admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 19:17:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-07-13 11:00:39 +00:00
parent 1aa0111435
commit fd602960e6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 1148 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

175
2023/22xxx/CVE-2023-22435.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22435",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Experion server may experience a DoS due to a stack overflow when handling a specially crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697: Incorrect Comparison",
"cweId": "CWE-697"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Experion Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Engineering Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Direct Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.5",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

4
2023/22xxx/CVE-2023-22887.json
View File

@ -77,6 +77,10 @@
{
"lang": "en",
"value": "Zhipeng Zhang (@Timon8)"
},
{
"lang": "en",
"value": "KietNA from National Cyber Security (NCS)"
}
]
}

175
2023/23xxx/CVE-2023-23585.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23585",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Experion Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Engineering Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Direct Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.5",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2023/24xxx/CVE-2023-24474.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24474",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted message"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Experion Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Engineering Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Direct Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.5",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/24xxx/CVE-2023-24480.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24480",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Controller DoS due to stack overflow when decoding a message from the server"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-116 Improper Encoding or Escaping of Output",
"cweId": "CWE-116"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "C300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

175
2023/25xxx/CVE-2023-25078.json
View File

@ -1,17 +1,184 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25078",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "Experion Server",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Experion Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Engineering Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
},
{
"product_name": "Direct Station",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "510.5",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2023/25xxx/CVE-2023-25178.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25178",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Controller may be loaded with malicious firmware which could enable remote code execution\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-345 Insufficient Verification of Data Authenticity",
"cweId": "CWE-345"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "C300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2023/25xxx/CVE-2023-25770.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@honeywell.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data",
"cweId": "CWE-502"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Honeywell",
"product": {
"product_data": [
{
"product_name": "C300",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "501.1",
"version_value": "501.6HF8"
},
{
"version_affected": "<=",
"version_name": "510.1",
"version_value": "510.2HF12"
},
{
"version_affected": "<=",
"version_name": "511.1",
"version_value": "511.5TCU3"
},
{
"version_affected": "<=",
"version_name": "520.1",
"version_value": "520.1TCU4"
},
{
"version_affected": "<=",
"version_name": "520.2",
"version_value": "520.2TCU2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://process.honeywell.com",
"refsource": "MISC",
"name": "https://process.honeywell.com"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

2
2023/29xxx/CVE-2023-29452.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Currently, Geomap configuration (Administration) allows using HTML in the attribution field."
"value": "\nCurrently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field \u201cAttribution text\u201d when selected \u201cOther\u201d Tile provider.\n\n"
}
]
},

91
2023/3xxx/CVE-2023-3658.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012."
},
{
"lang": "deu",
"value": "Es wurde eine Schwachstelle in SourceCodester AC Repair and Services System 1.0 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei Master.php?f=delete_book der Komponente HTTP POST Request Handler. Durch das Beeinflussen des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "AC Repair and Services System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.234012",
"refsource": "MISC",
"name": "https://vuldb.com/?id.234012"
},
{
"url": "https://vuldb.com/?ctiid.234012",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.234012"
}
]
},
"credits": [
{
"lang": "en",
"value": "fushuling (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 6.3,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "3.0",
"baseScore": 6.3,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseSeverity": "MEDIUM"
},
{
"version": "2.0",
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"baseSeverity": "MEDIUM"
}
]
}

91
2023/3xxx/CVE-2023-3659.json
View File

@ -1,17 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-3659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In SourceCodester AC Repair and Services System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei admin/?page=user/manage_user. Durch Beeinflussen des Arguments firstname/middlename mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SourceCodester",
"product": {
"product_data": [
{
"product_name": "AC Repair and Services System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.234013",
"refsource": "MISC",
"name": "https://vuldb.com/?id.234013"
},
{
"url": "https://vuldb.com/?ctiid.234013",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.234013"
}
]
},
"credits": [
{
"lang": "en",
"value": "fushuling (VulDB User)"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}