From b21586b478700b7d75a432ca32cc5efcef09cfbb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 2 Aug 2019 22:00:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/6xxx/CVE-2017-6275.json | 5 +++ 2018/6xxx/CVE-2018-6241.json | 5 +++ 2018/6xxx/CVE-2018-6267.json | 5 +++ 2018/6xxx/CVE-2018-6268.json | 5 +++ 2018/6xxx/CVE-2018-6269.json | 5 +++ 2019/14xxx/CVE-2019-14544.json | 62 ++++++++++++++++++++++++++++++++++ 2019/5xxx/CVE-2019-5680.json | 5 +++ 2019/7xxx/CVE-2019-7849.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7851.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7852.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7853.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7854.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7855.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7857.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7858.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7859.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7860.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7861.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7862.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7863.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7864.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7865.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7866.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7867.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7868.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7869.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7871.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7872.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7873.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7874.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7875.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7876.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7877.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7880.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7881.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7882.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7885.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7886.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7887.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7888.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7889.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7890.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7892.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7895.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7896.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7897.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7898.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7899.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7903.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7904.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7908.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7909.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7911.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7912.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7913.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7915.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7921.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7923.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7925.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7926.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7927.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7928.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7929.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7930.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7932.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7934.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7935.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7936.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7937.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7938.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7939.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7940.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7942.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7944.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7945.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7947.