From e84778a49e10c39ee09c379de4510011e3bc069d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Mar 2019 12:05:37 -0400 Subject: [PATCH] - Synchronized data. --- 2018/20xxx/CVE-2018-20801.json | 67 +++++++++++++++++++++++++++++ 2019/9xxx/CVE-2019-9786.json | 18 ++++++++ 2019/9xxx/CVE-2019-9787.json | 77 ++++++++++++++++++++++++++++++++++ 3 files changed, 162 insertions(+) create mode 100644 2018/20xxx/CVE-2018-20801.json create mode 100644 2019/9xxx/CVE-2019-9786.json create mode 100644 2019/9xxx/CVE-2019-9787.json diff --git a/2018/20xxx/CVE-2018-20801.json b/2018/20xxx/CVE-2018-20801.json new file mode 100644 index 00000000000..c8ca7572f23 --- /dev/null +++ b/2018/20xxx/CVE-2018-20801.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-20801", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "In js/parts/SvgRenderer.js in Highcharts JS before 6.1.0, the use of backtracking regular expressions permitted an attacker to conduct a denial of service attack against the SVGRenderer component, aka ReDoS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa", + "refsource" : "MISC", + "url" : "https://github.com/highcharts/highcharts/commit/7c547e1e0f5e4379f94396efd559a566668c0dfa" + }, + { + "name" : "https://snyk.io/vuln/npm:highcharts:20180225", + "refsource" : "MISC", + "url" : "https://snyk.io/vuln/npm:highcharts:20180225" + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9786.json b/2019/9xxx/CVE-2019-9786.json new file mode 100644 index 00000000000..6760b568dd8 --- /dev/null +++ b/2019/9xxx/CVE-2019-9786.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9786", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2019/9xxx/CVE-2019-9787.json b/2019/9xxx/CVE-2019-9787.json new file mode 100644 index 00000000000..72232baae9e --- /dev/null +++ b/2019/9xxx/CVE-2019-9787.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2019-9787", + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "WordPress before 5.1.1 does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration. This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access, which allows arbitrary changes to .php files. This is related to wp-admin/includes/ajax-actions.php and wp-includes/comment.php." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/", + "refsource" : "MISC", + "url" : "https://blog.ripstech.com/2019/wordpress-csrf-to-rce/" + }, + { + "name" : "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b", + "refsource" : "MISC", + "url" : "https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b" + }, + { + "name" : "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/", + "refsource" : "MISC", + "url" : "https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/" + }, + { + "name" : "https://wordpress.org/support/wordpress-version/version-5-1-1/", + "refsource" : "MISC", + "url" : "https://wordpress.org/support/wordpress-version/version-5-1-1/" + } + ] + } +}