diff --git a/2022/41xxx/CVE-2022-41775.json b/2022/41xxx/CVE-2022-41775.json index edbebd95dc8..c7dea5f678e 100644 --- a/2022/41xxx/CVE-2022-41775.json +++ b/2022/41xxx/CVE-2022-41775.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL Injection in Handler_CFG.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network" + "value": "SQL Injection in \n\n\n\n\n\n\n\nHandler_CFG.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "All", - "version_affected": "=" + "version_affected": "=", + "version_value": "All" } ] } diff --git a/2022/43xxx/CVE-2022-43447.json b/2022/43xxx/CVE-2022-43447.json index 5bdbb440fed..17f5d288454 100644 --- a/2022/43xxx/CVE-2022-43447.json +++ b/2022/43xxx/CVE-2022-43447.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL Injection in AM_EBillAnalysis.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network" + "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\nAM_EBillAnalysis.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "All", - "version_affected": "=" + "version_affected": "=", + "version_value": "All" } ] } diff --git a/2022/43xxx/CVE-2022-43452.json b/2022/43xxx/CVE-2022-43452.json index f4d27382876..db620fec377 100644 --- a/2022/43xxx/CVE-2022-43452.json +++ b/2022/43xxx/CVE-2022-43452.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL Injection in FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network" + "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\n\n\nFtyInfoSetting.aspx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "All", - "version_affected": "=" + "version_affected": "=", + "version_value": "All" } ] } diff --git a/2022/43xxx/CVE-2022-43457.json b/2022/43xxx/CVE-2022-43457.json index b1e2192f789..75ffcc5e781 100644 --- a/2022/43xxx/CVE-2022-43457.json +++ b/2022/43xxx/CVE-2022-43457.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL Injection in HandlerPage_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network" + "value": "SQL Injection in \n\n\n\n\n\n\n\n\n\n\n\nHandlerPage_KID.ashx\u00a0in Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "All", - "version_affected": "=" + "version_affected": "=", + "version_value": "All" } ] } diff --git a/2022/43xxx/CVE-2022-43506.json b/2022/43xxx/CVE-2022-43506.json index 271afa7f9b6..2fbbe4d45b8 100644 --- a/2022/43xxx/CVE-2022-43506.json +++ b/2022/43xxx/CVE-2022-43506.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SQL Injection in HandlerTag_KID.ashx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network" + "value": "SQL Injection in \n\n\n\nHandlerTag_KID.ashx\n\n\n\nin Delta Electronics DIAEnergie versions prior to\u00a0v1.9.02.001\u00a0allows an attacker to inject SQL queries via Network" } ] }, @@ -40,8 +40,8 @@ "version": { "version_data": [ { - "version_value": "All", - "version_affected": "=" + "version_affected": "=", + "version_value": "All" } ] } diff --git a/2023/0xxx/CVE-2023-0052.json b/2023/0xxx/CVE-2023-0052.json index f0247c48d67..148c0f585d0 100644 --- a/2023/0xxx/CVE-2023-0052.json +++ b/2023/0xxx/CVE-2023-0052.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands." + "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.\n\n" } ] }, @@ -40,12 +40,14 @@ "version": { "version_data": [ { - "version_value": "Firmware all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "Firmware all versions", + "version_value": "3.3-006" }, { - "version_value": "BACnetstac all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "BACnetstac all versions", + "version_value": "4.2.1" } ] } @@ -55,12 +57,14 @@ "version": { "version_data": [ { - "version_value": "Firmware all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "Firmware all versions", + "version_value": "3.3-006" }, { - "version_value": "BACnetstac all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "BACnetstac all versions", + "version_value": "4.2.1" } ] } @@ -70,12 +74,14 @@ "version": { "version_data": [ { - "version_value": "Firmware all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "Firmware all versions", + "version_value": "3.3-006" }, { - "version_value": "BACnetstac all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "BACnetstac all versions", + "version_value": "4.2.1" } ] } @@ -85,12 +91,14 @@ "version": { "version_data": [ { - "version_value": "Firmware all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "Firmware all versions", + "version_value": "3.3-006" }, { - "version_value": "BACnetstac all versions", - "version_affected": "=" + "version_affected": "<=", + "version_name": "BACnetstac all versions", + "version_value": "4.2.1" } ] } diff --git a/2023/0xxx/CVE-2023-0053.json b/2023/0xxx/CVE-2023-0053.json index 45f0d69d060..5e1786f8337 100644 --- a/2023/0xxx/CVE-2023-0053.json +++ b/2023/0xxx/CVE-2023-0053.