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7950.json | 58 +++++++++++++++++++++++++++---- 2019/7xxx/CVE-2019-7951.json | 58 +++++++++++++++++++++++++++---- 78 files changed, 3713 insertions(+), 497 deletions(-) create mode 100644 2019/14xxx/CVE-2019-14544.json diff --git a/2017/6xxx/CVE-2017-6275.json b/2017/6xxx/CVE-2017-6275.json index 3e8310ee3e3..0d912c4cd10 100644 --- a/2017/6xxx/CVE-2017-6275.json +++ b/2017/6xxx/CVE-2017-6275.json @@ -57,6 +57,11 @@ "name": "https://source.android.com/security/bulletin/pixel/2017-11-01#announcements", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/pixel/2017-11-01#announcements" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] } diff --git a/2018/6xxx/CVE-2018-6241.json b/2018/6xxx/CVE-2018-6241.json index b156dd05e7c..d059743c45b 100644 --- a/2018/6xxx/CVE-2018-6241.json +++ b/2018/6xxx/CVE-2018-6241.json @@ -62,6 +62,11 @@ "name": "https://source.android.com/security/bulletin/2019-01-01", "refsource": "CONFIRM", "url": "https://source.android.com/security/bulletin/2019-01-01" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] } diff --git a/2018/6xxx/CVE-2018-6267.json b/2018/6xxx/CVE-2018-6267.json index cbfadfbf973..ebf8d2ac378 100644 --- a/2018/6xxx/CVE-2018-6267.json +++ b/2018/6xxx/CVE-2018-6267.json @@ -67,6 +67,11 @@ "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] } diff --git a/2018/6xxx/CVE-2018-6268.json b/2018/6xxx/CVE-2018-6268.json index 39c6a3553a9..f6aea172fe8 100644 --- a/2018/6xxx/CVE-2018-6268.json +++ b/2018/6xxx/CVE-2018-6268.json @@ -67,6 +67,11 @@ "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] } diff --git a/2018/6xxx/CVE-2018-6269.json b/2018/6xxx/CVE-2018-6269.json index 72b2cc408fb..30c5c2b08b5 100644 --- a/2018/6xxx/CVE-2018-6269.json +++ b/2018/6xxx/CVE-2018-6269.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787", "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4787" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] }, diff --git a/2019/14xxx/CVE-2019-14544.json b/2019/14xxx/CVE-2019-14544.json new file mode 100644 index 00000000000..d44e03d3e36 --- /dev/null +++ b/2019/14xxx/CVE-2019-14544.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-14544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gogs/gogs/issues/5764", + "refsource": "MISC", + "name": "https://github.com/gogs/gogs/issues/5764" + } + ] + } +} \ No newline at end of file diff --git a/2019/5xxx/CVE-2019-5680.json b/2019/5xxx/CVE-2019-5680.json index f67228da5d1..40316ac041b 100644 --- a/2019/5xxx/CVE-2019-5680.json +++ b/2019/5xxx/CVE-2019-5680.json @@ -53,6 +53,11 @@ "refsource": "BID", "name": "109341", "url": "http://www.securityfocus.com/bid/109341" + }, + { + "refsource": "CONFIRM", + "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804", + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4804" } ] }, diff --git a/2019/7xxx/CVE-2019-7849.json b/2019/7xxx/CVE-2019-7849.json index 094447ead6a..aaaeb680769 100644 --- a/2019/7xxx/CVE-2019-7849.json +++ b/2019/7xxx/CVE-2019-7849.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7849", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7849", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inadequate Session Handling" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A defense-in-depth check was added to mitigate inadequate session validation handling by 3rd party checkout modules. This impacts Magento 1.x prior to 1.9.4.2, Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7851.json b/2019/7xxx/CVE-2019-7851.json index a1b92400092..1ea14b68cfe 100644 --- a/2019/7xxx/CVE-2019-7851.json +++ b/2019/7xxx/CVE-2019-7851.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7851", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7851", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unintended data deletion from customer pages." } ] } diff --git a/2019/7xxx/CVE-2019-7852.json b/2019/7xxx/CVE-2019-7852.json index a0d0d983aed..2a691970dee 100644 --- a/2019/7xxx/CVE-2019-7852.json +++ b/2019/7xxx/CVE-2019-7852.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7852", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7852", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Admin Panel Path Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Requests for a specific file path could result in a redirect to the URL of the Magento admin panel, disclosing its location to potentially unauthorized parties." } ] } diff --git a/2019/7xxx/CVE-2019-7853.json b/2019/7xxx/CVE-2019-7853.json index a8d33eed209..218d01176a6 100644 --- a/2019/7xxx/CVE-2019-7853.json +++ b/2019/7xxx/CVE-2019-7853.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7853", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7853", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the tax notifications configuration in the Magento admin panel." } ] } diff --git a/2019/7xxx/CVE-2019-7854.json b/2019/7xxx/CVE-2019-7854.json index 10a6857aff7..47bdab4c4e2 100644 --- a/2019/7xxx/CVE-2019-7854.json +++ b/2019/7xxx/CVE-2019-7854.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7854", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7854", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure direct object reference (IDOR) vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can lead to unauthorized disclosure of company credit history details." } ] } diff --git a/2019/7xxx/CVE-2019-7855.json b/2019/7xxx/CVE-2019-7855.json index 1f0c1041faf..1546f4213b2 100644 --- a/2019/7xxx/CVE-2019-7855.json +++ b/2019/7xxx/CVE-2019-7855.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7855", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7855", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generation." } ] } diff --git a/2019/7xxx/CVE-2019-7857.json b/2019/7xxx/CVE-2019-7857.json index 291d1167f1f..549821cad57 100644 --- a/2019/7xxx/CVE-2019-7857.json +++ b/2019/7xxx/CVE-2019-7857.