diff --git a/2019/12xxx/CVE-2019-12174.json b/2019/12xxx/CVE-2019-12174.json index a87cffaad87..412af0a2d36 100644 --- a/2019/12xxx/CVE-2019-12174.json +++ b/2019/12xxx/CVE-2019-12174.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12174", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12174", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "hide.me before 2.4.4 on macOS suffers from a privilege escalation vulnerability in the connectWithExecutablePath:configFilePath:configFileName method of the me_hide_vpnhelper.Helper class in the me.hide.vpnhelper macOS privilege helper tool. This method takes user-supplied input and can be used to escalate privileges, as well as obtain the ability to run any application on the system in the root context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2", + "refsource": "MISC", + "name": "https://drive.google.com/open?id=1TwbjmE45gnWeYpFyH8kDU63P7u4IdPd2" } ] } diff --git a/2019/13xxx/CVE-2019-13354.json b/2019/13xxx/CVE-2019-13354.json new file mode 100644 index 00000000000..c8cb46ea952 --- /dev/null +++ b/2019/13xxx/CVE-2019-13354.json @@ -0,0 +1,72 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13354", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The strong_password gem 0.0.7 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 0.0.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://rubygems.org/gems/strong_password/versions", + "refsource": "MISC", + "name": "https://rubygems.org/gems/strong_password/versions" + }, + { + "url": "https://github.com/bdmac/strong_password/releases", + "refsource": "MISC", + "name": "https://github.com/bdmac/strong_password/releases" + }, + { + "refsource": "MISC", + "name": "https://withatwist.dev/strong-password-rubygem-hijacked.html", + "url": "https://withatwist.dev/strong-password-rubygem-hijacked.html" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13413.json b/2019/13xxx/CVE-2019-13413.json new file mode 100644 index 00000000000..22babc7c6a9 --- /dev/null +++ b/2019/13xxx/CVE-2019-13413.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13413", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/2119248", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2119248" + }, + { + "url": "https://wordpress.org/plugins/rencontre/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/rencontre/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13414.json b/2019/13xxx/CVE-2019-13414.json new file mode 100644 index 00000000000..d5a76291093 --- /dev/null +++ b/2019/13xxx/CVE-2019-13414.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13414", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Rencontre plugin before 3.1.3 for WordPress allows XSS via inc/rencontre_widget.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/2119248", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/changeset/2119248" + }, + { + "url": "https://wordpress.org/plugins/rencontre/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/rencontre/#developers" + } + ] + } +} \ No newline at end of file