From e07430a523befe7a1438ba8c9317a91c7c8c6bf7 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 10 Jun 2019 18:00:50 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/7xxx/CVE-2018-7853.json | 5 +++ 2018/7xxx/CVE-2018-7854.json | 5 +++ 2018/7xxx/CVE-2018-7855.json | 10 +++++ 2018/7xxx/CVE-2018-7857.json | 5 +++ 2019/11xxx/CVE-2019-11517.json | 56 ++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12783.json | 18 ++++++++ 2019/12xxx/CVE-2019-12784.json | 18 ++++++++ 2019/12xxx/CVE-2019-12785.json | 18 ++++++++ 2019/12xxx/CVE-2019-12786.json | 62 +++++++++++++++++++++++++++ 2019/12xxx/CVE-2019-12787.json | 62 +++++++++++++++++++++++++++ 2019/6xxx/CVE-2019-6806.json | 5 +++ 2019/6xxx/CVE-2019-6807.json | 5 +++ 2019/6xxx/CVE-2019-6808.json | 5 +++ 2019/9xxx/CVE-2019-9879.json | 76 +++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9880.json | 76 +++++++++++++++++++++++++++++++--- 2019/9xxx/CVE-2019-9881.json | 76 +++++++++++++++++++++++++++++++--- 16 files changed, 478 insertions(+), 24 deletions(-) create mode 100644 2019/12xxx/CVE-2019-12783.json create mode 100644 2019/12xxx/CVE-2019-12784.json create mode 100644 2019/12xxx/CVE-2019-12785.json create mode 100644 2019/12xxx/CVE-2019-12786.json create mode 100644 2019/12xxx/CVE-2019-12787.json diff --git a/2018/7xxx/CVE-2018-7853.json b/2018/7xxx/CVE-2018-7853.json index 0399ac212c4..6a273305b7e 100644 --- a/2018/7xxx/CVE-2018-7853.json +++ b/2018/7xxx/CVE-2018-7853.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0764" } ] }, diff --git a/2018/7xxx/CVE-2018-7854.json b/2018/7xxx/CVE-2018-7854.json index fee31fb851e..43d382c8454 100644 --- a/2018/7xxx/CVE-2018-7854.json +++ b/2018/7xxx/CVE-2018-7854.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0765" } ] }, diff --git a/2018/7xxx/CVE-2018-7855.json b/2018/7xxx/CVE-2018-7855.json index 5b89360fe6e..845ce5fa462 100644 --- a/2018/7xxx/CVE-2018-7855.json +++ b/2018/7xxx/CVE-2018-7855.json @@ -48,6 +48,16 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0767" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0766" } ] }, diff --git a/2018/7xxx/CVE-2018-7857.json b/2018/7xxx/CVE-2018-7857.json index 90cebfdd9eb..d7da8c82cb0 100644 --- a/2018/7xxx/CVE-2018-7857.json +++ b/2018/7xxx/CVE-2018-7857.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0768" } ] }, diff --git a/2019/11xxx/CVE-2019-11517.json b/2019/11xxx/CVE-2019-11517.json index 84ebaa9ba5f..afbbd33c91c 100644 --- a/2019/11xxx/CVE-2019-11517.json +++ b/2019/11xxx/CVE-2019-11517.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-11517", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-11517", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WampServer before 3.1.9 has CSRF in add_vhost.php because the synchronizer pattern implemented as remediation of CVE-2018-8817 was incomplete. An attacker could add/delete any vhosts without the consent of the owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BUGTRAQ", + "name": "20190610 CVE-2019-11517: CSRF in Wampserver 3.1.4-3.1.8", + "url": "https://seclists.org/bugtraq/2019/Jun/10" } ] } diff --git a/2019/12xxx/CVE-2019-12783.json b/2019/12xxx/CVE-2019-12783.json new file mode 100644 index 00000000000..3219fcf4960 --- /dev/null +++ b/2019/12xxx/CVE-2019-12783.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12783", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12784.json b/2019/12xxx/CVE-2019-12784.json new file mode 100644 index 00000000000..3e7ca6cb526 --- /dev/null +++ b/2019/12xxx/CVE-2019-12784.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12784", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12785.json b/2019/12xxx/CVE-2019-12785.json new file mode 100644 index 00000000000..74a590c6c95 --- /dev/null +++ b/2019/12xxx/CVE-2019-12785.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-12785", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12786.json b/2019/12xxx/CVE-2019-12786.json new file mode 100644 index 00000000000..15d5ab0a1c6 --- /dev/null +++ b/2019/12xxx/CVE-2019-12786.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12786", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the IPAddress key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-protected.pdf", + "refsource": "MISC", + "name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-protected.