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7857", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7857", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 can cause unwanted items to be added to a shopper's cart due to an insufficiently robust anti-CSRF token implementation." } ] } diff --git a/2019/7xxx/CVE-2019-7858.json b/2019/7xxx/CVE-2019-7858.json index 62468d36522..0279c9308a1 100644 --- a/2019/7xxx/CVE-2019-7858.json +++ b/2019/7xxx/CVE-2019-7858.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7858", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7858", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptographic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9 and Magento 2.3 prior to 2.3.2 resulted in storage of sensitive information with an algorithm that is insufficiently resistant to brute force attacks." } ] } diff --git a/2019/7xxx/CVE-2019-7859.json b/2019/7xxx/CVE-2019-7859.json index 9f6c41fa4b8..cf09f22b854 100644 --- a/2019/7xxx/CVE-2019-7859.json +++ b/2019/7xxx/CVE-2019-7859.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7859", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7859", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Path Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A path traversal vulnerability in the WYSIWYG editor for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could result in unauthorized access to uploaded images due to insufficient access control." } ] } diff --git a/2019/7xxx/CVE-2019-7860.json b/2019/7xxx/CVE-2019-7860.json index 99e1dadd8a8..c3b1321ef13 100644 --- a/2019/7xxx/CVE-2019-7860.json +++ b/2019/7xxx/CVE-2019-7860.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7860", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7860", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptographically weak pseudo-rando number generator is used in multiple security relevant contexts in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7861.json b/2019/7xxx/CVE-2019-7861.json index e9e4788a4c6..e0716b31673 100644 --- a/2019/7xxx/CVE-2019-7861.json +++ b/2019/7xxx/CVE-2019-7861.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7861", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7861", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Input Validation " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient server-side validation of user input could allow an attacker to bypass file upload restrictions in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7862.json b/2019/7xxx/CVE-2019-7862.json index 751b47f4dac..3f98c50d5c5 100644 --- a/2019/7xxx/CVE-2019-7862.json +++ b/2019/7xxx/CVE-2019-7862.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7862", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7862", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting vulnerability exists in the Product widget chooser functionality in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7863.json b/2019/7xxx/CVE-2019-7863.json index 2de79920ec5..6474d6ee98b 100644 --- a/2019/7xxx/CVE-2019-7863.json +++ b/2019/7xxx/CVE-2019-7863.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7863", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7863", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel for Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to products and categories." } ] } diff --git a/2019/7xxx/CVE-2019-7864.json b/2019/7xxx/CVE-2019-7864.json index f6ce6fd0ea2..091988f5b6b 100644 --- a/2019/7xxx/CVE-2019-7864.json +++ b/2019/7xxx/CVE-2019-7864.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7864", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7864", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure direct object reference (IDOR) vulnerability exists in the RSS feeds of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details." } ] } diff --git a/2019/7xxx/CVE-2019-7865.json b/2019/7xxx/CVE-2019-7865.json index 7a9604b61f7..d26cf60cf15 100644 --- a/2019/7xxx/CVE-2019-7865.json +++ b/2019/7xxx/CVE-2019-7865.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7865", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7865", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery (CSRF) vulnerability exists in the checkout cart item of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited at the time of editing or configuration." } ] } diff --git a/2019/7xxx/CVE-2019-7866.json b/2019/7xxx/CVE-2019-7866.json index 76962431ff5..7088a104930 100644 --- a/2019/7xxx/CVE-2019-7866.json +++ b/2019/7xxx/CVE-2019-7866.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7866", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7866", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to edit Product information via the TinyMCE editor." } ] } diff --git a/2019/7xxx/CVE-2019-7867.json b/2019/7xxx/CVE-2019-7867.json index eb78c8b416b..c6325af3abe 100644 --- a/2019/7xxx/CVE-2019-7867.json +++ b/2019/7xxx/CVE-2019-7867.