admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-09 16:00:35 +00:00
parent 5d9efa3bbb
commit 427716d820
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
14 changed files with 1312 additions and 383 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
2020/8xxx/CVE-2020-8974.json
View File

@ -1,50 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2022-09-30T11:00:00.000Z",
"ID": "CVE-2020-8974",
"STATE": "PUBLIC",
"TITLE": "ZGR TPS200 NG Missing Reference to Active Allocated Resource"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "2.00",
"version_value": "firmware version 2.00"
},
{
"version_affected": "=",
"version_name": "1.01",
"version_value": "hardware version 1.01"
}
]
}
}
]
},
"vendor_name": "ZGR"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar\ufffdn Flecha Men\ufffdndez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2020-8974",
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -53,57 +15,101 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-771: Missing Reference to Active Allocated Resource"
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZGR",
"product": {
"product_data": [
{
"product_name": "ZGR TPS200 NG",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.00 firmware version 2.00"
},
{
"version_affected": "=",
"version_value": "1.01 hardware version 1.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/multiple-vulnerabilities-zgr-tps200-ng"
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-zgr-tps200-ng"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "INCIBE-2022-0936",
"defect": [
"INCIBE-2020-0029"
],
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"value": "The ZGR team is working on a new design of the TPS, which will include the necessary cybersecurity measures to address the identified vulnerabilities. Affected equipment must be connected to properly isolated and secured networks to avoid potential risks."
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by the Industrial Cybersecurity team of S21sec, special mention to Aar\ufffdn Flecha Men\ufffdndez."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
}
]
}
}

145
2021/32xxx/CVE-2021-32453.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-05-13T10:00:00.000Z",
"ID": "CVE-2021-32453",
"STATE": "PUBLIC",
"TITLE": "SITEL CAP/PRX information exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "5.2.01",
"version_value": "5.2.01"
}
]
}
}
]
},
"vendor_name": "SITEL"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-32453",
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,54 +15,94 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SITEL",
"product": {
"product_data": [
{
"product_name": "CAP/PRX",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.2.01"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/sitel-capprx-information-exposure"
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/sitel-capprx-information-exposure"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "INCIBE-2021-0178",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"value": "The fix for this vulnerability is available as of version 1.2 of the CAP-PRX-NG platform."
}
],
"credits": [
{
"lang": "en",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez and Luis Mart\u00edn Liras, as an independent researcher."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}
}

145
2021/33xxx/CVE-2021-33842.json
View File

@ -1,45 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-06-08T08:00:00.000Z",
"ID": "CVE-2021-33842",
"STATE": "PUBLIC",
"TITLE": "Circutor SGE-PLC1000 improper authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SGE-PLC1000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "0.9.2b",
"version_value": "0.9.2b"
}
]
}
}
]
},
"vendor_name": "Circutor"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-33842",
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -48,54 +15,94 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
"value": "CWE-565 Reliance on Cookies without Validation and Integrity Checking",
"cweId": "CWE-565"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Circutor",
"product": {
"product_data": [
{
"product_name": "SGE-PLC1000",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "0.9.2b"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/circutor-sge-plc1000-improper-authentication"
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/circutor-sge-plc1000-improper-authentication"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This issue can be solved through a firmware upgrade that has already been released by the vendor."
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "INCIBE-2021-0228",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">This issue can be solved through a firmware upgrade that has already been released by the vendor.</span>\n\n"
}
],
"value": "\nThis issue can be solved through a firmware upgrade that has already been released by the vendor.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Industrial Cybersecurity team of S21sec, special mention to Aar\u00f3n Flecha Men\u00e9ndez."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}

145
2021/3xxx/CVE-2021-3774.json
View File

@ -1,44 +1,12 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"ID": "CVE-2021-3774",
"STATE": "PUBLIC",
"TITLE": "Meross MSS550X Missing Encryption of Sensitive Data"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Meross Smart Wi-Fi 2 Way Wall Switch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "3.1.3",
"version_value": "3.1.3"
}
]
}
}
]
},
"vendor_name": "Meross"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gerard Fuguet Morales"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-3774",
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
@ -47,54 +15,95 @@
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-311: Missing Encryption of Sensitive Data"
"value": "CWE-319 Cleartext Transmission of Sensitive Information",
"cweId": "CWE-319"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Meross",
"product": {
"product_data": [
{
"product_name": "Meross Smart Wi-Fi 2 Way Wall Switch",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "3.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/meross-mss550x-missing-encryption-sensitive-data",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/meross-mss550x-missing-encryption-sensitive-data"
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/meross-mss550x-missing-encryption-sensitive-data",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/meross-mss550x-missing-encryption-sensitive-data"
}
]
},
"solution": [
{
"lang": "eng",
"value": "This vulnerability has been solved by Meross in MSS550X version 3.2.3"
}
],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"source": {
"advisory": "INCIBE-2021-0451",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This vulnerability has been solved by Meross in MSS550X version 3.2.3."
}
],
"value": "This vulnerability has been solved by Meross in MSS550X version 3.2.3."
}
],
"credits": [
{
"lang": "en",
"value": "Gerard Fuguet Morales"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
]
}
}

