From e0833a4f9f31b1973bfc85d0883e9b9928e8d6ff Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 30 Oct 2019 00:01:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2017/11xxx/CVE-2017-11479.json | 5 +++ 2019/11xxx/CVE-2019-11477.json | 5 +++ 2019/11xxx/CVE-2019-11478.json | 5 +++ 2019/14xxx/CVE-2019-14287.json | 5 +++ 2019/5xxx/CVE-2019-5736.json | 5 +++ 2019/8xxx/CVE-2019-8235.json | 64 ++++++++++++++++++++++++++++++---- 6 files changed, 82 insertions(+), 7 deletions(-) diff --git a/2017/11xxx/CVE-2017-11479.json b/2017/11xxx/CVE-2017-11479.json index c6000dc48ed..9588ab861d2 100644 --- a/2017/11xxx/CVE-2017-11479.json +++ b/2017/11xxx/CVE-2017-11479.json @@ -61,6 +61,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" } ] } diff --git a/2019/11xxx/CVE-2019-11477.json b/2019/11xxx/CVE-2019-11477.json index e213cd9125f..89fd5b1eec9 100644 --- a/2019/11xxx/CVE-2019-11477.json +++ b/2019/11xxx/CVE-2019-11477.json @@ -221,6 +221,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" } ] }, diff --git a/2019/11xxx/CVE-2019-11478.json b/2019/11xxx/CVE-2019-11478.json index 57043181d9f..1edf4ccc9ce 100644 --- a/2019/11xxx/CVE-2019-11478.json +++ b/2019/11xxx/CVE-2019-11478.json @@ -225,6 +225,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" } ] }, diff --git a/2019/14xxx/CVE-2019-14287.json b/2019/14xxx/CVE-2019-14287.json index fe3535c6695..b1249518b3f 100644 --- a/2019/14xxx/CVE-2019-14287.json +++ b/2019/14xxx/CVE-2019-14287.json @@ -156,6 +156,11 @@ "refsource": "REDHAT", "name": "RHSA-2019:3219", "url": "https://access.redhat.com/errata/RHSA-2019:3219" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" } ] } diff --git a/2019/5xxx/CVE-2019-5736.json b/2019/5xxx/CVE-2019-5736.json index dd743a2e545..a47fbc94704 100644 --- a/2019/5xxx/CVE-2019-5736.json +++ b/2019/5xxx/CVE-2019-5736.json @@ -341,6 +341,11 @@ "refsource": "MLIST", "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" + }, + { + "refsource": "MLIST", + "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", + "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" } ] } diff --git a/2019/8xxx/CVE-2019-8235.json b/2019/8xxx/CVE-2019-8235.json index dcdc399aef5..9d105efd435 100644 --- a/2019/8xxx/CVE-2019-8235.json +++ b/2019/8xxx/CVE-2019-8235.json @@ -1,17 +1,67 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2019-8235", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-8235", + "ASSIGNER": "psirt@adobe.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Adobe", + "product": { + "product_data": [ + { + "product_name": "Magento", + "version": { + "version_data": [ + { + "version_value": "2.3 prior to 2.3.1" + }, + { + "version_value": "2.2 prior to 2.2.8" + }, + { + "version_value": "2.1 prior to 2.1.17" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Direct Object Reference (IDOR)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update", + "url": "https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An insecure direct object reference (IDOR) vulnerability exists in Magento 2.3 prior to 2.3.1, 2.2 prior to 2.2.8, and 2.1 prior to 2.1.17 versions. An authenticated user may be able to view personally identifiable shipping details of another user due to insufficient validation of user controlled input." } ] }