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7867", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7867", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to manage orders and order status." } ] } diff --git a/2019/7xxx/CVE-2019-7868.json b/2019/7xxx/CVE-2019-7868.json index c350f113ce7..d26fed28dc6 100644 --- a/2019/7xxx/CVE-2019-7868.json +++ b/2019/7xxx/CVE-2019-7868.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7868", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7868", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage tax rules." } ] } diff --git a/2019/7xxx/CVE-2019-7869.json b/2019/7xxx/CVE-2019-7869.json index 8dafe0d8c74..ae27db984b6 100644 --- a/2019/7xxx/CVE-2019-7869.json +++ b/2019/7xxx/CVE-2019-7869.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7869", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7869", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups." } ] } diff --git a/2019/7xxx/CVE-2019-7871.json b/2019/7xxx/CVE-2019-7871.json index af491f1f44b..a4969c3e8b8 100644 --- a/2019/7xxx/CVE-2019-7871.json +++ b/2019/7xxx/CVE-2019-7871.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7871", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7871", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary PHP Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A security bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 that could be abused to execute arbitrary PHP code. An authenticated user can bypass security protections that prevent arbitrary PHP script upload via form data injection." } ] } diff --git a/2019/7xxx/CVE-2019-7872.json b/2019/7xxx/CVE-2019-7872.json index 4e0b4afecb9..be3f8c2a431 100644 --- a/2019/7xxx/CVE-2019-7872.json +++ b/2019/7xxx/CVE-2019-7872.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7872", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7872", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to insufficient authorizations checks. This can be abused by a user with admin privileges to add users to company accounts or modify existing user details." } ] } diff --git a/2019/7xxx/CVE-2019-7873.json b/2019/7xxx/CVE-2019-7873.json index 1d1032b8039..e9976dfc8f3 100644 --- a/2019/7xxx/CVE-2019-7873.json +++ b/2019/7xxx/CVE-2019-7873.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7873", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7873", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of the store design schedule." } ] } diff --git a/2019/7xxx/CVE-2019-7874.json b/2019/7xxx/CVE-2019-7874.json index 5f3a50eeef9..fe540ce65ae 100644 --- a/2019/7xxx/CVE-2019-7874.json +++ b/2019/7xxx/CVE-2019-7874.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7874", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7874", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can result in unintended deletion of user roles." } ] } diff --git a/2019/7xxx/CVE-2019-7875.json b/2019/7xxx/CVE-2019-7875.json index c75f61c2d94..e648ff47139 100644 --- a/2019/7xxx/CVE-2019-7875.json +++ b/2019/7xxx/CVE-2019-7875.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7875", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7875", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to newsletter templates." } ] } diff --git a/2019/7xxx/CVE-2019-7876.json b/2019/7xxx/CVE-2019-7876.json index 0a86231d943..599f663d26c 100644 --- a/2019/7xxx/CVE-2019-7876.json +++ b/2019/7xxx/CVE-2019-7876.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7876", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7876", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manipulate layouts can insert a malicious payload into the layout." } ] } diff --git a/2019/7xxx/CVE-2019-7877.json b/2019/7xxx/CVE-2019-7877.json index 4eda3c1163c..8293ccfbcb2 100644 --- a/2019/7xxx/CVE-2019-7877.json +++ b/2019/7xxx/CVE-2019-7877.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7877", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7877", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to manage orders can inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7880.json b/2019/7xxx/CVE-2019-7880.json index d79e31cfbd8..9ecea1e4177 100644 --- a/2019/7xxx/CVE-2019-7880.json +++ b/2019/7xxx/CVE-2019-7880.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7880", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7880", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to marketing email templates to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7881.json b/2019/7xxx/CVE-2019-7881.json index a6a0b39deb8..c44eb4812ff 100644 --- a/2019/7xxx/CVE-2019-7881.json +++ b/2019/7xxx/CVE-2019-7881.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7881", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7881", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site scripting mitigation bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user to escalate privileges (admin vs. admin XSS attack)." } ] } diff --git a/2019/7xxx/CVE-2019-7882.json b/2019/7xxx/CVE-2019-7882.json index 64230b3e33c..84d14bed90a 100644 --- a/2019/7xxx/CVE-2019-7882.json +++ b/2019/7xxx/CVE-2019-7882.