admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-13 21:00:41 +00:00
parent cdc78fd070
commit 020fcbffaf
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 701 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
2014/9xxx/CVE-2014-9708.json
View File

@ -97,10 +97,40 @@
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"refsource": "FULLDISC",
"name": "20150407 Re: [oss-security] Advisory: CVE-2014-9708: Appweb Web Server",
"url": "http://seclists.org/fulldisclosure/2015/Apr/19"
},
{
"refsource": "FULLDISC",
"name": "20150327 Advisory: CVE-2014-9708: Appweb Web Server",
"url": "http://seclists.org/fulldisclosure/2015/Mar/158"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"url": "http://www.openwall.com/lists/oss-security/2015/03/28/2"
},
{
"refsource": "BUGTRAQ",
"name": "20150328 Advisory: CVE-2014-9708: Appweb Web Server",
"url": "http://www.securityfocus.com/archive/1/archive/1/535028/100/1400/threaded"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20150406 Re: Advisory: CVE-2014-9708: Appweb Web Server",
"url": "http://www.openwall.com/lists/oss-security/2015/04/06/2"
},
{
"name": "https://security.paloaltonetworks.com/CVE-2014-9708",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2014-9708"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}

10
2018/15xxx/CVE-2018-15504.json
View File

@ -66,6 +66,16 @@
"name": "https://github.com/embedthis/goahead/issues/264",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/264"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server",
"url": "https://supportportal.juniper.net/s/article/2019-07-Security-Bulletin-Junos-OS-J-Web-Denial-of-Service-due-to-multiple-vulnerabilities-in-Embedthis-Appweb-Server"
}
]
}

5
2018/15xxx/CVE-2018-15505.json
View File

@ -66,6 +66,11 @@
"name": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9",
"refsource": "MISC",
"url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved?language=en_US"
}
]
}

50
2019/11xxx/CVE-2019-11358.json
View File

@ -52,6 +52,16 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
},
{
"refsource": "CONFIRM",
"name": "https://www.synology.com/security/advisory/Synology_SA_19_19",
"url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
},
{
"refsource": "DEBIAN",
"name": "DSA-4434",
@ -132,6 +142,11 @@
"name": "20190509 dotCMS v5.1.1 Vulnerabilities",
"url": "https://seclists.org/bugtraq/2019/May/18"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html",
"url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
},
{
"refsource": "FULLDISC",
"name": "20190510 dotCMS v5.1.1 HTML Injection & XSS Vulnerability",
@ -157,6 +172,11 @@
"name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
"url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:1456",
@ -197,6 +217,11 @@
"name": "RHSA-2019:2587",
"url": "https://access.redhat.com/errata/RHSA-2019:2587"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20190919-0001/",
"url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
},
{
"refsource": "REDHAT",
"name": "RHSA-2019:3023",
@ -227,6 +252,11 @@
"name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
"url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2019-08",
"url": "https://www.tenable.com/security/tns-2019-08"
},
{
"refsource": "MLIST",
"name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
@ -237,6 +267,16 @@
"name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html",
"url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
},
{
"refsource": "CONFIRM",
"name": "https://www.tenable.com/security/tns-2020-02",
"url": "https://www.tenable.com/security/tns-2020-02"
},
{
"refsource": "MLIST",
"name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
@ -377,6 +417,11 @@
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"refsource": "CONFIRM",
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
@ -406,6 +451,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
}
]
}

10
2020/7xxx/CVE-2020-7656.json
View File

@ -44,6 +44,11 @@
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
@ -58,6 +63,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"refsource": "MISC",
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
},

50
2023/24xxx/CVE-2023-24546.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@arista.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "CloudVision",
"version": {
"version_data": [
{
"version_value": "<2021.1.0, <2021.2.0, <2021.3.0,"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cwe-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083",
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17022-security-advisory-0083"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended. This advisory impacts the Arista CloudVision Portal product when run on-premise. It does not impact CloudVision as-a-Service."
}
]
}