137
2021/3xxx/CVE-2021-3833.json
View File

@ -1,15 +1,38 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve-coordination@incibe.es",
"DATE_PUBLIC": "2021-10-06T07:00:00.000Z",
"ID": "CVE-2021-3833",
"STATE": "PUBLIC",
"TITLE": "Integria IMS incorrect authorization"
"ASSIGNER": "cve-coordination@incibe.es",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-697 Incorrect Comparison",
"cweId": "CWE-697"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "\u00c1rtica",
"product": {
"product_data": [
{
@ -18,88 +41,72 @@
"version_data": [
{
"version_affected": "=",
"version_name": "5.0.92",
"version_value": "5.0.92"
}
]
}
}
]
},
"vendor_name": "\u00c1rtica"
}
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
"references": {
"reference_data": [
{
"lang": "eng",
"value": "Integria IMS login check uses a loose comparator (\"==\") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords."
"url": "https://integriaims.com/en/services/updates/",
"refsource": "MISC",
"name": "https://integriaims.com/en/services/updates/"
},
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization",
"refsource": "MISC",
"name": "https://www.incibe.es/en/incibe-cert/notices/aviso/integria-ims-incorrect-authorization"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863 Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://integriaims.com/en/services/updates/",
"refsource": "CONFIRM",
"url": "https://integriaims.com/en/services/updates/"
},
{
"name": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization",
"refsource": "CONFIRM",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/integria-ims-incorrect-authorization"
}
]
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "eng",
"value": "This vulnerability has been solved in Integria IMS 5.0 93"
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<p>This vulnerability has been solved in Integria IMS 5.0 93</p>"
}
],
"value": "This vulnerability has been solved in Integria IMS 5.0 93\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
"credits": [
{
"lang": "en",
"value": "Discovered by @nag0mez (special mention to @_Barriuso)."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}
}

97
2023/25xxx/CVE-2023-25994.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25994",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Alex Benfica Publish to Schedule plugin <=\u00a04.4.2 versions."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)",
"cweId": "CWE-352"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Alex Benfica",
"product": {
"product_data": [
{
"product_name": "Publish to Schedule",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "4.5.4",
"status": "unaffected"
}
],
"lessThanOrEqual": "4.4.2",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/publish-to-schedule/wordpress-publish-to-schedule-plugin-4-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/publish-to-schedule/wordpress-publish-to-schedule-plugin-4-4-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;4.5.4 or a higher version."
}
],
"value": "Update to\u00a04.5.4 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "Rio Darmawan (Patchstack Alliance)"
}
]
}

97
2023/36xxx/CVE-2023-36688.json
View File

@ -1,18 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-36688",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "audit@patchstack.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Mann Simple Site Verify plugin <=\u00a01.0.7 versions."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Michael Mann",
"product": {
"product_data": [
{
"product_name": "Simple Site Verify",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"changes": [
{
"at": "1.0.8",
"status": "unaffected"
}
],
"lessThanOrEqual": "1.0.7",
"status": "affected",
"version": "n/a",
"versionType": "custom"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://patchstack.com/database/vulnerability/simple-site-verify/wordpress-simple-site-verify-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"refsource": "MISC",
"name": "https://patchstack.com/database/vulnerability/simple-site-verify/wordpress-simple-site-verify-plugin-1-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to&nbsp;1.0.8 or a higher version."
}
],
"value": "Update to\u00a01.0.8 or a higher version."
}
],
"credits": [
{
"lang": "en",
"value": "yuyudhn (Patchstack Alliance)"
}
]
}

