diff --git a/2019/13xxx/CVE-2019-13050.json b/2019/13xxx/CVE-2019-13050.json index 4a4ea1770a2..5ffa347b175 100644 --- a/2019/13xxx/CVE-2019-13050.json +++ b/2019/13xxx/CVE-2019-13050.json @@ -56,6 +56,11 @@ "url": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f", "refsource": "MISC", "name": "https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html", + "url": "https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html" } ] } diff --git a/2019/13xxx/CVE-2019-13337.json b/2019/13xxx/CVE-2019-13337.json new file mode 100644 index 00000000000..b59867e101d --- /dev/null +++ b/2019/13xxx/CVE-2019-13337.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL parameter access_token (this is the parameter used by the API). No valid token is required since it is not validated by the backend. The website can then be browsed as if no basic authentication is required." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/polkaman/d039fb5236a043907e44efc198d9161c", + "url": "https://gist.github.com/polkaman/d039fb5236a043907e44efc198d9161c" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13338.json b/2019/13xxx/CVE-2019-13338.json new file mode 100644 index 00000000000..68fb07a1d22 --- /dev/null +++ b/2019/13xxx/CVE-2019-13338.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-13338", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WESEEK GROWI before 3.5.0, a remote attacker can obtain the password hash of the creator of a page by leveraging wiki access to make API calls for page metadata. In other words, the password hash can be retrieved even though it is not a publicly available field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gist.github.com/polkaman/d039fb5236a043907e44efc198d9161c", + "url": "https://gist.github.com/polkaman/d039fb5236a043907e44efc198d9161c" + } + ] + } +} \ No newline at end of file diff --git a/2019/13xxx/CVE-2019-13352.json b/2019/13xxx/CVE-2019-13352.json index 3557371dde1..8455817f601 100644 --- a/2019/13xxx/CVE-2019-13352.json +++ b/2019/13xxx/CVE-2019-13352.json @@ -56,6 +56,11 @@ "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt", "refsource": "MISC", "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt" + }, + { + "refsource": "FULLDISC", + "name": "20190709 UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352]", + "url": "http://seclists.org/fulldisclosure/2019/Jul/9" } ] }