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7882", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7882", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the WYSIWYG editor of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the editor can inject malicious SWF files." } ] } diff --git a/2019/7xxx/CVE-2019-7885.json b/2019/7xxx/CVE-2019-7885.json index 846c233d87b..dd0543d318a 100644 --- a/2019/7xxx/CVE-2019-7885.json +++ b/2019/7xxx/CVE-2019-7885.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7885", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7885", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient input validation in the config builder of the Elastic search module could lead to remote code execution in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This vulnerability could be abused by an authenticated user with the ability to configure the catalog search." } ] } diff --git a/2019/7xxx/CVE-2019-7886.json b/2019/7xxx/CVE-2019-7886.json index 5c853611abb..bd6e007d9c4 100644 --- a/2019/7xxx/CVE-2019-7886.json +++ b/2019/7xxx/CVE-2019-7886.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7886", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7886", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cryptographic Flaw" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts." } ] } diff --git a/2019/7xxx/CVE-2019-7887.json b/2019/7xxx/CVE-2019-7887.json index 3c60fc7eb7f..8605210f5ae 100644 --- a/2019/7xxx/CVE-2019-7887.json +++ b/2019/7xxx/CVE-2019-7887.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7887", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7887", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 when the feature that adds a secret key to the Admin URL is disabled." } ] } diff --git a/2019/7xxx/CVE-2019-7888.json b/2019/7xxx/CVE-2019-7888.json index 28bfbdf1416..4d22d95881e 100644 --- a/2019/7xxx/CVE-2019-7888.json +++ b/2019/7xxx/CVE-2019-7888.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7888", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7888", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information disclosure vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to create email templates could leak sensitive data via a malicious email template." } ] } diff --git a/2019/7xxx/CVE-2019-7889.json b/2019/7xxx/CVE-2019-7889.json index 39d719f945e..db1f8cb181d 100644 --- a/2019/7xxx/CVE-2019-7889.json +++ b/2019/7xxx/CVE-2019-7889.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7889", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7889", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An injection vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with marketing manipulation privileges can invoke methods that alter data of the underlying model followed by corresponding database modifications." } ] } diff --git a/2019/7xxx/CVE-2019-7890.json b/2019/7xxx/CVE-2019-7890.json index 89c8c568522..9380cbc85a0 100644 --- a/2019/7xxx/CVE-2019-7890.json +++ b/2019/7xxx/CVE-2019-7890.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7890", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7890", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details." } ] } diff --git a/2019/7xxx/CVE-2019-7892.json b/2019/7xxx/CVE-2019-7892.json index 4e2f9b4e663..c6178991b9c 100644 --- a/2019/7xxx/CVE-2019-7892.json +++ b/2019/7xxx/CVE-2019-7892.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7892", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7892", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery." } ] } diff --git a/2019/7xxx/CVE-2019-7895.json b/2019/7xxx/CVE-2019-7895.json index 2283f09e8df..b41fc92c29e 100644 --- a/2019/7xxx/CVE-2019-7895.json +++ b/2019/7xxx/CVE-2019-7895.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7895", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7895", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to layouts can execute arbitrary code through a crafted XML layout update." } ] } diff --git a/2019/7xxx/CVE-2019-7896.json b/2019/7xxx/CVE-2019-7896.json index 20c3a79b193..ebe9d87d840 100644 --- a/2019/7xxx/CVE-2019-7896.json +++ b/2019/7xxx/CVE-2019-7896.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7896", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7896", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to layouts can execute arbitrary code through a combination of product import, crafted csv file and XML layout update." } ] } diff --git a/2019/7xxx/CVE-2019-7897.json b/2019/7xxx/CVE-2019-7897.json index 838c3127c87..5b48522a67b 100644 --- a/2019/7xxx/CVE-2019-7897.json +++ b/2019/7xxx/CVE-2019-7897.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7897", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7897", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to customer configurations to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7898.json b/2019/7xxx/CVE-2019-7898.json index b5b93d94f52..9a483664e49 100644 --- a/2019/7xxx/CVE-2019-7898.json +++ b/2019/7xxx/CVE-2019-7898.