From f47947a841748811cf67fc0615a850d1a195ed3d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 16 Sep 2019 18:00:57 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/10xxx/CVE-2019-10071.json | 50 ++++++++++++++++++++++-- 2019/11xxx/CVE-2019-11184.json | 5 +++ 2019/13xxx/CVE-2019-13140.json | 5 +++ 2019/15xxx/CVE-2019-15052.json | 2 +- 2019/15xxx/CVE-2019-15107.json | 5 +++ 2019/15xxx/CVE-2019-15734.json | 67 ++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15736.json | 67 ++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15737.json | 67 ++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15738.json | 70 ++++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15739.json | 67 ++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15740.json | 67 ++++++++++++++++++++++++++++++++ 2019/15xxx/CVE-2019-15741.json | 67 ++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16275.json | 5 +++ 2019/16xxx/CVE-2019-16370.json | 67 ++++++++++++++++++++++++++++++++ 2019/16xxx/CVE-2019-16371.json | 62 ++++++++++++++++++++++++++++++ 2019/1xxx/CVE-2019-1253.json | 5 +++ 2019/8xxx/CVE-2019-8368.json | 48 ++++++++++++++++++++++- 2019/9xxx/CVE-2019-9039.json | 2 +- 18 files changed, 721 insertions(+), 7 deletions(-) create mode 100644 2019/15xxx/CVE-2019-15734.json create mode 100644 2019/15xxx/CVE-2019-15736.json create mode 100644 2019/15xxx/CVE-2019-15737.json create mode 100644 2019/15xxx/CVE-2019-15738.json create mode 100644 2019/15xxx/CVE-2019-15739.json create mode 100644 2019/15xxx/CVE-2019-15740.json create mode 100644 2019/15xxx/CVE-2019-15741.json create mode 100644 2019/16xxx/CVE-2019-16370.json create mode 100644 2019/16xxx/CVE-2019-16371.json diff --git a/2019/10xxx/CVE-2019-10071.json b/2019/10xxx/CVE-2019-10071.json index dac375e154b..e15e3f0fda8 100644 --- a/2019/10xxx/CVE-2019-10071.json +++ b/2019/10xxx/CVE-2019-10071.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-10071", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Tapestry", + "version": { + "version_data": [ + { + "version_value": "Apache Tapestry 5.4.0 to 5.4.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MLIST", + "name": "[tapestry-users] 20190913 CVE-2019-10071: Apache Tapestry vulnerability disclosure", + "url": "https://lists.apache.org/thread.html/6e8f42c88da7be3c60aafe3f6a85eb00b4f8b444de26b38d36233a43@%3Cusers.tapestry.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison should be done with a constant time algorithm instead." } ] } diff --git a/2019/11xxx/CVE-2019-11184.json b/2019/11xxx/CVE-2019-11184.json index 95da3c84083..c51c76483d3 100644 --- a/2019/11xxx/CVE-2019-11184.json +++ b/2019/11xxx/CVE-2019-11184.json @@ -48,6 +48,11 @@ "refsource": "CONFIRM", "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html" + }, + { + "refsource": "MISC", + "name": "https://arxiv.org/abs/1909.04841", + "url": "https://arxiv.org/abs/1909.04841" } ] }, diff --git a/2019/13xxx/CVE-2019-13140.json b/2019/13xxx/CVE-2019-13140.json index 3acef0ebb12..1dde233aef6 100644 --- a/2019/13xxx/CVE-2019-13140.json +++ b/2019/13xxx/CVE-2019-13140.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://twitter.com/GerardFuguet/status/1169298861782896642", "url": "https://twitter.com/GerardFuguet/status/1169298861782896642" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html", + "url": "http://packetstormsecurity.com/files/154494/Inteno-IOPSYS-Gateway-3DES-Key-Extraction-Improper-Access.html" } ] } diff --git a/2019/15xxx/CVE-2019-15052.json b/2019/15xxx/CVE-2019-15052.json index ff8fcc53e19..a20c9c3ed73 100644 --- a/2019/15xxx/CVE-2019-15052.json +++ b/2019/15xxx/CVE-2019-15052.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The HTTP client in the Build tool in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007." + "value": "The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007." } ] }, diff --git a/2019/15xxx/CVE-2019-15107.json b/2019/15xxx/CVE-2019-15107.json index 2c036722f59..19be360f9fe 100644 --- a/2019/15xxx/CVE-2019-15107.json +++ b/2019/15xxx/CVE-2019-15107.json @@ -81,6 +81,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html", "url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html" } ] } diff --git a/2019/15xxx/CVE-2019-15734.json b/2019/15xxx/CVE-2019-15734.json new file mode 100644 index 00000000000..539cc42b760 --- /dev/null +++ b/2019/15xxx/CVE-2019-15734.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.6 through 12.2.1. Under very specific conditions, commit titles and team member comments could become viewable to users who did not have permission to access these." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64711", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64711" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15736.json b/2019/15xxx/CVE-2019-15736.json new file mode 100644 index 00000000000..75213d31dfa --- /dev/null +++ b/2019/15xxx/CVE-2019-15736.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Under certain circumstances, CI pipelines could potentially be used in a denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51401", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/51401" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15737.json b/2019/15xxx/CVE-2019-15737.json new file mode 100644 index 00000000000..fe38b7e5185 --- /dev/null +++ b/2019/15xxx/CVE-2019-15737.