From 762a21c7c40e24efbedbe2eaba82ee4f8e00704b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 5 Nov 2019 23:01:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2011/1xxx/CVE-2011-1459.json | 58 ++++++++++++++++++++++++++++- 2011/1xxx/CVE-2011-1460.json | 58 ++++++++++++++++++++++++++++- 2019/11xxx/CVE-2019-11043.json | 5 +++ 2019/16xxx/CVE-2019-16056.json | 5 +++ 2019/16xxx/CVE-2019-16935.json | 5 +++ 2019/8xxx/CVE-2019-8091.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8092.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8093.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8107.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8108.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8109.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8110.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8111.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8112.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8113.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8114.json | 67 ++++++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8115.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8116.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8117.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8118.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8119.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8120.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8121.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8122.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8123.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8124.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8125.json | 58 +++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8126.json | 61 +++++++++++++++++++++++++++---- 2019/8xxx/CVE-2019-8127.json | 61 +++++++++++++++++++++++++++---- 29 files changed, 1405 insertions(+), 172 deletions(-) diff --git a/2011/1xxx/CVE-2011-1459.json b/2011/1xxx/CVE-2011-1459.json index 8f476b4bdbe..16daa590f29 100644 --- a/2011/1xxx/CVE-2011-1459.json +++ b/2011/1xxx/CVE-2011-1459.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1459", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=76474", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=76474" + }, + { + "url": "http://trac.webkit.org/changeset/81795", + "refsource": "MISC", + "name": "http://trac.webkit.org/changeset/81795" + }, + { + "url": "http://trac.webkit.org/changeset/81891", + "refsource": "MISC", + "name": "http://trac.webkit.org/changeset/81891" } ] } diff --git a/2011/1xxx/CVE-2011-1460.json b/2011/1xxx/CVE-2011-1460.json index af27fa844ca..733d4f02f76 100644 --- a/2011/1xxx/CVE-2011-1460.json +++ b/2011/1xxx/CVE-2011-1460.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-1460", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,38 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "WebKit in Google Chrome before Blink M11 contains a bad cast to RenderBlock when anonymous blocks are renderblocks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/chromium/issues/detail?id=76784", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/chromium/issues/detail?id=76784" + }, + { + "url": "http://trac.webkit.org/changeset/81648", + "refsource": "MISC", + "name": "http://trac.webkit.org/changeset/81648" + }, + { + "url": "http://trac.webkit.org/changeset/81748", + "refsource": "MISC", + "name": "http://trac.webkit.org/changeset/81748" } ] } diff --git a/2019/11xxx/CVE-2019-11043.json b/2019/11xxx/CVE-2019-11043.json index d0baebde721..a0edf4e1e14 100644 --- a/2019/11xxx/CVE-2019-11043.json +++ b/2019/11xxx/CVE-2019-11043.json @@ -171,6 +171,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-7bb07c3b02", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2441", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html" } ] }, diff --git a/2019/16xxx/CVE-2019-16056.json b/2019/16xxx/CVE-2019-16056.json index 49c7890c868..be12af6b1d3 100644 --- a/2019/16xxx/CVE-2019-16056.json +++ b/2019/16xxx/CVE-2019-16056.json @@ -131,6 +131,11 @@ "refsource": "FEDORA", "name": "FEDORA-2019-aba3cca74a", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SDQQ56P7ZZR64XV5DUVWNSNXKKEXUG2J/" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2438", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html" } ] } diff --git a/2019/16xxx/CVE-2019-16935.json b/2019/16xxx/CVE-2019-16935.json index c0b8c3a70a6..84b727205e7 100644 --- a/2019/16xxx/CVE-2019-16935.json +++ b/2019/16xxx/CVE-2019-16935.json @@ -96,6 +96,11 @@ "refsource": "SUSE", "name": "openSUSE-SU-2019:2393", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00063.html" + }, + { + "refsource": "SUSE", + "name": "openSUSE-SU-2019:2438", + "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00012.html" } ] } diff --git a/2019/8xxx/CVE-2019-8091.json b/2019/8xxx/CVE-2019-8091.json index 7e12568c708..2055e6619c5 100644 --- a/2019/8xxx/CVE-2019-8091.json +++ b/2019/8xxx/CVE-2019-8091.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8091", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8091", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 1", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.3" + }, + { + "version_value": "and Magento Commerce prior to 1.14.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/supee-11219", + "url": "https://magento.com/security/patches/supee-11219" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3. An authenticated admin user with privileges to access product attributes can leverage layout updates to trigger remote code execution." } ] } diff --git a/2019/8xxx/CVE-2019-8092.json b/2019/8xxx/CVE-2019-8092.json index 43d7c4f2129..0ff926bcf04 100644 --- a/2019/8xxx/CVE-2019-8092.json +++ b/2019/8xxx/CVE-2019-8092.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8092", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8092", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via email template preview." } ] } diff --git a/2019/8xxx/CVE-2019-8093.json b/2019/8xxx/CVE-2019-8093.json index 72fcf06af2a..069e10c86bd 100644 --- a/2019/8xxx/CVE-2019-8093.json +++ b/2019/8xxx/CVE-2019-8093.