admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-11-20 16:00:29 +00:00
parent b62fa4f0ac
commit 8edd1c6582
No known key found for this signature in database
GPG Key ID: BC5FD8F2443B23B7
9 changed files with 256 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
2023/31xxx/CVE-2023-31278.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. \n\n\n\n \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
"value": "Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
@ -86,16 +86,16 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
"value": "<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
}
],
"value": "\n\n\nHorner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/ \u00a0\n\n\n"
"value": "Horner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA. "
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {

12
2023/32xxx/CVE-2023-32203.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
"value": "Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
@ -86,16 +86,16 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
"value": "<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
}
],
"value": "\n\n\nHorner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/ \u00a0\n\n\n"
"value": "Horner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA. "
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {

12
2023/32xxx/CVE-2023-32539.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThe affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.\n\n \n\n \n\n \n\n \n\n \n\n \n\n\n\n \n\n\n\n\n\n\n\n"
"value": "Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process."
}
]
},
@ -21,8 +21,8 @@
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
@ -86,16 +86,16 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
"value": "<p>Horner Automation recommends upgrading the following software: </p><ul><li>Cscape: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP9</a>&nbsp;</li><li>Cscape Envision RV: Update to <a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/product/cscape-envision-rv/\">v4.80</a>&nbsp;</li></ul>"
}
],
"value": "\n\n\nHorner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/ \u00a0\n\n\n"
"value": "Horner Automation recommends upgrading the following software: \n\n * Cscape: Update to v9.90 SP9 https://hornerautomation.com/cscape-software/ \u00a0\n * Cscape Envision RV: Update to v4.80 https://hornerautomation.com/product/cscape-envision-rv/"
}
],
"credits": [
{
"lang": "en",
"value": "Michael Heinzl reported these vulnerabilities to CISA. "
"value": "Michael Heinzl reported these vulnerabilities to CISA."
}
],
"impact": {

104
2024/11xxx/CVE-2024-11484.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11484",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "In Code4Berry Decoration Management System 1.0 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es unbekannten Programmcode der Datei /decoration/admin/update_image.php der Komponente User Image Handler. Mittels dem Manipulieren des Arguments productimage1 mit unbekannten Daten kann eine improper access controls-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Controls",
"cweId": "CWE-284"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Code4Berry",
"product": {
"product_data": [
{
"product_name": "Decoration Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285499",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285499"
},
{
"url": "https://vuldb.com/?ctiid.285499",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285499"
},
{
"url": "https://vuldb.com/?submit.441913",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.441913"
}
]
},
"credits": [
{
"lang": "en",
"value": "scumdestroy (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

104
2024/11xxx/CVE-2024-11485.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11485",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "deu",
"value": "Eine kritische Schwachstelle wurde in Code4Berry Decoration Management System 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei /decoration/admin/userregister.php der Komponente User Handler. Mittels Manipulieren mit unbekannten Daten kann eine permission issues-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permission Issues",
"cweId": "CWE-275"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-266"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Code4Berry",
"product": {
"product_data": [
{
"product_name": "Decoration Management System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.285500",
"refsource": "MISC",
"name": "https://vuldb.com/?id.285500"
},
{
"url": "https://vuldb.com/?ctiid.285500",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.285500"
},
{
"url": "https://vuldb.com/?submit.441914",
"refsource": "MISC",
"name": "https://vuldb.com/?submit.441914"
}
]
},
"credits": [
{
"lang": "en",
"value": "scumdestroy (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"
}
]
}

18
2024/11xxx/CVE-2024-11502.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11502",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/11xxx/CVE-2024-11503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-11503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

2
2024/48xxx/CVE-2024-48069.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "A remote code execution (RCE) vulnerability in the component /inventory/doCptimpoptInventory of Weaver Ecology v9.* allows attackers to execute arbitrary code via injecting a crafted payload into the name of an uploaded file."
"value": "A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges"
}
]
},

2
2024/48xxx/CVE-2024-48071.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "An issue in the component /importmould/deletefolder of Weaver Ecology v9.* allows authenticated attackers to execute a directory traversal and arbitrarily delete files."
"value": "E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service."
}
]
},