From c4b154b2326a0dca1b12dd3eaa7dd89e1f861e2a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 15 Aug 2019 16:00:49 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2000/0xxx/CVE-2000-0146.json | 2 +- 2019/10xxx/CVE-2019-10194.json | 5 +++ 2019/10xxx/CVE-2019-10352.json | 5 +++ 2019/10xxx/CVE-2019-10353.json | 5 +++ 2019/10xxx/CVE-2019-10354.json | 5 +++ 2019/11xxx/CVE-2019-11038.json | 5 +++ 2019/13xxx/CVE-2019-13578.json | 77 ++++++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14518.json | 72 +++++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14784.json | 62 +++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14786.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14788.json | 67 +++++++++++++++++++++++++++++ 2019/14xxx/CVE-2019-14789.json | 67 +++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15062.json | 5 +++ 13 files changed, 443 insertions(+), 1 deletion(-) create mode 100644 2019/13xxx/CVE-2019-13578.json create mode 100644 2019/14xxx/CVE-2019-14518.json create mode 100644 2019/14xxx/CVE-2019-14784.json create mode 100644 2019/14xxx/CVE-2019-14786.json create mode 100644 2019/14xxx/CVE-2019-14788.json create mode 100644 2019/14xxx/CVE-2019-14789.json diff --git a/2000/0xxx/CVE-2000-0146.json b/2000/0xxx/CVE-2000-0146.json index 37f7dae46e6..015ae2b7efd 100644 --- a/2000/0xxx/CVE-2000-0146.json +++ b/2000/0xxx/CVE-2000-0146.json @@ -58,8 +58,8 @@ "url": "http://www.securityfocus.com/bid/972" }, { - "name": "20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e", "refsource": "BUGTRAQ", + "name": "20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service", "url": "http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html" } ] diff --git a/2019/10xxx/CVE-2019-10194.json b/2019/10xxx/CVE-2019-10194.json index 31a1e3be2ad..fe7c86fa513 100644 --- a/2019/10xxx/CVE-2019-10194.json +++ b/2019/10xxx/CVE-2019-10194.json @@ -53,6 +53,11 @@ "refsource": "BID", "name": "109140", "url": "http://www.securityfocus.com/bid/109140" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2499", + "url": "https://access.redhat.com/errata/RHSA-2019:2499" } ] }, diff --git a/2019/10xxx/CVE-2019-10352.json b/2019/10xxx/CVE-2019-10352.json index 826e5d57496..7d2309e3b5f 100644 --- a/2019/10xxx/CVE-2019-10352.json +++ b/2019/10xxx/CVE-2019-10352.json @@ -71,6 +71,11 @@ "refsource": "BID", "name": "109299", "url": "http://www.securityfocus.com/bid/109299" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2503", + "url": "https://access.redhat.com/errata/RHSA-2019:2503" } ] } diff --git a/2019/10xxx/CVE-2019-10353.json b/2019/10xxx/CVE-2019-10353.json index 7b7a0954820..163d6e3c3ef 100644 --- a/2019/10xxx/CVE-2019-10353.json +++ b/2019/10xxx/CVE-2019-10353.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "109373", "url": "http://www.securityfocus.com/bid/109373" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2503", + "url": "https://access.redhat.com/errata/RHSA-2019:2503" } ] } diff --git a/2019/10xxx/CVE-2019-10354.json b/2019/10xxx/CVE-2019-10354.json index 31e1b038c0f..0f2a6fcf40d 100644 --- a/2019/10xxx/CVE-2019-10354.json +++ b/2019/10xxx/CVE-2019-10354.json @@ -66,6 +66,11 @@ "refsource": "BID", "name": "109373", "url": "http://www.securityfocus.com/bid/109373" + }, + { + "refsource": "REDHAT", + "name": "RHSA-2019:2503", + "url": "https://access.redhat.com/errata/RHSA-2019:2503" } ] } diff --git a/2019/11xxx/CVE-2019-11038.json b/2019/11xxx/CVE-2019-11038.json index ae13409b24b..a31bb2d61e8 100644 --- a/2019/11xxx/CVE-2019-11038.json +++ b/2019/11xxx/CVE-2019-11038.json @@ -71,6 +71,11 @@ }, "references": { "reference_data": [ + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190611 [SECURITY] [DLA 1817-1] libgd2 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00003.html" + }, { "refsource": "CONFIRM", "name": "https://bugs.php.net/bug.php?id=77973", diff --git a/2019/13xxx/CVE-2019-13578.json b/2019/13xxx/CVE-2019-13578.json new file mode 100644 index 00000000000..affc05a3cb4 --- /dev/null +++ b/2019/13xxx/CVE-2019-13578.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13578", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection vulnerability exists in the Impress GiveWP Give plugin through 2.5.0 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via includes/payments/class-payments-query.