From 81323e919d8a8dab559a313769495311a6ccb562 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 12 Feb 2019 13:06:02 -0500 Subject: [PATCH] - Synchronized data. --- 2018/18xxx/CVE-2018-18895.json | 2 +- 2019/6xxx/CVE-2019-6549.json | 2 ++ 2019/7xxx/CVE-2019-7739.json | 48 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7740.json | 48 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7741.json | 48 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7742.json | 48 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7743.json | 48 ++++++++++++++++++++++++++++++++-- 2019/7xxx/CVE-2019-7744.json | 48 ++++++++++++++++++++++++++++++++-- 8 files changed, 279 insertions(+), 13 deletions(-) diff --git a/2018/18xxx/CVE-2018-18895.json b/2018/18xxx/CVE-2018-18895.json index b45e2d7c7f9..01ef46cffa9 100644 --- a/2018/18xxx/CVE-2018-18895.json +++ b/2018/18xxx/CVE-2018-18895.json @@ -11,7 +11,7 @@ "description_data" : [ { "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ] } diff --git a/2019/6xxx/CVE-2019-6549.json b/2019/6xxx/CVE-2019-6549.json index aa485da3e05..199845569bb 100644 --- a/2019/6xxx/CVE-2019-6549.json +++ b/2019/6xxx/CVE-2019-6549.json @@ -54,6 +54,8 @@ "references" : { "reference_data" : [ { + "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05", + "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-036-05" } ] diff --git a/2019/7xxx/CVE-2019-7739.json b/2019/7xxx/CVE-2019-7739.json index fa570ec1628..7f9408930c4 100644 --- a/2019/7xxx/CVE-2019-7739.json +++ b/2019/7xxx/CVE-2019-7739.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7739", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. The \"No Filtering\" textfilter overrides child settings in the Global Configuration. This is intended behavior. However, it might be unexpected for the user because the configuration dialog lacks an additional message to explain this." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/767-20190203-core-additional-warning-in-the-global-configuration-textfilter-settings", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/767-20190203-core-additional-warning-in-the-global-configuration-textfilter-settings" } ] } diff --git a/2019/7xxx/CVE-2019-7740.json b/2019/7xxx/CVE-2019-7740.json index bedca793df9..d9dad5c3bb1 100644 --- a/2019/7xxx/CVE-2019-7740.json +++ b/2019/7xxx/CVE-2019-7740.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7740", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/769-20190205-core-xss-issue-in-core-js-writedynalist" } ] } diff --git a/2019/7xxx/CVE-2019-7741.json b/2019/7xxx/CVE-2019-7741.json index ebe9fa4b2db..03eb778f3f2 100644 --- a/2019/7xxx/CVE-2019-7741.json +++ b/2019/7xxx/CVE-2019-7741.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7741", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. Inadequate checks at the Global Configuration helpurl settings allowed stored XSS." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/768-20190204-core-stored-xss-issue-in-the-global-configuration-help-url-2" } ] } diff --git a/2019/7xxx/CVE-2019-7742.json b/2019/7xxx/CVE-2019-7742.json index fab2d09027a..ea3ae5f01f0 100644 --- a/2019/7xxx/CVE-2019-7742.json +++ b/2019/7xxx/CVE-2019-7742.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7742", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. A combination of specific web server configurations, in connection with specific file types and browser-side MIME-type sniffing, causes an XSS attack vector." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/766-20190202-core-browserside-mime-type-sniffing-causes-xss-attack-vectors" } ] } diff --git a/2019/7xxx/CVE-2019-7743.json b/2019/7xxx/CVE-2019-7743.json index 215eaeaa320..4f54504ebf6 100644 --- a/2019/7xxx/CVE-2019-7743.json +++ b/2019/7xxx/CVE-2019-7743.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7743", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. The phar:// stream wrapper can be used for objection injection attacks because there is no protection mechanism (such as the TYPO3 PHAR stream wrapper) to prevent use of the phar:// handler for non .phar-files." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/770-20190206-core-implement-the-typo3-phar-stream-wrapper", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/770-20190206-core-implement-the-typo3-phar-stream-wrapper" } ] } diff --git a/2019/7xxx/CVE-2019-7744.json b/2019/7xxx/CVE-2019-7744.json index cfa34758097..665d9eccd56 100644 --- a/2019/7xxx/CVE-2019-7744.json +++ b/2019/7xxx/CVE-2019-7744.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2019-7744", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Joomla! before 3.9.3. Inadequate filtering on URL fields in various core components could lead to an XSS vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components", + "refsource" : "MISC", + "url" : "https://developer.joomla.org/security-centre/765-20190201-core-lack-of-url-filtering-in-various-core-components" } ] }