admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-25 09:00:30 +00:00
parent f534d33386
commit 480b35b7e5
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
6 changed files with 497 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
2021/23xxx/CVE-2021-23282.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-23282",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "CybersecurityCOE@eaton.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The\nvulnerability exists due to insufficient validation of input from certain resources by the IPM software.\nThe attacker would need access to the local Subnet and an administrator interaction to compromise\nthe system"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eaton",
"product": {
"product_data": [
{
"product_name": "Intelligent Power Manager (IPM)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.70"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf",
"refsource": "MISC",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Intelligent-Power-Manager-Vulnerability-Advisory_1001a_V1.0.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased.<br>"
}
],
"value": "Eaton has patched these security issues and an updated version (v1.70) of the IPM v1 software has been\nreleased."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

92
2022/33xxx/CVE-2022-33861.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33861",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "CybersecurityCOE@eaton.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a\nway that causes it to accept invalid data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eaton",
"product": {
"product_data": [
{
"product_name": "Intelligent Power Protector",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.71"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf",
"refsource": "MISC",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71.<br>"
}
],
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

92
2022/33xxx/CVE-2022-33862.json
View File

@ -1,17 +1,101 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-33862",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "CybersecurityCOE@eaton.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could\nlead attackers to identify and access vulnerable systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Eaton",
"product": {
"product_data": [
{
"product_name": "Intelligent Power Protector (IPP)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "1.71"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf",
"refsource": "MISC",
"name": "https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/ETN-VA-2022-1011.pdf"
}
]
},
"generator": {
"engine": "Vulnogram 0.2.0"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71.\n\n<br>"
}
],
"value": "Eaton has remediated the vulnerabilities in IPP software version 1.71."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

4
2024/0xxx/CVE-2024-0564.json
View File

@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "Improper Control of Resource Identifiers ('Resource Injection')",
"cweId": "CWE-99"
"value": "Observable Discrepancy",
"cweId": "CWE-203"
}
]
}

130
2024/11xxx/CVE-2024-11662.json
View File

@ -1,17 +1,139 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11662",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine Schwachstelle wurde in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion deploy_host_vars der Datei /apps/api/views/deploy_api.py der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization",
"cweId": "CWE-502"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "welliamcao",
"product": {
"product_data": [
{
"product_name": "OpsManage",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0.1"
},
{
"version_affected": "=",
"version_value": "3.0.2"
},
{
"version_affected": "=",
"version_value": "3.0.3"
},
{
"version_affected": "=",
"version_value": "3.0.4"
},
{
"version_affected": "=",
"version_value": "3.0.5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285983",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285983"
},
{
"url": "https://vuldb.com/?ctiid.285983",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285983"
},
{
"url": "https://vuldb.com/?submit.447290",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.447290"
},
{
"url": "https://github.com/Sp1d3rL1/OpsManage_RCE",
"refsource": "MISC",
"name": "https://github.com/Sp1d3rL1/OpsManage_RCE"
},
{
"url": "https://github.com/Sp1d3rL1/OpsManage_RCE/blob/main/OpsManage%20RCE.md",
"refsource": "MISC",
"name": "https://github.com/Sp1d3rL1/OpsManage_RCE/blob/main/OpsManage%20RCE.md"
}
]
},
"credits": [
{
"lang": "en",
"value": "sp1d3r (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

109
2024/11xxx/CVE-2024-11663.json
View File

@ -1,17 +1,118 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11663",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "deu",
"value": "In Codezips E-Commerce Site 1.0 wurde eine kritische Schwachstelle entdeckt. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei search.php. Durch das Manipulieren des Arguments keywords mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection",
"cweId": "CWE-89"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Injection",
"cweId": "CWE-74"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Codezips",
"product": {
"product_data": [
{
"product_name": "E-Commerce Site",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285985",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285985"
},
{
"url": "https://vuldb.com/?ctiid.285985",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285985"
},
{
"url": "https://vuldb.com/?submit.447297",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.447297"
},
{
"url": "https://github.com/disinroot/CVE/issues/1",
"refsource": "MISC",
"name": "https://github.com/disinroot/CVE/issues/1"
}
]
},
"credits": [
{
"lang": "en",
"value": "xiongdaicheng (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 7.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "3.0",
"baseScore": 7.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "HIGH"
},
{
"version": "2.0",
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
}
]
}