From 5cb04f70574979e83e2ea3fd0c7e49f2ccca5bc6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 10 Jul 2019 16:00:47 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2018/10xxx/CVE-2018-10531.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19569.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19570.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19572.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19573.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19574.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19575.json | 53 ++++++++++++++++++++++++- 2018/19xxx/CVE-2018-19576.json | 53 ++++++++++++++++++++++++- 2019/12xxx/CVE-2019-12466.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12471.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12472.json | 61 ++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12473.json | 71 +++++++++++++++++++++++++++++++--- 2019/12xxx/CVE-2019-12474.json | 71 +++++++++++++++++++++++++++++++--- 2019/13xxx/CVE-2019-13454.json | 5 +++ 14 files changed, 728 insertions(+), 46 deletions(-) diff --git a/2018/10xxx/CVE-2018-10531.json b/2018/10xxx/CVE-2018-10531.json index d3669714d89..d87b8b87a6f 100644 --- a/2018/10xxx/CVE-2018-10531.json +++ b/2018/10xxx/CVE-2018-10531.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10531", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An issue was discovered in the America's Army Proving Grounds platform for the Unreal Engine. With a false packet sent via UDP, the application server responds with several bytes, giving the possibility of DoS amplification, even being able to be used in DDoS attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.xlabs.com.br/blog/author/mauricio-correa/", + "refsource": "MISC", + "name": "https://www.xlabs.com.br/blog/author/mauricio-correa/" + }, + { + "refsource": "MISC", + "name": "https://www.xlabs.com.br/blog/cve-2018-10531-americas-army-proving-grounds-ddos-amplification/", + "url": "https://www.xlabs.com.br/blog/cve-2018-10531-americas-army-proving-grounds-ddos-amplification/" } ] } diff --git a/2018/19xxx/CVE-2018-19569.json b/2018/19xxx/CVE-2018-19569.json index cd525f2507b..ca5a52c252b 100644 --- a/2018/19xxx/CVE-2018-19569.json +++ b/2018/19xxx/CVE-2018-19569.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19569", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an authorization vulnerability that allows access to the web-UI as a user using a Personal Access Token of any scope." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50319", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/50319" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19570.json b/2018/19xxx/CVE-2018-19570.json index 60f8beb70f3..58eef399356 100644 --- a/2018/19xxx/CVE-2018-19570.json +++ b/2018/19xxx/CVE-2018-19570.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19570", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 11.3 before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via unrecognized HTML tags." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52392", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52392" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19572.json b/2018/19xxx/CVE-2018-19572.json index d248cbc769a..0f93b9ffcd5 100644 --- a/2018/19xxx/CVE-2018-19572.json +++ b/2018/19xxx/CVE-2018-19572.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19572", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE 8.17 and later and EE 8.3 and later have a symlink time-of-check-to-time-of-use race condition that would allow unauthorized access to files in the GitLab Pages chroot environment. This is fixed in versions 11.5.1, 11.4.8, and 11.3.11." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-pages/issues/98", + "url": "https://gitlab.com/gitlab-org/gitlab-pages/issues/98" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19573.json b/2018/19xxx/CVE-2018-19573.json index 0e3a52190e6..254d4baa4dd 100644 --- a/2018/19xxx/CVE-2018-19573.json +++ b/2018/19xxx/CVE-2018-19573.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19573", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 10.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in Markdown fields via Mermaid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45906", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/45906" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19574.json b/2018/19xxx/CVE-2018-19574.json index 925db927d65..9fc8804fbda 100644 --- a/2018/19xxx/CVE-2018-19574.json +++ b/2018/19xxx/CVE-2018-19574.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19574", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 7.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an XSS vulnerability in the OAuth authorization page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42057", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42057" } ] } diff --git a/2018/19xxx/CVE-2018-19575.json b/2018/19xxx/CVE-2018-19575.json index a3541409e33..c7b4213e975 100644 --- a/2018/19xxx/CVE-2018-19575.json +++ b/2018/19xxx/CVE-2018-19575.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19575", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 10.1 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an insecure direct object reference issue that allows a user to make comments on a locked issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52523", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/52523" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" } ] } diff --git a/2018/19xxx/CVE-2018-19576.json b/2018/19xxx/CVE-2018-19576.json index 1b8436b202b..c19fdbe537e 100644 --- a/2018/19xxx/CVE-2018-19576.json +++ b/2018/19xxx/CVE-2018-19576.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-19576", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,33 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "GitLab CE/EE, versions 8.6 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an access control issue that allows a Guest user to make changes to or delete their own comments on an issue, after the issue was made Confidential." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51238", + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51238" } ] } diff --git a/2019/12xxx/CVE-2019-12466.json b/2019/12xxx/CVE-2019-12466.json index 5921f7df6c6..23f5a361015 100644 --- a/2019/12xxx/CVE-2019-12466.json +++ b/2019/12xxx/CVE-2019-12466.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12466", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12466", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wikimedia MediaWiki through 1.32.1 allows CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T25227", + "url": "https://phabricator.wikimedia.org/T25227" } ] } diff --git a/2019/12xxx/CVE-2019-12471.json b/2019/12xxx/CVE-2019-12471.json index 884ef3b8016..091b6eae931 100644 --- a/2019/12xxx/CVE-2019-12471.json +++ b/2019/12xxx/CVE-2019-12471.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12471", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12471", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T207603", + "url": "https://phabricator.wikimedia.org/T207603" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/12xxx/CVE-2019-12472.json b/2019/12xxx/CVE-2019-12472.json index cc07af229fd..2943fb376c1 100644 --- a/2019/12xxx/CVE-2019-12472.json +++ b/2019/12xxx/CVE-2019-12472.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12472", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12472", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T199540", + "url": "https://phabricator.wikimedia.org/T199540" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/12xxx/CVE-2019-12473.json b/2019/12xxx/CVE-2019-12473.json index 618dd3ce7ce..5f4a8cba854 100644 --- a/2019/12xxx/CVE-2019-12473.json +++ b/2019/12xxx/CVE-2019-12473.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12473", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12473", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T204729", + "url": "https://phabricator.wikimedia.org/T204729" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/12xxx/CVE-2019-12474.json b/2019/12xxx/CVE-2019-12474.json index 0039214c0fe..eac32d7f51b 100644 --- a/2019/12xxx/CVE-2019-12474.json +++ b/2019/12xxx/CVE-2019-12474.json @@ -1,17 +1,76 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2019-12474", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2019-12474", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "DEBIAN", + "name": "DSA-4460", + "url": "https://www.debian.org/security/2019/dsa-4460" + }, + { + "refsource": "BUGTRAQ", + "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update", + "url": "https://seclists.org/bugtraq/2019/Jun/12" + }, + { + "refsource": "MISC", + "name": "https://phabricator.wikimedia.org/T212118", + "url": "https://phabricator.wikimedia.org/T212118" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html" } ] } diff --git a/2019/13xxx/CVE-2019-13454.json b/2019/13xxx/CVE-2019-13454.json index 7140edff5d8..35c51b0bbec 100644 --- a/2019/13xxx/CVE-2019-13454.json +++ b/2019/13xxx/CVE-2019-13454.json @@ -66,6 +66,11 @@ "url": "https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4", "refsource": "MISC", "name": "https://github.com/ImageMagick/ImageMagick6/commit/4f31d78716ac94c85c244efcea368fea202e2ed4" + }, + { + "refsource": "BID", + "name": "109099", + "url": "http://www.securityfocus.com/bid/109099" } ] }