From ac62941f006e4c528dadec22b8a73a1682d44f3c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 17 Oct 2019 13:01:07 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17669.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17670.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17671.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17672.json | 67 +++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17673.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17674.json | 67 +++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17675.json | 77 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17676.json | 62 +++++++++++++++++++++++++++ 8 files changed, 581 insertions(+) create mode 100644 2019/17xxx/CVE-2019-17669.json create mode 100644 2019/17xxx/CVE-2019-17670.json create mode 100644 2019/17xxx/CVE-2019-17671.json create mode 100644 2019/17xxx/CVE-2019-17672.json create mode 100644 2019/17xxx/CVE-2019-17673.json create mode 100644 2019/17xxx/CVE-2019-17674.json create mode 100644 2019/17xxx/CVE-2019-17675.json create mode 100644 2019/17xxx/CVE-2019-17676.json diff --git a/2019/17xxx/CVE-2019-17669.json b/2019/17xxx/CVE-2019-17669.json new file mode 100644 index 00000000000..2e2fdbcec62 --- /dev/null +++ b/2019/17xxx/CVE-2019-17669.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17669", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because URL validation does not consider the interpretation of a name as a series of hex characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + }, + { + "url": "https://core.trac.wordpress.org/changeset/46475", + "refsource": "MISC", + "name": "https://core.trac.wordpress.org/changeset/46475" + }, + { + "url": "https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea", + "refsource": "MISC", + "name": "https://github.com/WordPress/WordPress/commit/608d39faed63ea212b6c6cdf9fe2bef92e2120ea" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17670.json b/2019/17xxx/CVE-2019-17670.json new file mode 100644 index 00000000000..a15264b7cba --- /dev/null +++ b/2019/17xxx/CVE-2019-17670.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 has a Server Side Request Forgery (SSRF) vulnerability because Windows paths are mishandled during certain validation of relative URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + }, + { + "url": "https://core.trac.wordpress.org/changeset/46472", + "refsource": "MISC", + "name": "https://core.trac.wordpress.org/changeset/46472" + }, + { + "url": "https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2", + "refsource": "MISC", + "name": "https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17671.json b/2019/17xxx/CVE-2019-17671.json new file mode 100644 index 00000000000..397bcc4faa2 --- /dev/null +++ b/2019/17xxx/CVE-2019-17671.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress before 5.2.4, unauthenticated viewing of certain content is possible because the static query property is mishandled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + }, + { + "url": "https://core.trac.wordpress.org/changeset/46474", + "refsource": "MISC", + "name": "https://core.trac.wordpress.org/changeset/46474" + }, + { + "url": "https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308", + "refsource": "MISC", + "name": "https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17672.json b/2019/17xxx/CVE-2019-17672.json new file mode 100644 index 00000000000..b2f78c057f3 --- /dev/null +++ b/2019/17xxx/CVE-2019-17672.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 is vulnerable to a stored XSS attack to inject JavaScript into STYLE elements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17673.json b/2019/17xxx/CVE-2019-17673.json new file mode 100644 index 00000000000..77eda23e554 --- /dev/null +++ b/2019/17xxx/CVE-2019-17673.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17673", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 is vulnerable to poisoning of the cache of JSON GET requests because certain requests lack a Vary: Origin header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + }, + { + "url": "https://core.trac.wordpress.org/changeset/46478", + "refsource": "MISC", + "name": "https://core.trac.wordpress.org/changeset/46478" + }, + { + "url": "https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de", + "refsource": "MISC", + "name": "https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17674.json b/2019/17xxx/CVE-2019-17674.json new file mode 100644 index 00000000000..fff012d8fef --- /dev/null +++ b/2019/17xxx/CVE-2019-17674.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 is vulnerable to stored XSS (cross-site scripting) via the Customizer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17675.json b/2019/17xxx/CVE-2019-17675.json new file mode 100644 index 00000000000..084c4fb032b --- /dev/null +++ b/2019/17xxx/CVE-2019-17675.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WordPress before 5.2.4 does not properly consider type confusion during validation of the referer in the admin pages, possibly leading to CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html", + "refsource": "MISC", + "name": "https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html" + }, + { + "url": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/", + "refsource": "MISC", + "name": "https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/" + }, + { + "url": "https://core.trac.wordpress.org/changeset/46477", + "refsource": "MISC", + "name": "https://core.trac.wordpress.org/changeset/46477" + }, + { + "url": "https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0", + "refsource": "MISC", + "name": "https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17676.json b/2019/17xxx/CVE-2019-17676.json new file mode 100644 index 00000000000..fdc51fff76e --- /dev/null +++ b/2019/17xxx/CVE-2019-17676.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "app/system/admin/admin/index.class.php in MetInfo 7.0.0beta allows a CSRF attack to add a user account via a doSaveSetup action to admin/index.php, as demonstrated by an admin/?n=admin&c=index&a=doSaveSetup URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/anx1ang/notes/issues/1", + "refsource": "MISC", + "name": "https://github.com/anx1ang/notes/issues/1" + } + ] + } +} \ No newline at end of file