From 155f86bedaab66c3591c0d2b9d06ab0a201efce6 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 3 Apr 2020 15:01:29 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2019/17xxx/CVE-2019-17230.json | 62 ++++++++++++++++++++++++++++++++++ 2019/17xxx/CVE-2019-17231.json | 62 ++++++++++++++++++++++++++++++++++ 2019/19xxx/CVE-2019-19770.json | 7 +++- 2020/10xxx/CVE-2020-10689.json | 3 +- 2020/10xxx/CVE-2020-10960.json | 61 +++++++++++++++++++++++++++++---- 2020/11xxx/CVE-2020-11502.json | 18 ++++++++++ 6 files changed, 205 insertions(+), 8 deletions(-) create mode 100644 2019/17xxx/CVE-2019-17230.json create mode 100644 2019/17xxx/CVE-2019-17231.json create mode 100644 2020/11xxx/CVE-2020-11502.json diff --git a/2019/17xxx/CVE-2019-17230.json b/2019/17xxx/CVE-2019-17230.json new file mode 100644 index 00000000000..7b34235d25d --- /dev/null +++ b/2019/17xxx/CVE-2019-17230.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/", + "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/" + } + ] + } +} \ No newline at end of file diff --git a/2019/17xxx/CVE-2019-17231.json b/2019/17xxx/CVE-2019-17231.json new file mode 100644 index 00000000000..76c9930c4b8 --- /dev/null +++ b/2019/17xxx/CVE-2019-17231.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2019-17231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/", + "url": "https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/" + } + ] + } +} \ No newline at end of file diff --git a/2019/19xxx/CVE-2019-19770.json b/2019/19xxx/CVE-2019-19770.json index 47f51b8c240..e1179cc5563 100644 --- a/2019/19xxx/CVE-2019-19770.json +++ b/2019/19xxx/CVE-2019-19770.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file)." + "value": "** DISPUTED ** In the Linux kernel 4.19.83, there is a use-after-free (read) in the debugfs_remove function in fs/debugfs/inode.c (which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfs_create_file). NOTE: Linux kernel developers dispute this issue as not being an issue with debugfs, instead this is an issue with misuse of debugfs within blktrace." } ] }, @@ -61,6 +61,11 @@ "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200103-0001/", "url": "https://security.netapp.com/advisory/ntap-20200103-0001/" + }, + { + "refsource": "MISC", + "name": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/", + "url": "https://lore.kernel.org/linux-block/20200402000002.7442-1-mcgrof@kernel.org/" } ] } diff --git a/2020/10xxx/CVE-2020-10689.json b/2020/10xxx/CVE-2020-10689.json index 5d759ed32ff..ec51c81bd40 100644 --- a/2020/10xxx/CVE-2020-10689.json +++ b/2020/10xxx/CVE-2020-10689.json @@ -4,7 +4,8 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-10689", - "ASSIGNER": "gsuckevi@redhat.com" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" }, "affects": { "vendor": { diff --git a/2020/10xxx/CVE-2020-10960.json b/2020/10xxx/CVE-2020-10960.json index cd196055cd4..e73a57c38af 100644 --- a/2020/10xxx/CVE-2020-10960.json +++ b/2020/10xxx/CVE-2020-10960.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2020-10960", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2020-10960", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://phabricator.wikimedia.org/T246602", + "url": "https://phabricator.wikimedia.org/T246602" + }, + { + "refsource": "CONFIRM", + "name": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html", + "url": "https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html" } ] } diff --git a/2020/11xxx/CVE-2020-11502.json b/2020/11xxx/CVE-2020-11502.json new file mode 100644 index 00000000000..6c2aeeb4b35 --- /dev/null +++ b/2020/11xxx/CVE-2020-11502.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-11502", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file