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/12xxx/CVE-2019-12787.json b/2019/12xxx/CVE-2019-12787.json new file mode 100644 index 00000000000..28eead71eed --- /dev/null +++ b/2019/12xxx/CVE-2019-12787.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-12787", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on D-Link DIR-818LW devices from 2.05.B03 to 2.06B01 BETA. There is a command injection in HNAP1 SetWanSettings via an XML injection of the value of the Gateway key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-2-protected.pdf", + "refsource": "MISC", + "name": "https://github.com/TeamSeri0us/pocs/blob/master/iot/dlink/dir818-2-protected.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2019/6xxx/CVE-2019-6806.json b/2019/6xxx/CVE-2019-6806.json index 7b5c93f81da..ec7481f4ae9 100644 --- a/2019/6xxx/CVE-2019-6806.json +++ b/2019/6xxx/CVE-2019-6806.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0769" } ] }, diff --git a/2019/6xxx/CVE-2019-6807.json b/2019/6xxx/CVE-2019-6807.json index 7bced8622d3..22930c05564 100644 --- a/2019/6xxx/CVE-2019-6807.json +++ b/2019/6xxx/CVE-2019-6807.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0770" } ] }, diff --git a/2019/6xxx/CVE-2019-6808.json b/2019/6xxx/CVE-2019-6808.json index 6bf9536432e..bb7ebfd15cb 100644 --- a/2019/6xxx/CVE-2019-6808.json +++ b/2019/6xxx/CVE-2019-6808.json @@ -48,6 +48,11 @@ "refsource": "MISC", "name": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/", "url": "https://www.schneider-electric.com/en/download/document/SEVD-2019-134-11/" + }, + { + "refsource": "MISC", + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0771" } ] }, diff --git a/2019/9xxx/CVE-2019-9879.json b/2019/9xxx/CVE-2019-9879.json index 33253fb8f5a..ab42341a3b2 100644 --- a/2019/9xxx/CVE-2019-9879.json +++ b/2019/9xxx/CVE-2019-9879.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9879", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9879", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9282", + "url": "https://wpvulndb.com/vulnerabilities/9282" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/", + "url": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/" + }, + { + "refsource": "MISC", + "name": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py", + "url": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0", + "url": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0" } ] } diff --git a/2019/9xxx/CVE-2019-9880.json b/2019/9xxx/CVE-2019-9880.json index 2381c5bd1da..c0d31f99f05 100644 --- a/2019/9xxx/CVE-2019-9880.json +++ b/2019/9xxx/CVE-2019-9880.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9880", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9880", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9282", + "url": "https://wpvulndb.com/vulnerabilities/9282" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/", + "url": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/" + }, + { + "refsource": "MISC", + "name": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py", + "url": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0", + "url": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0" } ] } diff --git a/2019/9xxx/CVE-2019-9881.json b/2019/9xxx/CVE-2019-9881.json index 0985bff7143..6afe15b5e88 100644 --- a/2019/9xxx/CVE-2019-9881.json +++ b/2019/9xxx/CVE-2019-9881.json @@ -1,17 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-9881", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-9881", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/9282", + "url": "https://wpvulndb.com/vulnerabilities/9282" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html", + "url": "http://packetstormsecurity.com/files/153025/WordPress-WPGraphQL-0.2.3-Authentication-Bypass-Information-Disclosure.html" + }, + { + "refsource": "MISC", + "name": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/", + "url": "https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/" + }, + { + "refsource": "MISC", + "name": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py", + "url": "https://github.com/pentestpartners/snippets/blob/master/wp-graphql0.2.3_exploit.py" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0", + "url": "https://github.com/wp-graphql/wp-graphql/releases/tag/v0.3.0" } ] }