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7898", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7898", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Samples of disabled downloadable products are accessible in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 due to inadequate validation of user input." } ] } diff --git a/2019/7xxx/CVE-2019-7899.json b/2019/7xxx/CVE-2019-7899.json index d6d66f65520..c4b44ad7e1c 100644 --- a/2019/7xxx/CVE-2019-7899.json +++ b/2019/7xxx/CVE-2019-7899.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7899", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7899", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Names of disabled downloadable products could be disclosed due to inadequate validation of user input in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7903.json b/2019/7xxx/CVE-2019-7903.json index 902b991c070..c70fac8fc10 100644 --- a/2019/7xxx/CVE-2019-7903.json +++ b/2019/7xxx/CVE-2019-7903.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7903", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7903", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to email templates can execute arbitrary code by previewing a malicious template." } ] } diff --git a/2019/7xxx/CVE-2019-7904.json b/2019/7xxx/CVE-2019-7904.json index 73e9a1f9a4b..7a1f364db60 100644 --- a/2019/7xxx/CVE-2019-7904.json +++ b/2019/7xxx/CVE-2019-7904.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7904", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7904", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Control Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes." } ] } diff --git a/2019/7xxx/CVE-2019-7908.json b/2019/7xxx/CVE-2019-7908.json index 7c20d769486..0ba2926659a 100644 --- a/2019/7xxx/CVE-2019-7908.json +++ b/2019/7xxx/CVE-2019-7908.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7908", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7908", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify product information." } ] } diff --git a/2019/7xxx/CVE-2019-7909.json b/2019/7xxx/CVE-2019-7909.json index 1bdfcde5dff..852da3d98a9 100644 --- a/2019/7xxx/CVE-2019-7909.json +++ b/2019/7xxx/CVE-2019-7909.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7909", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7909", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to email templates." } ] } diff --git a/2019/7xxx/CVE-2019-7911.json b/2019/7xxx/CVE-2019-7911.json index bd8ee55352e..0c5a7611973 100644 --- a/2019/7xxx/CVE-2019-7911.json +++ b/2019/7xxx/CVE-2019-7911.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7911", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7911", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code." } ] } diff --git a/2019/7xxx/CVE-2019-7912.json b/2019/7xxx/CVE-2019-7912.json index e79383686ab..75e0944b8d7 100644 --- a/2019/7xxx/CVE-2019-7912.json +++ b/2019/7xxx/CVE-2019-7912.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7912", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7912", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Upload Restriction Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file upload filter bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to edit configuration keys to remove file extension filters, potentially resulting in the malicious upload and execution of malicious files on the server." } ] } diff --git a/2019/7xxx/CVE-2019-7913.json b/2019/7xxx/CVE-2019-7913.json index 69275274ae9..32868fc4c29 100644 --- a/2019/7xxx/CVE-2019-7913.json +++ b/2019/7xxx/CVE-2019-7913.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7913", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7913", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code." } ] } diff --git a/2019/7xxx/CVE-2019-7915.json b/2019/7xxx/CVE-2019-7915.json index 35a254f7c1a..572229e635d 100644 --- a/2019/7xxx/CVE-2019-7915.json +++ b/2019/7xxx/CVE-2019-7915.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7915", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7915", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. Under certain conditions, an unauthenticated attacker could force the Magento store's full page cache to serve a 404 page to customers." } ] } diff --git a/2019/7xxx/CVE-2019-7921.json b/2019/7xxx/CVE-2019-7921.json index 57e45079381..13cdba7bc42 100644 --- a/2019/7xxx/CVE-2019-7921.json +++ b/2019/7xxx/CVE-2019-7921.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7921", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7921", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the product catalog form of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to the product catalog to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7923.json b/2019/7xxx/CVE-2019-7923.json index 075bd037b15..cf37a92fa07 100644 --- a/2019/7xxx/CVE-2019-7923.json +++ b/2019/7xxx/CVE-2019-7923.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7923", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7923", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server-side Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by authenticated user with admin privileges to manipulate shipment settings to execute arbitrary code." } ] } diff --git a/2019/7xxx/CVE-2019-7925.json b/2019/7xxx/CVE-2019-7925.json index 53820f05ddf..9a2fe96e667 100644 --- a/2019/7xxx/CVE-2019-7925.json +++ b/2019/7xxx/CVE-2019-7925.