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition through 12.2.1. Certain account actions needed improved authentication and session management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42733", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/42733" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15738.json b/2019/15xxx/CVE-2019-15738.json new file mode 100644 index 00000000000..7e7d3c86292 --- /dev/null +++ b/2019/15xxx/CVE-2019-15738.json @@ -0,0 +1,70 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 12.0 through 12.2.1. Under certain conditions, merge request IDs were being disclosed via email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/63124" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + }, + "source": { + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15739.json b/2019/15xxx/CVE-2019-15739.json new file mode 100644 index 00000000000..30ca1946176 --- /dev/null +++ b/2019/15xxx/CVE-2019-15739.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64033", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/64033" + }, + { + "refsource": "CONFIRM", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15740.json b/2019/15xxx/CVE-2019-15740.json new file mode 100644 index 00000000000..1a65f4c295c --- /dev/null +++ b/2019/15xxx/CVE-2019-15740.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab-ce/issues/61390", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/gitlab-ce/issues/61390" + }, + { + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/15xxx/CVE-2019-15741.json b/2019/15xxx/CVE-2019-15741.json new file mode 100644 index 00000000000..3b11882bc78 --- /dev/null +++ b/2019/15xxx/CVE-2019-15741.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-15741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380", + "refsource": "MISC", + "name": "https://gitlab.com/gitlab-org/omnibus-gitlab/issues/4380" + }, + { + "url": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/", + "refsource": "MISC", + "name": "https://about.gitlab.com/2019/08/29/security-release-gitlab-12-dot-2-dot-3-released/" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16275.json b/2019/16xxx/CVE-2019-16275.json index 0e925dbf4f5..417a72a31f8 100644 --- a/2019/16xxx/CVE-2019-16275.json +++ b/2019/16xxx/CVE-2019-16275.json @@ -71,6 +71,11 @@ "refsource": "MLIST", "name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass", "url": "http://www.openwall.com/lists/oss-security/2019/09/12/6" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html" } ] } diff --git a/2019/16xxx/CVE-2019-16370.json b/2019/16xxx/CVE-2019-16370.json new file mode 100644 index 00000000000..4fb36848568 --- /dev/null +++ b/2019/16xxx/CVE-2019-16370.json @@ -0,0 +1,67 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/gradle/gradle/pull/10543", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/pull/10543" + }, + { + "url": "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f", + "refsource": "MISC", + "name": "https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f" + } + ] + } +} \ No newline at end of file diff --git a/2019/16xxx/CVE-2019-16371.json b/2019/16xxx/CVE-2019-16371.json new file mode 100644 index 00000000000..606fa845fd9 --- /dev/null +++ b/2019/16xxx/CVE-2019-16371.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-16371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LogMeIn LastPass before 4.33.0 allows attackers to construct a crafted web site that captures the credentials for a victim's account on a previously visited web site, because do_popupregister can be bypassed via clickjacking." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1930", + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1930" + } + ] + } +} \ No newline at end of file diff --git a/2019/1xxx/CVE-2019-1253.json b/2019/1xxx/CVE-2019-1253.json index 15994133d9b..dfb6e61911e 100644 --- a/2019/1xxx/CVE-2019-1253.json +++ b/2019/1xxx/CVE-2019-1253.json @@ -142,6 +142,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1253" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html", + "url": "http://packetstormsecurity.com/files/154488/AppXSvc-17763.1.amd64fre.rs5_release.180914-1434-Privilege-Escalation.html" } ] } diff --git a/2019/8xxx/CVE-2019-8368.json b/2019/8xxx/CVE-2019-8368.json index 8e805eb330c..a0db14b0b15 100644 --- a/2019/8xxx/CVE-2019-8368.json +++ b/2019/8xxx/CVE-2019-8368.json @@ -2,7 +2,30 @@ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-8368", - "STATE": "RESERVED" + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } }, "data_format": "MITRE", "data_type": "CVE", @@ -11,7 +34,28 @@ "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "OpenEMR v5.0.1-6 allows XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://know.bishopfox.com/advisories/openemr-5-0-16-remote-code-execution-cross-site-scripting", + "url": "https://know.bishopfox.com/advisories/openemr-5-0-16-remote-code-execution-cross-site-scripting" } ] } diff --git a/2019/9xxx/CVE-2019-9039.json b/2019/9xxx/CVE-2019-9039.json index 69283005975..e443bb0d69a 100644 --- a/2019/9xxx/CVE-2019-9039.json +++ b/2019/9xxx/CVE-2019-9039.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The Couchbase Sync Gateway 2.1.2 in combination with a Couchbase Server is affected by a previously undisclosed N1QL-injection vulnerability in the REST API. An attacker with access to the public REST API can insert additional N1QL statements through the parameters \u201cstartkey\u201d and \u201cendkey\u201d of the \u201c_all_docs\u201d endpoint." + "value": "In Couchbase Sync Gateway 2.1.2, an attacker with access to the Sync Gateway\u2019s public REST API was able to issue additional N1QL statements and extract sensitive data or call arbitrary N1QL functions through the parameters \"startkey\" and \"endkey\" on the \"_all_docs\" endpoint. By issuing nested queries with CPU-intensive operations they may have been able to cause increased resource usage and denial of service conditions. The _all_docs endpoint is not required for Couchbase Mobile replication and external access to this REST endpoint has been blocked to mitigate this issue. This issue has been fixed in versions 2.5.0 and 2.1.3." } ] },