102
2023/40xxx/CVE-2023-40054.json
View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40054",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@solarwinds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.\u00a0We found this issue was not resolved in CVE-2023-33226"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SolarWinds ",
"product": {
"product_data": [
{
"product_name": "Network Configuration Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023.4 and previous versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40054",
"refsource": "MISC",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40054"
},
{
"url": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm",
"refsource": "MISC",
"name": "https://documentation.solarwinds.com/en/success_center/ncm/content/release_notes/ncm_2023-4-1_release_notes.htm"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All Network Configuration Manager customers are advised to upgrade to the latest version of the Network Configuration Manager version 2023.4.1<br>"
}
],
"value": "All Network Configuration Manager customers are advised to upgrade to the latest version of the Network Configuration Manager version 2023.4.1\n"
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds Security Team "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2023/40xxx/CVE-2023-40055.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-40055",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@solarwinds.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.\u00a0We found this issue was not resolved in CVE-2023-33227"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SolarWinds ",
"product": {
"product_data": [
{
"product_name": "Network Configuration Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023.4 and previous versions"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055",
"refsource": "MISC",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40055"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "All Network Configuration Manager customers are advised to upgrade to the latest version of the Network Configuration Manager version 2023.4.1<br>"
}
],
"value": "All Network Configuration Manager customers are advised to upgrade to the latest version of the Network Configuration Manager version 2023.4.1\n"
}
],
"credits": [
{
"lang": "en",
"value": "SolarWinds Security Team "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

113
2023/41xxx/CVE-2023-41137.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41137",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@appcheck-ng.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Cryptographic Key",
"cweId": "CWE-321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AppsAnywhere",
"product": {
"product_data": [
{
"product_name": "AppsAnywhere Client",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1.4.0",
"status": "affected"
},
{
"version": "1.4.1",
"status": "affected"
},
{
"version": "1.5.1",
"status": "affected"
},
{
"version": "1.5.2",
"status": "affected"
},
{
"version": "1.6.0",
"status": "affected"
},
{
"version": "2.0.0",
"status": "affected"
},
{
"version": "1.6.1",
"status": "unaffected"
},
{
"version": "2.0.1",
"status": "unaffected"
},
{
"version": "2.2.0",
"status": "unaffected"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory",
"refsource": "MISC",
"name": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
]
},
"generator": {
"engine": "cveClient/1.0.14"
},
"credits": [
{
"lang": "en",
"value": "Gaelan Steele"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8,
"baseSeverity": "HIGH"
}
]
}

113
2023/41xxx/CVE-2023-41138.json
View File

@ -1,17 +1,122 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41138",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "info@appcheck-ng.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Privilege Assignment",
"cweId": "CWE-226"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "AppsAnywhere",
"product": {
"product_data": [
{
"product_name": "AppsAnywhere Client",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1.4.0",
"status": "affected"
},
{
"version": "1.4.1",
"status": "affected"
},
{
"version": "1.5.1",
"status": "affected"
},
{
"version": "1.5.2",
"status": "affected"
},
{
"version": "1.6.0",
"status": "affected"
},
{
"version": "2.0.0",
"status": "affected"
},
{
"version": "1.6.1",
"status": "unaffected"
},
{
"version": "2.0.1",
"status": "unaffected"
},
{
"version": "2.2.0",
"status": "unaffected"
}
],
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory",
"refsource": "MISC",
"name": "https://docs.appsanywhere.com/appsanywhere/3.1/2023-11-security-advisory"
}
]
},
"generator": {
"engine": "cveClient/1.0.14"
},
"credits": [
{
"lang": "en",
"value": "Gaelan Steele"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

76
2023/46xxx/CVE-2023-46743.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46743",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-276: Incorrect Default Permissions",
"cweId": "CWE-276"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "xwikisas",
"product": {
"product_data": [
{
"product_name": "application-collabora",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "< 1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57",
"refsource": "MISC",
"name": "https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57"
}
]
},
"source": {
"advisory": "GHSA-mvq3-xxg2-rj57",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

76
2023/47xxx/CVE-2023-47110.json
View File

@ -1,17 +1,85 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47110",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "PrestaShop",
"product": {
"product_data": [
{
"product_name": "blockreassurance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 5.1.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78",
"refsource": "MISC",
"name": "https://github.com/PrestaShop/blockreassurance/security/advisories/GHSA-xfm3-hjcc-gv78"
}
]
},
"source": {
"advisory": "GHSA-xfm3-hjcc-gv78",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H",
"version": "3.1"
}
]
}

198
2023/6xxx/CVE-2023-6039.json
View File

@ -1,17 +1,207 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. This flaw allows a local attacker to crash the system when the LAN78XX USB device detaches."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free",
"cweId": "CWE-416"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "6.5-rc5",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6039",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-6039"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248755",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2248755"
},
{
"url": "https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3",
"refsource": "MISC",
"name": "https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is to skip loading the affected module \"lan78xx\" onto the system till we have a fix available, this can be done by a blacklist mechanism, this will ensure the driver is not loaded at the boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Duoming Zhou for reporting this issue."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}