Auto-merge PR#9111

Auto-merge PR#9111
This commit is contained in:
CVE Team 2023-05-22 21:52:21 -04:00 committed by GitHub
commit 4cd96f7ab9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
28 changed files with 1346 additions and 84 deletions

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "T&D Corporation and ESPEC MIC CORP.",
"product": {
"product_data": [
{
"product_name": "T&D Corporation and ESPEC MIC CORP. data logger products",
"version": {
"version_data": [
{
"version_value": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Client-side enforcement of server-side security"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tandd.com/news/detail.html?id=780"
},
{
"url": "https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N"
},
{
"url": "https://jvn.jp/en/jp/JVN14778242/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "T&D Corporation and ESPEC MIC CORP.",
"product": {
"product_data": [
{
"product_name": "T&D Corporation and ESPEC MIC CORP. data logger products",
"version": {
"version_data": [
{
"version_value": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing authentication for critical function"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tandd.com/news/detail.html?id=780"
},
{
"url": "https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N"
},
{
"url": "https://jvn.jp/en/jp/JVN14778242/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25946",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Qrio, inc.",
"product": {
"product_data": [
{
"product_name": "Qrio Lock (Q-SL2)",
"version": {
"version_data": [
{
"version_value": "firmware version 2.0.9 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass by capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://qrio.me/article/announce/2023/4140/"
},
{
"url": "https://jvn.jp/en/jp/JVN48687031/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25953",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "WORKS MOBILE Japan Corp.",
"product": {
"product_data": [
{
"product_name": "Drive Explorer for macOS",
"version": {
"version_data": [
{
"version_value": "versions 3.5.4 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://line.worksmobile.com/jp/release-notes/20230216/"
},
{
"url": "https://jvn.jp/en/jp/JVN01937209/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26595",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cybozu, Inc.",
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.10.0 to 5.9.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27304",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cybozu, Inc.",
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "4.6.0 to 5.9.2"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27384",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cybozu, Inc.",
"product": {
"product_data": [
{
"product_name": "Cybozu Garoon",
"version": {
"version_data": [
{
"version_value": "5.15.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://cs.cybozu.co.jp/2023/007698.html"
},
{
"url": "https://jvn.jp/en/jp/JVN41694426/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27387",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "T&D Corporation and ESPEC MIC CORP.",
"product": {
"product_data": [
{
"product_name": "T&D Corporation and ESPEC MIC CORP. data logger products",
"version": {
"version_data": [
{
"version_value": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tandd.com/news/detail.html?id=780"
},
{
"url": "https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N"
},
{
"url": "https://jvn.jp/en/jp/JVN14778242/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27388",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "T&D Corporation and ESPEC MIC CORP.",
"product": {
"product_data": [
{
"product_name": "T&D Corporation and ESPEC MIC CORP. data logger products",
"version": {
"version_data": [
{
"version_value": "T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.tandd.com/news/detail.html?id=780"
},
{
"url": "https://www.monitoring.especmic.co.jp/post/VulnerabilityInRT-12N_RS-12N_RT-22BNandTEU-12N"
},
{
"url": "https://jvn.jp/en/jp/JVN14778242/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions)."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27397",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MicroEngine Inc.",
"product": {
"product_data": [
{
"product_name": "MicroEngine Mailform",
"version": {
"version_data": [
{
"version_value": "version 1.1.0 to 1.1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted upload of file with dangerous type"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://microengine.jp/information/security_2023_05.html"
},
{
"url": "https://jvn.jp/en/jp/JVN31701509/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MicroEngine Inc.",
"product": {
"product_data": [
{
"product_name": "MicroEngine Mailform",
"version": {
"version_data": [
{
"version_value": "version 1.1.0 to 1.1.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://microengine.jp/information/security_2023_05.html"
},
{
"url": "https://jvn.jp/en/jp/JVN31701509/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27512",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contec Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "SolarView Compact",
"version": {
"version_data": [
{
"version_value": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27514",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contec Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "SolarView Compact",
"version": {
"version_data": [
