admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-30 18:04:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-05 04:00:44 +00:00
parent 85f462b025
commit f56099723a
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 373 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
2023/0xxx/CVE-2023-0635.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Privilege Management vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Privilege Escalation.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.01; NEXUS Series: from 3.0;0 before 3.07.01; MATRIX Series: from 3.0;0 before 3.07.01.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABB Ltd.",
"product": {
"product_data": [
{
"product_name": "ASPECT\u00ae-Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.01"
}
]
}
},
{
"product_name": "NEXUS Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.01"
}
]
}
},
{
"product_name": "MATRIX Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ABBVREP0088",
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "ABB would like to thank Prism Infosec for identifying this vulnerability in its products and for dealing with it in a professional manner."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

110
2023/0xxx/CVE-2023-0636.json
View File

@ -1,17 +1,119 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cybersecurity@ch.abb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Input Validation vulnerability in ABB Ltd. ASPECT\u00ae-Enterprise on ASPECT\u00ae-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Series on NEXUS Series, Linux (2CQG100102R2021, 2CQG100104R2021, 2CQG100105R2021, 2CQG100106R2021, 2CQG100110R2021, 2CQG100112R2021, 2CQG100103R2021, 2CQG100107R2021, 2CQG100108R2021, 2CQG100109R2021, 2CQG100111R2021, 2CQG100113R2021 modules), ABB Ltd. MATRIX Series on MATRIX Series, Linux (2CQG100102R1021, 2CQG100103R1021, 2CQG100104R1021, 2CQG100105R1021, 2CQG100106R1021 modules) allows Command Injection.This issue affects ASPECT\u00ae-Enterprise: from 3.0;0 before 3.07.0; NEXUS Series: from 3.0;0 before 3.07.0; MATRIX Series: from 3.0;0 before 3.07.1.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ABB Ltd.",
"product": {
"product_data": [
{
"product_name": "ASPECT\u00ae-Enterprise",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.0"
}
]
}
},
{
"product_name": "NEXUS Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.0"
}
]
}
},
{
"product_name": "MATRIX Series",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "3.0;0",
"version_value": "3.07.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch",
"refsource": "MISC",
"name": "https://search.abb.com/library/Download.aspx?DocumentID=2CKA000073B5403&LanguageCode=en&DocumentPartId=&Action=Launch"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "ABBVREP0088",
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "ABB would like to thank Prism Infosec for identifying this vulnerability in its products and for dealing with it in a professional manner."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

100
2023/32xxx/CVE-2023-32217.json
View File

@ -1,17 +1,109 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32217",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@sailpoint.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6\u00a0allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
"cweId": "CWE-470"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SailPoint",
"product": {
"product_data": [
{
"product_name": "IdentityIQ",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "8.3",
"version_value": "8.3p2"
},
{
"version_affected": "<=",
"version_name": "8.2",
"version_value": "8.2p5"
},
{
"version_affected": "<=",
"version_name": "8.1",
"version_value": "8.1p6"
},
{
"version_affected": "<=",
"version_name": "8.0",
"version_value": "8.0p5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/",
"refsource": "MISC",
"name": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-unsafe-use-of-reflection-vulnerability-cve-2023-32217/"
}
]
},
"generator": {
"engine": "SecretariatVulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Recurity Labs GmbH"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

71
2023/34xxx/CVE-2023-34411.json
View File

@ -1,17 +1,76 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34411",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-34411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/netvl/xml-rs/pull/226",
"refsource": "MISC",
"name": "https://github.com/netvl/xml-rs/pull/226"
},
{
"url": "https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f",
"refsource": "MISC",
"name": "https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f"
},
{
"url": "https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14",
"refsource": "MISC",
"name": "https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14"
},
{
"url": "https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c",
"refsource": "MISC",
"name": "https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c"
}
]
}