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8093", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8093", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Disclosure of Critically Sensitive Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary files." } ] } diff --git a/2019/8xxx/CVE-2019-8107.json b/2019/8xxx/CVE-2019-8107.json index c6a3f06949b..4e54567f338 100644 --- a/2019/8xxx/CVE-2019-8107.json +++ b/2019/8xxx/CVE-2019-8107.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8107", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8107", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Deletion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An arbitrary file deletion vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with export data transfer privileges can craft a request to perform arbitrary file deletion." } ] } diff --git a/2019/8xxx/CVE-2019-8108.json b/2019/8xxx/CVE-2019-8108.json index 69af9711214..0b0a7252f76 100644 --- a/2019/8xxx/CVE-2019-8108.json +++ b/2019/8xxx/CVE-2019-8108.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8108", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8108", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Broken Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can manipulate session validation setting for a storefront that leads to insecure authentication and session management." } ] } diff --git a/2019/8xxx/CVE-2019-8109.json b/2019/8xxx/CVE-2019-8109.json index 360cb203787..100ca79ccbc 100644 --- a/2019/8xxx/CVE-2019-8109.json +++ b/2019/8xxx/CVE-2019-8109.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8109", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8109", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can craft a malicious CSRF payload that can result in arbitrary command execution." } ] } diff --git a/2019/8xxx/CVE-2019-8110.json b/2019/8xxx/CVE-2019-8110.json index 6e0d7f8bc1d..a74986b0a68 100644 --- a/2019/8xxx/CVE-2019-8110.json +++ b/2019/8xxx/CVE-2019-8110.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8110", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8110", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage email templates hierarchy to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code." } ] } diff --git a/2019/8xxx/CVE-2019-8111.json b/2019/8xxx/CVE-2019-8111.json index 49d08cc9be5..d40a6e2154a 100644 --- a/2019/8xxx/CVE-2019-8111.json +++ b/2019/8xxx/CVE-2019-8111.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8111", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8111", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage plugin functionality related to email templates to manipulate the interceptor class in a way that allows an attacker to execute arbitrary code." } ] } diff --git a/2019/8xxx/CVE-2019-8112.json b/2019/8xxx/CVE-2019-8112.json index 9ea47cb95e3..c55c4b80d77 100644 --- a/2019/8xxx/CVE-2019-8112.json +++ b/2019/8xxx/CVE-2019-8112.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8112", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8112", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Security bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation." } ] } diff --git a/2019/8xxx/CVE-2019-8113.json b/2019/8xxx/CVE-2019-8113.json index 8fc7f4c579a..dca56891a5c 100644 --- a/2019/8xxx/CVE-2019-8113.json +++ b/2019/8xxx/CVE-2019-8113.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8113", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8113", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration." } ] } diff --git a/2019/8xxx/CVE-2019-8114.json b/2019/8xxx/CVE-2019-8114.json index 40a4fded218..872c38e1069 100644 --- a/2019/8xxx/CVE-2019-8114.json +++ b/2019/8xxx/CVE-2019-8114.json @@ -1,17 +1,70 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8114", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8114", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 1 & 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.3" + }, + { + "version_value": "and Magento Commerce prior to 1.14.4.3" + }, + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/supee-11219", + "url": "https://magento.com/security/patches/supee-11219" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with admin privileges to import features can execute arbitrary code via crafted configuration archive file upload." } ] } diff --git a/2019/8xxx/CVE-2019-8115.json b/2019/8xxx/CVE-2019-8115.json index b99514f9890..956005f34ea 100644 --- a/2019/8xxx/CVE-2019-8115.json +++ b/2019/8xxx/CVE-2019-8115.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8115", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8115", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when adding an image for during simple product creation." } ] } diff --git a/2019/8xxx/CVE-2019-8116.json b/2019/8xxx/CVE-2019-8116.json index b9fb3e0512e..bef8b21cc99 100644 --- a/2019/8xxx/CVE-2019-8116.json +++ b/2019/8xxx/CVE-2019-8116.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8116", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8116", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inadequate Session Handling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can leverage a guest session id value following a successful login to gain access to customer account index page." } ] } diff --git a/2019/8xxx/CVE-2019-8117.json b/2019/8xxx/CVE-2019-8117.json index 8e8513c3fda..56883d30cdd 100644 --- a/2019/8xxx/CVE-2019-8117.json +++ b/2019/8xxx/CVE-2019-8117.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8117", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8117", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticates user can inject arbitrary JavaScript code via product view id specification." } ] } diff --git a/2019/8xxx/CVE-2019-8118.json b/2019/8xxx/CVE-2019-8118.json index 616286e67c5..432534b5a07 100644 --- a/2019/8xxx/CVE-2019-8118.json +++ b/2019/8xxx/CVE-2019-8118.