diff --git a/2019/15xxx/CVE-2019-15745.json b/2019/15xxx/CVE-2019-15745.json new file mode 100644 index 00000000000..dddab6c871f --- /dev/null +++ b/2019/15xxx/CVE-2019-15745.json @@ -0,0 +1,82 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15745", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Eques elf smart plug and the mobile app use a hardcoded AES 256 bit key to encrypt the commands and responses between the device and the app. The communication happens over UDP port 27431. An attacker on the local network can use the same key to encrypt and send commands to discover all smart plugs in a network, take over control of a device, and perform actions such as turning it on and off." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-one/", + "refsource": "MISC", + "name": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-one/" + }, + { + "url": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-two/", + "refsource": "MISC", + "name": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-two/" + }, + { + "url": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-three/", + "refsource": "MISC", + "name": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-three/" + }, + { + "url": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-four/", + "refsource": "MISC", + "name": "https://www.ckn.io/blog/2019/08/27/exploiting-the-eques-elf-smart-plug-part-four/" + }, + { + "url": "https://github.com/iamckn/eques", + "refsource": "MISC", + "name": "https://github.com/iamckn/eques" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15771.json b/2019/15xxx/CVE-2019-15771.json new file mode 100644 index 00000000000..d626b1191c9 --- /dev/null +++ b/2019/15xxx/CVE-2019-15771.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The nd-shortcodes plugin before 6.0 for WordPress has a nopriv_ AJAX action that allows modification of the siteurl setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/nd-shortcodes/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/nd-shortcodes/#developers" + }, + { + "url": "https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/", + "refsource": "MISC", + "name": "https://threatpost.com/wordpress-plugins-exploited-in-ongoing-attack-researchers-warn/147671/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15778.json b/2019/15xxx/CVE-2019-15778.json new file mode 100644 index 00000000000..2eb6db27c2c --- /dev/null +++ b/2019/15xxx/CVE-2019-15778.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15778", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/woo-variation-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/woo-variation-gallery/#developers" + }, + { + "url": "https://www.pluginvulnerabilities.com/2019/08/20/vulnerablity-details-authenticated-persistent-cross-site-scripting-xss-in-additional-variation-images-for-woocommerce/", + "refsource": "MISC", + "name": "https://www.pluginvulnerabilities.com/2019/08/20/vulnerablity-details-authenticated-persistent-cross-site-scripting-xss-in-additional-variation-images-for-woocommerce/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15779.json b/2019/15xxx/CVE-2019-15779.json new file mode 100644 index 00000000000..71f1c73fbb3 --- /dev/null +++ b/2019/15xxx/CVE-2019-15779.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/insta-gallery/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/insta-gallery/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15781.json b/2019/15xxx/CVE-2019-15781.json new file mode 100644 index 00000000000..d2b8a50fa2a --- /dev/null +++ b/2019/15xxx/CVE-2019-15781.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15781", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The facebook-by-weblizar plugin before 2.8.5 for WordPress has CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wordpress.org/plugins/facebook-by-weblizar/#developers", + "refsource": "MISC", + "name": "https://wordpress.org/plugins/facebook-by-weblizar/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15784.json b/2019/15xxx/CVE-2019-15784.json new file mode 100644 index 00000000000..6e572f68b6d --- /dev/null +++ b/2019/15xxx/CVE-2019-15784.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Secure Reliable Transport (SRT) through 1.3.4 has a CSndUList array overflow if there are many SRT connections." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Haivision/srt/pull/811", + "refsource": "MISC", + "name": "https://github.com/Haivision/srt/pull/811" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15785.json b/2019/15xxx/CVE-2019-15785.json new file mode 100644 index 00000000000..8e073575e5b --- /dev/null +++ b/2019/15xxx/CVE-2019-15785.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge through 20190801 has a buffer overflow in PrefsUI_LoadPrefs in prefs.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/fontforge/fontforge/pull/3886", + "refsource": "MISC", + "name": "https://github.com/fontforge/fontforge/pull/3886" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15786.json b/2019/15xxx/CVE-2019-15786.json new file mode 100644 index 00000000000..a5c07b165f0 --- /dev/null +++ b/2019/15xxx/CVE-2019-15786.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/ROBOTIS-GIT/DynamixelSDK/pull/339", + "refsource": "MISC", + "name": "https://github.com/ROBOTIS-GIT/DynamixelSDK/pull/339" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15788.json b/2019/15xxx/CVE-2019-15788.json new file mode 100644 index 00000000000..496c2de89ca --- /dev/null +++ b/2019/15xxx/CVE-2019-15788.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Clara Genomics Analysis before 0.2.0 has an integer overflow for cudapoa memory management in allocate_block.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/clara-genomics/ClaraGenomicsAnalysis/compare/6dc3061...416af9f", + "refsource": "MISC", + "name": "https://github.com/clara-genomics/ClaraGenomicsAnalysis/compare/6dc3061...416af9f" + }, + { + "url": "https://github.com/clara-genomics/ClaraGenomicsAnalysis/pull/70", + "refsource": "MISC", + "name": "https://github.com/clara-genomics/ClaraGenomicsAnalysis/pull/70" + } + ] + } +} \ No newline at end of file