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Any sensitive information communicated through these protocols, such as credentials, is sent in cleartext. An attacker could obtain sensitive information such as user credentials to gain access to the system." + "value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and \nprior and BACnetstac version 4.2.1 and prior have only FTP and Telnet \navailable for device management. Any sensitive information communicated \nthrough these protocols, such as credentials, is sent in cleartext. An \nattacker could obtain sensitive information such as user credentials to \ngain access to the system. \n\n\n\n" } ] }, diff --git a/2023/42xxx/CVE-2023-42188.json b/2023/42xxx/CVE-2023-42188.json index e4f11829ff6..13dc4174403 100644 --- a/2023/42xxx/CVE-2023-42188.json +++ b/2023/42xxx/CVE-2023-42188.json @@ -1,17 +1,66 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-42188", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-42188", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Thecosy/IceCMS/issues/17", + "refsource": "MISC", + "name": "https://github.com/Thecosy/IceCMS/issues/17" + }, + { + "refsource": "MISC", + "name": "https://topdayplus.github.io/2023/10/27/CVE-deatail/", + "url": "https://topdayplus.github.io/2023/10/27/CVE-deatail/" } ] } diff --git a/2023/46xxx/CVE-2023-46374.json b/2023/46xxx/CVE-2023-46374.json index 578f5c2d548..d7e578053d7 100644 --- a/2023/46xxx/CVE-2023-46374.json +++ b/2023/46xxx/CVE-2023-46374.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46374", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46374", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee", + "url": "https://narrow-payment-2cd.notion.site/ZenTao-4-1-3-is-vulnerable-to-Cross-Site-Scripting-xss-CVE-2023-46374-ebdc61e7a88443b481b649764ba66dee" } ] } diff --git a/2023/46xxx/CVE-2023-46491.json b/2023/46xxx/CVE-2023-46491.json index b3859af759b..66b72037377 100644 --- a/2023/46xxx/CVE-2023-46491.json +++ b/2023/46xxx/CVE-2023-46491.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-46491", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-46491", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759", + "url": "https://foremost-smash-52a.notion.site/Zentao-Authorized-XSS-Vulnerability-CVE-2023-46491-eea8cbfe2fab4ea78a174e5275309759" } ] } diff --git a/2023/46xxx/CVE-2023-46747.json b/2023/46xxx/CVE-2023-46747.json index 375ae28bae7..95f5d4e3a1a 100644 --- a/2023/46xxx/CVE-2023-46747.json +++ b/2023/46xxx/CVE-2023-46747.json @@ -80,6 +80,12 @@ "versionType": "semver" }, { + "changes": [ + { + "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso", + "status": "unaffected" + } + ], "lessThan": "*", "status": "affected", "version": "14.1.0", @@ -122,7 +128,7 @@ "credits": [ { "lang": "en", - "value": "F5 acknowledges Thomas Hendrickson of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure." + "value": "F5 acknowledges Thomas Hendrickson and Michael Weber of Praetorian Security, Inc. for bringing this issue to our attention and following the highest standards of coordinated disclosure." } ], "impact": { diff --git a/2023/46xxx/CVE-2023-46748.json b/2023/46xxx/CVE-2023-46748.json index 0beef345921..1da2c5d4e51 100644 --- a/2023/46xxx/CVE-2023-46748.json +++ b/2023/46xxx/CVE-2023-46748.json @@ -80,6 +80,12 @@ "versionType": "semver" }, { + "changes": [ + { + "at": "Hotfix-BIGIP-14.1.5.6.0.10.6-ENG.iso", + "status": "unaffected" + } + ], "lessThan": "*", "status": "affected", "version": "14.1.0", diff --git a/2023/5xxx/CVE-2023-5820.json b/2023/5xxx/CVE-2023-5820.json new file mode 100644 index 00000000000..0766fd8de2f --- /dev/null +++ b/2023/5xxx/CVE-2023-5820.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5820", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5821.json b/2023/5xxx/CVE-2023-5821.json new file mode 100644 index 00000000000..0b68e6b4cce --- /dev/null +++ b/2023/5xxx/CVE-2023-5821.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5821", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/5xxx/CVE-2023-5822.json b/2023/5xxx/CVE-2023-5822.json new file mode 100644 index 00000000000..1c4aec7e46b --- /dev/null +++ b/2023/5xxx/CVE-2023-5822.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-5822", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file