97
2023/2xxx/CVE-2023-2637.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.\u00a0 Hard-coded cryptographic key may lead to privilege escalation.\u00a0 This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database. This may allow the threat actor to make malicious changes to the database that will be deployed when a legitimate FactoryTalk Policy Manager user deploys a security policy model. User interaction is required for this vulnerability to be successfully exploited.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321 Use of Hard-Coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk System Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 6.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers using the affected software are encouraged to apply the risk mitigations, if possible.</span><ul><li>Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&amp;versions=61050,59723\">6.30.00</a>&nbsp;or later which has been patched to mitigate these issues.</li></ul>"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. * Upgrade to 6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0or later which has been patched to mitigate these issues.\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty Research - Team82 "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
]
}

97
2023/2xxx/CVE-2023-2638.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.\n\n\u00a0\n\nImproper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.\u00a0 This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places. User interaction is required for this vulnerability to be successfully exploited.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk System Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 6.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers using the affected software are encouraged to apply the risk mitigations, if possible.</span><ul><li>Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&amp;versions=61050,59723\">6.30.00</a>&nbsp;or later which has been patched to mitigate these issues.</li></ul>\n\n<br>"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. * Upgrade to 6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0or later which has been patched to mitigate these issues.\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty Research - Team82"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
}
]
}

97
2023/2xxx/CVE-2023-2639.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The underlying feedback mechanism of \n\nRockwell Automation's\u00a0FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.\u00a0 This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device. If successfully exploited, this would allow a threat actor to receive information including whether FactoryTalk Policy Manager is installed and potentially the entire security policy.\u00a0\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-346 Origin Validation Error",
"cweId": "CWE-346"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk System Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 6.20"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139683"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers using the affected software are encouraged to apply the risk mitigations, if possible.</span><ul><li>Upgrade to <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&amp;versions=61050,59723\">6.30.00</a>&nbsp;or later which has been patched to mitigate these issues.</li></ul>\n\n<br>"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations, if possible. * Upgrade to 6.30.00 https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0or later which has been patched to mitigate these issues.\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Sharon Brizinov of Claroty Research - Team82"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

91
2023/2xxx/CVE-2023-2778.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2778",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nA denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. This vulnerability can be exploited by sending a modified packet to port 400. If exploited, the application could potentially crash or experience a high CPU or memory usage condition, causing intermittent application functionality issues. The application would need to be restarted to recover from the DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk Transaction Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<=v13.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1139744"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of the vulnerability.</span><ul><li>Customers should follow the instructions in <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138425\">BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10</a>&nbsp;to install the patch to mitigate the issue.</li></ul>\n\n<br>"
}
],
"value": "\nCustomers using the affected software are encouraged to apply the risk mitigations below, if possible. Additionally, we encourage our customers to implement our suggested security best practices to minimize the risk of the vulnerability. * Customers should follow the instructions in BF29042 - Patch: Multiple issues, FactoryTalk Transaction Manager 13.00/13.10 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138425 \u00a0to install the patch to mitigate the issue.\n\n\n\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2023/32xxx/CVE-2023-32650.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

56
2023/33xxx/CVE-2023-33817.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33817",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-33817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5",
"url": "https://github.com/leekenghwa/CVE-2023-33817---SQL-Injection-found-in-HotelDruid-3.0.5"
}
]
}

56
2023/34xxx/CVE-2023-34537.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5",
"url": "https://github.com/leekenghwa/CVE-2023-34537---XSS-reflected--found-in-HotelDruid-3.0.5"
}
]
}

71
2023/34xxx/CVE-2023-34944.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34944",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://chamilo.com",
"refsource": "MISC",
"name": "http://chamilo.com"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/0d0c88c4806280ac9b70a299d6e3099269c9bc54",
"refsource": "MISC",
"name": "https://github.com/chamilo/chamilo-lms/commit/0d0c88c4806280ac9b70a299d6e3099269c9bc54"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/f6e83550c2d17fc93a65ec4be602a78312289f37",
"refsource": "MISC",
"name": "https://github.com/chamilo/chamilo-lms/commit/f6e83550c2d17fc93a65ec4be602a78312289f37"
},
{
"url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG",
"refsource": "MISC",
"name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-113-2023-05-31-Low-impact-Low-risk-XSS-through-SVG"
}
]
}