From 3eda80abf06cfe62db42aa855ac1d28bffc34051 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 13 Mar 2020 15:01:15 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2009/5xxx/CVE-2009-5159.json | 77 ++++++++++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10544.json | 62 +++++++++++++++++++++++++++ 2020/10xxx/CVE-2020-10545.json | 18 ++++++++ 2020/1xxx/CVE-2020-1953.json | 62 +++++++++++++++++++++++++-- 4 files changed, 216 insertions(+), 3 deletions(-) create mode 100644 2009/5xxx/CVE-2009-5159.json create mode 100644 2020/10xxx/CVE-2020-10544.json create mode 100644 2020/10xxx/CVE-2020-10545.json diff --git a/2009/5xxx/CVE-2009-5159.json b/2009/5xxx/CVE-2009-5159.json new file mode 100644 index 00000000000..cd49e410d43 --- /dev/null +++ b/2009/5xxx/CVE-2009-5159.json @@ -0,0 +1,77 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://www.securityfocus.com/bid/37263/info", + "refsource": "MISC", + "name": "https://www.securityfocus.com/bid/37263/info" + }, + { + "url": "https://www.exploit-db.com/exploits/33394", + "refsource": "MISC", + "name": "https://www.exploit-db.com/exploits/33394" + }, + { + "url": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html", + "refsource": "MISC", + "name": "https://packetstormsecurity.com/files/83624/Invision-Power-Board-3.0.4-Cross-Site-Scripting.html" + }, + { + "url": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/", + "refsource": "MISC", + "name": "http://community.invisionpower.com/topic/300051-invision-power-board-305-released/" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10544.json b/2020/10xxx/CVE-2020-10544.json new file mode 100644 index 00000000000..37b5fd41e5b --- /dev/null +++ b/2020/10xxx/CVE-2020-10544.json @@ -0,0 +1,62 @@ +{ + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2020-10544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/primefaces/primefaces/issues/5642", + "refsource": "MISC", + "name": "https://github.com/primefaces/primefaces/issues/5642" + } + ] + } +} \ No newline at end of file diff --git a/2020/10xxx/CVE-2020-10545.json b/2020/10xxx/CVE-2020-10545.json new file mode 100644 index 00000000000..c46dd942021 --- /dev/null +++ b/2020/10xxx/CVE-2020-10545.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-10545", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2020/1xxx/CVE-2020-1953.json b/2020/1xxx/CVE-2020-1953.json index 0c2168ddb07..076a4570176 100644 --- a/2020/1xxx/CVE-2020-1953.json +++ b/2020/1xxx/CVE-2020-1953.json @@ -4,14 +4,70 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1953", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache Commons Configuration", + "version": { + "version_data": [ + { + "version_value": "2.2" + }, + { + "version_value": "2.3" + }, + { + "version_value": "2.4" + }, + { + "version_value": "2.5" + }, + { + "version_value": "2.6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E", + "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML file was loaded from an untrusted source, it could therefore load and execute code out of the control of the host application." } ] }