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7925", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7925", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an administrator with limited privileges to delete the downloadable products folder." } ] } diff --git a/2019/7xxx/CVE-2019-7926.json b/2019/7xxx/CVE-2019-7926.json index 610a2f58bfc..727ce2d7757 100644 --- a/2019/7xxx/CVE-2019-7926.json +++ b/2019/7xxx/CVE-2019-7926.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7926", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7926", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify node attributes to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7927.json b/2019/7xxx/CVE-2019-7927.json index 5059388f5aa..e4076bc8692 100644 --- a/2019/7xxx/CVE-2019-7927.json +++ b/2019/7xxx/CVE-2019-7927.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7927", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7927", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit product content pages to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7928.json b/2019/7xxx/CVE-2019-7928.json index 74a3f4b6917..e543b0bb7e1 100644 --- a/2019/7xxx/CVE-2019-7928.json +++ b/2019/7xxx/CVE-2019-7928.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7928", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7928", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial-of-Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A denial-of-service (DoS) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. By abusing insufficient brute-forcing defenses in the token exchange protocol, an unauthenticated attacker could disrupt transactions between the Magento merchant and PayPal." } ] } diff --git a/2019/7xxx/CVE-2019-7929.json b/2019/7xxx/CVE-2019-7929.json index c463599d11a..ac69201a326 100644 --- a/2019/7xxx/CVE-2019-7929.json +++ b/2019/7xxx/CVE-2019-7929.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7929", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7929", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Leakage" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges may be able to view metadata of a trusted device used by another administrator via a crafted http request." } ] } diff --git a/2019/7xxx/CVE-2019-7930.json b/2019/7xxx/CVE-2019-7930.json index fc34263648c..540a2bdd271 100644 --- a/2019/7xxx/CVE-2019-7930.json +++ b/2019/7xxx/CVE-2019-7930.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7930", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7930", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "File Upload Restriction Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A file upload restriction bypass exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to the import feature can make modifications to a configuration file, resulting in potentially unauthorized removal of file upload restrictions. This can result in arbitrary code execution when a malicious file is then uploaded and executed on the system." } ] } diff --git a/2019/7xxx/CVE-2019-7932.json b/2019/7xxx/CVE-2019-7932.json index dde04e4bda4..3bfb02cf517 100644 --- a/2019/7xxx/CVE-2019-7932.json +++ b/2019/7xxx/CVE-2019-7932.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7932", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7932", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create sitemaps can execute arbitrary PHP code by creating a malicious sitemap file." } ] } diff --git a/2019/7xxx/CVE-2019-7934.json b/2019/7xxx/CVE-2019-7934.json index 1eb151f480a..6e5984ffeb6 100644 --- a/2019/7xxx/CVE-2019-7934.json +++ b/2019/7xxx/CVE-2019-7934.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7934", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7934", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to edit newsletter templates to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7935.json b/2019/7xxx/CVE-2019-7935.json index ae88f8c8634..df209037263 100644 --- a/2019/7xxx/CVE-2019-7935.json +++ b/2019/7xxx/CVE-2019-7935.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7935", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7935", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content page titles to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7936.json b/2019/7xxx/CVE-2019-7936.json index 0783b8f92fb..c3414f9ffa8 100644 --- a/2019/7xxx/CVE-2019-7936.json +++ b/2019/7xxx/CVE-2019-7936.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7936", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7936", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify content block titles to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7937.json b/2019/7xxx/CVE-2019-7937.json index b2e82fe3899..2528842bb5d 100644 --- a/2019/7xxx/CVE-2019-7937.json +++ b/2019/7xxx/CVE-2019-7937.