diff --git a/2018/18xxx/CVE-2018-18670.json b/2018/18xxx/CVE-2018-18670.json index a79bf82678d..88ea7d909b3 100644 --- a/2018/18xxx/CVE-2018-18670.json +++ b/2018/18xxx/CVE-2018-18670.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18670", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"Extra Contents\" parameter, aka the adm/config_form_update.php cf_1~10 parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-d1ecbee80f57fde59063c4fafcef1bce" } ] } diff --git a/2018/18xxx/CVE-2018-18672.json b/2018/18xxx/CVE-2018-18672.json index 58fe6a40bd7..1bfda9ada17 100644 --- a/2018/18xxx/CVE-2018-18672.json +++ b/2018/18xxx/CVE-2018-18672.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18672", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"board head contents\" parameter, aka the adm/board_form_update.php bo_content_head parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-05e83ad5f4c0624ed6ff385aed1bf33b" } ] } diff --git a/2018/18xxx/CVE-2018-18675.json b/2018/18xxx/CVE-2018-18675.json index 98c4064270c..e9200dc38a9 100644 --- a/2018/18xxx/CVE-2018-18675.json +++ b/2018/18xxx/CVE-2018-18675.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18675", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board title contents\" parameter, aka the adm/board_form_update.php bo_mobile_subject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-94ec20582215bda9f55fadcefe68c168" } ] } diff --git a/2018/18xxx/CVE-2018-18676.json b/2018/18xxx/CVE-2018-18676.json index fd115eabe94..026638c645f 100644 --- a/2018/18xxx/CVE-2018-18676.json +++ b/2018/18xxx/CVE-2018-18676.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-18676", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GNUBOARD5 5.3.1.9 has XSS that allows remote attackers to inject arbitrary web script or HTML via the \"mobile board tail contents\" parameter, aka the adm/board_form_update.php bo_mobile_content_tail parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0", + "url": "https://github.com/gnuboard/gnuboard5/releases/tag/5.3.2.0" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172", + "url": "https://github.com/gnuboard/gnuboard5/compare/15b2e73...2549172" + }, + { + "refsource": "MISC", + "name": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1", + "url": "https://github.com/gnuboard/gnuboard5/commit/a45241f4bc46aee1ab2cc0749f6444b043681edf#diff-653a2b5a93ed2ca9b8c809ba723638c1" } ] } diff --git a/2019/11xxx/CVE-2019-11553.json b/2019/11xxx/CVE-2019-11553.json index 42fda6bfd4a..af5fcad08fc 100644 --- a/2019/11xxx/CVE-2019-11553.json +++ b/2019/11xxx/CVE-2019-11553.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "Code42 for Enterprise through 6.8.4 has Incorrect Access Control." + "value": "In Code42 for Enterprise through 6.8.4, an administrator without web restore permission but with the ability to manage users in an organization can impersonate a user with web restore permission. When requesting the token to do a web restore, an administrator with permission to manage a user could request the token of that user. If the administrator was not authorized to perform web restores but the user was authorized to perform web restores, this would allow the administrator to impersonate the user with greater permissions. In order to exploit this vulnerability, the user would have to be an administrator with access to manage an organization with a user with greater permissions than themselves." } ] }, diff --git a/2019/13xxx/CVE-2019-13570.json b/2019/13xxx/CVE-2019-13570.json new file mode 100644 index 00000000000..33430e6ceb5 --- /dev/null +++ b/2019/13xxx/CVE-2019-13570.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AJdG AdRotate plugin before 5.3 for WordPress allows SQL Injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://ajdg.solutions/2019/07/11/adrotate-pro-5-3-important-update-for-security-and-ads-txt/", + "url": "https://ajdg.solutions/2019/07/11/adrotate-pro-5-3-important-update-for-security-and-ads-txt/" + } + ] + } +} \ No newline at end of file