From e28d3725f8ea05c6eb89db6034879ab666204c15 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 18 Sep 2019 12:01:06 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/10xxx/CVE-2016-10994.json | 62 +++++++++++++++++++++++++++++++ 2016/10xxx/CVE-2016-10995.json | 62 +++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16215.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16216.json | 67 ++++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16403.json | 62 +++++++++++++++++++++++++++++++ 5 files changed, 320 insertions(+) create mode 100644 2016/10xxx/CVE-2016-10994.json create mode 100644 2016/10xxx/CVE-2016-10995.json create mode 100644 2019/16xxx/CVE-2019-16215.json create mode 100644 2019/16xxx/CVE-2019-16216.json create mode 100644 2019/16xxx/CVE-2019-16403.json diff --git a/2016/10xxx/CVE-2016-10994.json b/2016/10xxx/CVE-2016-10994.json new file mode 100644 index 00000000000..a4d58e8859f --- /dev/null +++ b/2016/10xxx/CVE-2016-10994.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10994", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.vulnerability-lab.com/get_content.php?id=1839", + "refsource": "MISC", + "name": "https://www.vulnerability-lab.com/get_content.php?id=1839" + } + ] + } +} \ No newline at end of file diff --git a/2016/10xxx/CVE-2016-10995.json b/2016/10xxx/CVE-2016-10995.json new file mode 100644 index 00000000000..9065fa0aaca --- /dev/null +++ b/2016/10xxx/CVE-2016-10995.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2016-10995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://wpvulndb.com/vulnerabilities/8482", + "refsource": "MISC", + "name": "https://wpvulndb.com/vulnerabilities/8482" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16215.json b/2019/16xxx/CVE-2019-16215.json new file mode 100644 index 00000000000..71793626d80 --- /dev/null +++ b/2019/16xxx/CVE-2019-16215.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server to spend an effectively arbitrary amount of CPU time and stall the processing of future messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/", + "url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51", + "url": "https://github.com/zulip/zulip/commit/5797f013b3be450c146a4141514bda525f2f1b51" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16216.json b/2019/16xxx/CVE-2019-16216.json new file mode 100644 index 00000000000..eba5fd74e7e --- /dev/null +++ b/2019/16xxx/CVE-2019-16216.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16216", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/", + "url": "https://blog.zulip.org/2019/09/11/zulip-server-2-0-5-security-release/" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e", + "url": "https://github.com/zulip/zulip/commit/1195841dfb9aa26b3b0dabc6f05d72e4af25be3e" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16403.json b/2019/16xxx/CVE-2019-16403.json new file mode 100644 index 00000000000..c6a28328bff --- /dev/null +++ b/2019/16xxx/CVE-2019-16403.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16403", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values (such as address, review, orders, etc.) can also be manipulated by other customers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/bagisto/bagisto/issues/749", + "refsource": "MISC", + "name": "https://github.com/bagisto/bagisto/issues/749" + } + ] + } +} \ No newline at end of file