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7937", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7937", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to store product attributes to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7938.json b/2019/7xxx/CVE-2019-7938.json index 6910a5ea8ff..d4d07e221c4 100644 --- a/2019/7xxx/CVE-2019-7938.json +++ b/2019/7xxx/CVE-2019-7938.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7938", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7938", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify catalog price rules to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7939.json b/2019/7xxx/CVE-2019-7939.json index 7f245788071..87aa3a6f070 100644 --- a/2019/7xxx/CVE-2019-7939.json +++ b/2019/7xxx/CVE-2019-7939.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7939", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7939", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A reflected cross-site scripting vulnerability exists on the customer cart checkout page of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by sending a victim a crafted URL that results in malicious javascript execution in the victim's browser." } ] } diff --git a/2019/7xxx/CVE-2019-7940.json b/2019/7xxx/CVE-2019-7940.json index a468287c8ed..3d93a2ee554 100644 --- a/2019/7xxx/CVE-2019-7940.json +++ b/2019/7xxx/CVE-2019-7940.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7940", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7940", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the admin panel of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This could be exploited by an authenticated user with privileges to modify store currency options to inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7942.json b/2019/7xxx/CVE-2019-7942.json index 3934ebd26b7..36130febc98 100644 --- a/2019/7xxx/CVE-2019-7942.json +++ b/2019/7xxx/CVE-2019-7942.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7942", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7942", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with admin privileges to create or edit a product can execute arbitrary code via malicious XML layout updates." } ] } diff --git a/2019/7xxx/CVE-2019-7944.json b/2019/7xxx/CVE-2019-7944.json index 9327b1c620d..d17afac5034 100644 --- a/2019/7xxx/CVE-2019-7944.json +++ b/2019/7xxx/CVE-2019-7944.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7944", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7944", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-24" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting vulnerability exists in the product comments field of Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to the Return Product comments field can inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7945.json b/2019/7xxx/CVE-2019-7945.json index ad4d20b0ac5..772939f33e3 100644 --- a/2019/7xxx/CVE-2019-7945.json +++ b/2019/7xxx/CVE-2019-7945.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7945", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7945", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-cite scripting vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with privileges to modify currency symbols can inject malicious javascript." } ] } diff --git a/2019/7xxx/CVE-2019-7947.json b/2019/7xxx/CVE-2019-7947.json index 54509776425..bc376b06445 100644 --- a/2019/7xxx/CVE-2019-7947.json +++ b/2019/7xxx/CVE-2019-7947.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7947", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7947", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 1 Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Request Forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-33" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A cross-site request forgery vulnerability exists in the GiftCardAccount removal feature for Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2." } ] } diff --git a/2019/7xxx/CVE-2019-7950.json b/2019/7xxx/CVE-2019-7950.json index 11ebd6e386f..2df5b44c88e 100644 --- a/2019/7xxx/CVE-2019-7950.json +++ b/2019/7xxx/CVE-2019-7950.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7950", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7950", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Access Control Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An access control bypass vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An unauthenticated user can bypass access controls via REST API calls to assign themselves to an arbitrary company, thereby gaining read access to potentially confidental information." } ] } diff --git a/2019/7xxx/CVE-2019-7951.json b/2019/7xxx/CVE-2019-7951.json index 99f3e9e56df..7d1b66093f6 100644 --- a/2019/7xxx/CVE-2019-7951.json +++ b/2019/7xxx/CVE-2019-7951.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-7951", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-7951", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Magento 2", + "version": { + "version_data": [ + { + "version_value": "Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inadequate Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13", + "url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP requests." } ] }