admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-27 00:00:36 +00:00
parent 3d4b1d655b
commit 27a05ea0f5
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 263 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
2022/41xxx/CVE-2022-41775.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
"value": "SQL Injection in \n\n\n\n\n\n\n\nHandler_CFG.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All",
"version_affected": "="
"version_affected": "=",
"version_value": "All"
}
]
}

6
2022/43xxx/CVE-2022-43447.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
"value": "SQL Injection in \n\n\n\n\n\n\n\n\n\nAM_EBillAnalysis.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All",
"version_affected": "="
"version_affected": "=",
"version_value": "All"
}
]
}

6
2022/43xxx/CVE-2022-43452.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
"value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\n\n\nFtyInfoSetting.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All",
"version_affected": "="
"version_affected": "=",
"version_value": "All"
}
]
}

6
2022/43xxx/CVE-2022-43457.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
"value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\nHandlerPage_KID.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All",
"version_affected": "="
"version_affected": "=",
"version_value": "All"
}
]
}

6
2022/43xxx/CVE-2022-43506.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network"
"value": "SQL Injection in \n\n\n\nHandlerTag_KID.ashx\n\n\n\nin Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network"
}
]
},
@ -40,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "All",
"version_affected": "="
"version_affected": "=",
"version_value": "All"
}
]
}

42
2023/0xxx/CVE-2023-0052.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands."
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.\n\n"
}
]
},
@ -40,12 +40,14 @@
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "Firmware all versions",
"version_value": "3.3-006"
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "BACnetstac all versions",
"version_value": "4.2.1"
}
]
}
@ -55,12 +57,14 @@
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "Firmware all versions",
"version_value": "3.3-006"
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "BACnetstac all versions",
"version_value": "4.2.1"
}
]
}
@ -70,12 +74,14 @@
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "Firmware all versions",
"version_value": "3.3-006"
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "BACnetstac all versions",
"version_value": "4.2.1"
}
]
}
@ -85,12 +91,14 @@
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "Firmware all versions",
"version_value": "3.3-006"
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
"version_affected": "<=",
"version_name": "BACnetstac all versions",
"version_value": "4.2.1"
}
]
}

2
2023/0xxx/CVE-2023-0053.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system."
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n"
}
]
},

61
2023/42xxx/CVE-2023-42188.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-42188",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-42188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/Thecosy/IceCMS/issues/17",
"refsource": "MISC",
"name": "https://github.com/Thecosy/IceCMS/issues/17"
},
{
"refsource": "MISC",
"name": "https://topdayplus.github.io/2023/10/27/CVE-deatail/",
"url": "https://topdayplus.github.io/2023/10/27/CVE-deatail/"
}
]
}

56
2023/46xxx/CVE-2023-46374.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee",
"url": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee"
}
]
}

56
2023/46xxx/CVE-2023-46491.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46491",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759",
"url": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759"
}
]
}

8
2023/46xxx/CVE-2023-46747.json
View File

@ -80,6 +80,12 @@
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "14.1.0",
@ -122,7 +128,7 @@
"credits": [
{
"lang": "en",
"value": "F5 acknowledges Thomas Hendrickson of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
"value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure."
}
],
"impact": {

6
2023/46xxx/CVE-2023-46748.json
View File

@ -80,6 +80,12 @@
"versionType": "semver"
},
{
"changes": [
{
"at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso",
"status": "unaffected"
}
],
"lessThan": "*",
"status": "affected",
"version": "14.1.0",

18
2023/5xxx/CVE-2023-5820.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5820",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5821.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5821",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5822.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5822",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}