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8118", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8118", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 uses weak cryptographic function to store the failed login attempts for customer accounts." } ] } diff --git a/2019/8xxx/CVE-2019-8119.json b/2019/8xxx/CVE-2019-8119.json index 38aa0dd773e..aa615794faa 100644 --- a/2019/8xxx/CVE-2019-8119.json +++ b/2019/8xxx/CVE-2019-8119.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8119", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8119", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated admin user with import product privileges can delete files through bulk product import and inject code into XSLT file. The combination of these manipulations can lead to remote code execution." } ] } diff --git a/2019/8xxx/CVE-2019-8120.json b/2019/8xxx/CVE-2019-8120.json index a27c0bc9632..9da478f7293 100644 --- a/2019/8xxx/CVE-2019-8120.json +++ b/2019/8xxx/CVE-2019-8120.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8120", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8120", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user can inject arbitrary Javascript code by manipulating section of a POST request related to customer's email address." } ] } diff --git a/2019/8xxx/CVE-2019-8121.json b/2019/8xxx/CVE-2019-8121.json index da9e79ab007..24073482a68 100644 --- a/2019/8xxx/CVE-2019-8121.json +++ b/2019/8xxx/CVE-2019-8121.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8121", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8121", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Using components with known vulnerabilities" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities." } ] } diff --git a/2019/8xxx/CVE-2019-8122.json b/2019/8xxx/CVE-2019-8122.json index 680f5e6250e..c08c94253a2 100644 --- a/2019/8xxx/CVE-2019-8122.json +++ b/2019/8xxx/CVE-2019-8122.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8122", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8122", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with privileges to create products can craft custom layout update and use import product functionality to enable remote code execution." } ] } diff --git a/2019/8xxx/CVE-2019-8123.json b/2019/8xxx/CVE-2019-8123.json index 66db201c279..f4b8a2a95d0 100644 --- a/2019/8xxx/CVE-2019-8123.json +++ b/2019/8xxx/CVE-2019-8123.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8123", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8123", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 1& 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient logging and monitoring" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/supee-11219", + "url": "https://magento.com/security/patches/supee-11219" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient logging and monitoring vulnerability exists in Magento 1 prior to 1.9.4.3 and 1.14.4.3, Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. The logging feature required for effective monitoring did not contain sufficent data to effectively track configuration changes." } ] } diff --git a/2019/8xxx/CVE-2019-8124.json b/2019/8xxx/CVE-2019-8124.json index 6cd56def466..3d199f8c990 100644 --- a/2019/8xxx/CVE-2019-8124.json +++ b/2019/8xxx/CVE-2019-8124.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8124", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8124", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient logging and monitoring" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insufficient logging and monitoring vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Failure to track admin actions related to design configuration could lead to repudiation attacks." } ] } diff --git a/2019/8xxx/CVE-2019-8125.json b/2019/8xxx/CVE-2019-8125.json index d448acb7764..835c7e41030 100644 --- a/2019/8xxx/CVE-2019-8125.json +++ b/2019/8xxx/CVE-2019-8125.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8125", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8125", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 1", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.3, and Magento Commerce prior to 1.14.4.3." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/supee-11219", + "url": "https://magento.com/security/patches/supee-11219" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 1 prior to 1.9.x and 1.14.x. An authenticated admin user can modify configuration parameters via crafted support configuration. The modification can lead to remote code execution." } ] } diff --git a/2019/8xxx/CVE-2019-8126.json b/2019/8xxx/CVE-2019-8126.json index fc520b9a507..18f7ce5ef86 100644 --- a/2019/8xxx/CVE-2019-8126.json +++ b/2019/8xxx/CVE-2019-8126.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8126", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8126", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XML External Entity Injection (XXE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An XML entity injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can craft document type definition for an XML representing XML layout. The crafted document type definition and XML layout allow processing of external entities which can lead to information disclosure." } ] } diff --git a/2019/8xxx/CVE-2019-8127.json b/2019/8xxx/CVE-2019-8127.json index ea3802e1fec..0407bbb7dc3 100644 --- a/2019/8xxx/CVE-2019-8127.json +++ b/2019/8xxx/CVE-2019-8127.json @@ -1,17 +1,64 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8127", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8127", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe Systems Incorporated", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.2 prior to 2.2.10" + }, + { + "version_value": "Magento 2.3 prior to 2.3.3 or 2.3.2-p1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update", + "url": "https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with privileges to an account with Newsletter Template editing permission could exfiltrate the Admin login data, and reset their password, effectively performing a privilege escalation." } ] }