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/impress-org/give/commit/d91f4c6dcc92aeb826b060cb2feadd56885f4cea", + "refsource": "MISC", + "name": "https://github.com/impress-org/give/commit/d91f4c6dcc92aeb826b060cb2feadd56885f4cea" + }, + { + "url": "https://github.com/impress-org/give/commit/97b9b5fae2d10742ee42fe00092729fa7da3cb32", + "refsource": "MISC", + "name": "https://github.com/impress-org/give/commit/97b9b5fae2d10742ee42fe00092729fa7da3cb32" + }, + { + "refsource": "MISC", + "name": "https://github.com/impress-org/give/commit/894937d7927eab0c98457656cbd6fb414b3a6fbf", + "url": "https://github.com/impress-org/give/commit/894937d7927eab0c98457656cbd6fb414b3a6fbf" + }, + { + "refsource": "MISC", + "name": "https://fortiguard.com/zeroday/FG-VD-19-098", + "url": "https://fortiguard.com/zeroday/FG-VD-19-098" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14518.json b/2019/14xxx/CVE-2019-14518.json new file mode 100644 index 00000000000..13af813944d --- /dev/null +++ b/2019/14xxx/CVE-2019-14518.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14518", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the \"access policy in the administration panel.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/evolution-cms/evolution/commits/2.0.x", + "refsource": "MISC", + "name": "https://github.com/evolution-cms/evolution/commits/2.0.x" + }, + { + "url": "https://evo.im/", + "refsource": "MISC", + "name": "https://evo.im/" + }, + { + "refsource": "MISC", + "name": "https://github.com/evolution-cms/evolution/issues/1041", + "url": "https://github.com/evolution-cms/evolution/issues/1041" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14784.json b/2019/14xxx/CVE-2019-14784.json new file mode 100644 index 00000000000..a2c64fbaef0 --- /dev/null +++ b/2019/14xxx/CVE-2019-14784.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"CP Contact Form with PayPal\" plugin before 1.2.98 for WordPress has XSS in CSS edition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/cp-contact-form-with-paypal/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14786.json b/2019/14xxx/CVE-2019-14786.json new file mode 100644 index 00000000000..38db464e715 --- /dev/null +++ b/2019/14xxx/CVE-2019-14786.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via the wp-admin/admin-post.php reset-cmb parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rankmath.com/changelog/", + "refsource": "MISC", + "name": "https://rankmath.com/changelog/" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/06/20/authenticated-settings-reset-vulnerability-in-rank-math-seo/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14788.json b/2019/14xxx/CVE-2019-14788.json new file mode 100644 index 00000000000..e49202133e4 --- /dev/null +++ b/2019/14xxx/CVE-2019-14788.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wp-admin/admin-ajax.php?action=newsletters_exportmultiple in the Tribulant Newsletters plugin before 4.6.19 for WordPress allows directory traversal with resultant remote PHP code execution via the subscribers[1][1] parameter in conjunction with an exportfile=../ value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/newsletters-lite/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/newsletters-lite/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/07/02/there-is-also-an-authenticated-remote-code-execution-rce-vulnerability-in-newsletters/" + } + ] + } +} \ No newline at end of file diff --git a/2019/14xxx/CVE-2019-14789.json b/2019/14xxx/CVE-2019-14789.json new file mode 100644 index 00000000000..2b9de7966ec --- /dev/null +++ b/2019/14xxx/CVE-2019-14789.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/custom-404-pro/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/custom-404-pro/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/06/25/other-vulnerability-data-sources-miss-that-a-reflected-xss-vulnerability-in-custom-404-pro-hasnt-been-fixed/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/06/25/other-vulnerability-data-sources-miss-that-a-reflected-xss-vulnerability-in-custom-404-pro-hasnt-been-fixed/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15062.json b/2019/15xxx/CVE-2019-15062.json index 10361f8afc4..823946c4919 100644 --- a/2019/15xxx/CVE-2019-15062.json +++ b/2019/15xxx/CVE-2019-15062.json @@ -56,6 +56,11 @@ "url": "https://github.com/Dolibarr/dolibarr/issues/11671", "refsource": "MISC", "name": "https://github.com/Dolibarr/dolibarr/issues/11671" + }, + { + "refsource": "MISC", + "name": "https://gauravnarwani.com/publications/CVE-2019-15062/", + "url": "https://gauravnarwani.com/publications/CVE-2019-15062/" } ] }