admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 03:02:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-08 18:00:42 +00:00
parent 093b7ff5dc
commit 0af761c4df
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 406 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2021/25xxx/CVE-2021-25296.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html"
}
]
}

5
2021/25xxx/CVE-2021-25297.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html"
}
]
}

5
2021/25xxx/CVE-2021-25298.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/161561/Nagios-XI-5.7.5-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/170924/Nagios-XI-5.7.5-Remote-Code-Execution.html"
}
]
}

5
2022/47xxx/CVE-2022-47966.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/170882/Zoho-ManageEngine-ServiceDesk-Plus-14003-Remote-Code-Execution.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html"
}
]
}

125
2023/0xxx/CVE-2023-0001.json
View File

@ -1,17 +1,134 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0001",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR agent",
"version": {
"version_data": [
{
"version_value": "7.9 All",
"version_affected": "!"
},
{
"version_value": "7.8 All",
"version_affected": "!"
},
{
"version_value": "7.5",
"version_affected": "="
},
{
"version_value": "5.0 All",
"version_affected": "!"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0001",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2023-0001"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CPATR-13152"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)<br><br>After you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"value": "This issue is fixed in Cortex XDR agent 7.5.101-CE and all later supported Cortex XDR agent versions. (Cortex XDR agent 5.0 is not impacted.)\n\nAfter you upgrade to a fixed version of the Cortex XDR agent, you must change the agent admin password in case it was already disclosed to users."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
]
}

126
2023/0xxx/CVE-2023-0002.json
View File

@ -1,17 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0002",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693 Protection Mechanism Failure",
"cweId": "CWE-693"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XDR agent",
"version": {
"version_data": [
{
"version_value": "7.9 All",
"version_affected": "!"
},
{
"version_value": "7.8 All",
"version_affected": "!"
},
{
"version_value": "7.5",
"version_affected": "="
},
{
"version_value": "5.0",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0002",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2023-0002"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CPATR-13215",
"CPATR-13184"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"value": "This issue is fixed in Cortex XDR agent 5.0.12.22203, Cortex XDR agent 7.5.101-CE, and all later supported Cortex XDR agent versions."
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Fernando Romero de la Morena and Robert McCallum (M42D) for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

129
2023/0xxx/CVE-2023-0003.json
View File

@ -1,17 +1,138 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0003",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@paloaltonetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path",
"cweId": "CWE-73"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Palo Alto Networks",
"product": {
"product_data": [
{
"product_name": "Cortex XSOAR",
"version": {
"version_data": [
{
"version_value": "8.1 All",
"version_affected": "!"
},
{
"version_value": "6.10.0.0",
"version_affected": "="
},
{
"version_value": "6.9",
"version_affected": "="
},
{
"version_value": "6.8",
"version_affected": "="
},
{
"version_value": "6.6",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0003",
"refsource": "MISC",
"name": "https://security.paloaltonetworks.com/CVE-2023-0003"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"defect": [
"CRTX-65775"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.<br>"
}
],
"value": "There are no known workarounds for this issue.\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 185964, and all later builds of Cortex XSOAR.<br><br>NOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for customers to download. Customers using Cortex XSOAR hosted services, and those wanting to upgrade to a non-generally available build, will need to make a Customer Support request at <a target=\"_blank\" rel=\"nofollow\" href=\"https://support.paloaltonetworks.com/\">https://support.paloaltonetworks.com/</a> to upgrade.<br>"
}
],
"value": "This issue is fixed in Cortex XSOAR 6.6 build B186115, Cortex XSOAR 6.8 build B185719, Cortex XSOAR 6.9 build B185415, Cortex XSOAR 6.10 build 185964, and all later builds of Cortex XSOAR.\n\nNOTE: Cortex XSOAR 6.10.0 build 185964 is generally available for customers to download. Customers using Cortex XSOAR hosted services, and those wanting to upgrade to a non-generally available build, will need to make a Customer Support request at https://support.paloaltonetworks.com/ https://support.paloaltonetworks.com/ to upgrade.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Palo Alto Networks thanks Eric Turpin for discovering and reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

18
2023/0xxx/CVE-2023-0753.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0753",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}