickquiz-scores&id= or /wp-admin/admin.php?page=slickquiz-edit&id= or /wp-admin/admin.php?page=slickquiz-preview&id= URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/slickquiz/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/slickquiz/#developers" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154440/WordPress-SlickQuiz-1.3.7.1-SQL-Injection.html", + "url": "http://packetstormsecurity.com/files/154440/WordPress-SlickQuiz-1.3.7.1-SQL-Injection.html" } ] } diff --git a/2019/12xxx/CVE-2019-12517.json b/2019/12xxx/CVE-2019-12517.json index 17d22ded688..8642ac0f670 100644 --- a/2019/12xxx/CVE-2019-12517.json +++ b/2019/12xxx/CVE-2019-12517.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12517", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12517", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/slickquiz/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/slickquiz/#developers" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154439/WordPress-SlickQuiz-1.3.7.1-Cross-Site-Scripting.html", + "url": "http://packetstormsecurity.com/files/154439/WordPress-SlickQuiz-1.3.7.1-Cross-Site-Scripting.html" } ] } diff --git a/2019/12xxx/CVE-2019-12922.json b/2019/12xxx/CVE-2019-12922.json index 3ade94cf4d2..e808a3feddf 100644 --- a/2019/12xxx/CVE-2019-12922.json +++ b/2019/12xxx/CVE-2019-12922.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12922", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12922", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Sep/23", + "url": "http://seclists.org/fulldisclosure/2019/Sep/23" } ] } diff --git a/2019/13xxx/CVE-2019-13363.json b/2019/13xxx/CVE-2019-13363.json new file mode 100644 index 00000000000..fb72bddfbc8 --- /dev/null +++ b/2019/13xxx/CVE-2019-13363.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://piwigo.com", + "refsource": "MISC", + "name": "https://piwigo.com" + }, + { + "url": "https://github.com/Piwigo/Piwigo/issues", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo/issues" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Sep/25", + "url": "http://seclists.org/fulldisclosure/2019/Sep/25" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13364.json b/2019/13xxx/CVE-2019-13364.json new file mode 100644 index 00000000000..8f66f28121a --- /dev/null +++ b/2019/13xxx/CVE-2019-13364.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://piwigo.com", + "refsource": "MISC", + "name": "https://piwigo.com" + }, + { + "url": "https://github.com/Piwigo/Piwigo/issues", + "refsource": "MISC", + "name": "https://github.com/Piwigo/Piwigo/issues" + }, + { + "refsource": "MISC", + "name": "http://seclists.org/fulldisclosure/2019/Sep/25", + "url": "http://seclists.org/fulldisclosure/2019/Sep/25" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15030.json b/2019/15xxx/CVE-2019-15030.json new file mode 100644 index 00000000000..a9a3783e87f --- /dev/null +++ b/2019/15xxx/CVE-2019-15030.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15030", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8205d5d98ef7f155de211f5e2eb6ca03d95a5a60" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/09/10/3", + "url": "http://www.openwall.com/lists/oss-security/2019/09/10/3" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15031.json b/2019/15xxx/CVE-2019-15031.json new file mode 100644 index 00000000000..f20e4b30122 --- /dev/null +++ b/2019/15xxx/CVE-2019-15031.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a8318c13e79badb92bc6640704a64cc022a6eb97" + }, + { + "refsource": "MISC", + "name": "http://www.openwall.com/lists/oss-security/2019/09/10/4", + "url": "http://www.openwall.com/lists/oss-security/2019/09/10/4" + } + ] + } +} \ No newline at end of file