{
"version_value": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contec Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "SolarView Compact",
"version": {
"version_data": [
{
"version_value": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contec Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "SolarView Compact",
"version": {
"version_data": [
{
"version_value": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27920",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Contec Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "SolarView Compact",
"version": {
"version_data": [
{
"version_value": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf"
},
{
"url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92106300/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27921",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JINS Inc.",
"product": {
"product_data": [
{
"product_name": "JINS MEME CORE",
"version": {
"version_data": [
{
"version_value": "Firmware version 2.2.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded cryptographic key"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://jinsmeme.com/media/2023-04-fwapp2"
},
{
"url": "https://jvn.jp/en/jp/JVN13306058/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27922",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Stefano Lissa & The Newsletter Team",
"product": {
"product_data": [
{
"product_name": "Newsletter",
"version": {
"version_data": [
{
"version_value": "versions prior to 7.6.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wordpress.org/plugins/newsletter/"
},
{
"url": "https://jvn.jp/en/jp/JVN59341308/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27923",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vektor,Inc.",
"product": {
"product_data": [
{
"product_name": "VK Blocks and VK Blocks Pro",
"version": {
"version_data": [
{
"version_value": "VK Blocks 1.53.0.1 and earlier, and VK Blocks Pro 1.53.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/"
},
{
"url": "https://jvn.jp/en/jp/JVN95792402/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27925",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vektor,Inc.",
"product": {
"product_data": [
{
"product_name": "VK Blocks and VK Blocks Pro",
"version": {
"version_data": [
{
"version_value": "VK Blocks 1.53.0.1 and earlier, and VK Blocks Pro 1.53.0.1 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/"
},
{
"url": "https://jvn.jp/en/jp/JVN95792402/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27926",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vektor,Inc.",
"product": {
"product_data": [
{
"product_name": "VK All in One Expansion Unit",
"version": {
"version_data": [
{
"version_value": "9.88.1.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/"
},
{
"url": "https://jvn.jp/en/jp/JVN95792402/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28367",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Vektor,Inc.",
"product": {
"product_data": [
{
"product_name": "VK All in One Expansion Unit",
"version": {
"version_data": [
{
"version_value": "9.88.1.0 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.vektor-inc.co.jp/product-update/vk-blocks-exunit-xss/"
},
{
"url": "https://jvn.jp/en/jp/JVN95792402/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28390",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ICOM INCORPORATED",
"product": {
"product_data": [
{
"product_name": "SR-7100VN",
"version": {
"version_data": [
{
"version_value": "SR-7100VN firmware Ver.1.38(N) and earlier, and SR-7100VN #31 firmware Ver.1.21 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.icom.co.jp/news/7239/"
},
{
"url": "https://jvn.jp/en/jp/JVN80476232/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28392",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Inaba Denki Sangyo Co., Ltd.",
"product": {
"product_data": [
{
"product_name": "Wi-Fi AP UNIT",
"version": {
"version_data": [
{
"version_value": "AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.inaba.co.jp/abaniact/news/Wi-Fi%20AP%20UNIT%E3%80%8CAC-WAPU-300%E3%80%8D%E3%81%AB%E3%81%8A%E3%81%91%E3%82%8BOS%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%82%A4%E3%83%B3%E3%82%B8%E3%82%A7%E3%82%AF%E3%82%B7%E3%83%A7%E3%83%B3%E3%81%AE%E8%84%86%E5%BC%B1%E6%80%A7%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6.pdf"
},
{
"url": "https://jvn.jp/en/vu/JVNVU98968780/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command."
}
]
}

View File

@ -4,14 +4,61 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28394",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Beekeeper Studio, Inc.",
"product": {
"product_data": [
{
"product_name": "Beekeeper Studio",
"version": {
"version_data": [
{
"version_value": "versions prior to 3.9.9"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.beekeeperstudio.io/"
},
{
"url": "https://github.com/beekeeper-studio/beekeeper-studio"
},
{
"url": "https://jvn.jp/en/jp/JVN11705010/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28408",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Monkey Wrench Inc.",
"product": {
"product_data": [
{
"product_name": "MW WP Form",
"version": {
"version_data": [
{
"version_value": "versions v4.4.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/"
},
{
"url": "https://jvn.jp/en/jp/JVN01093915/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28409",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Monkey Wrench Inc.",
"product": {
"product_data": [
{
"product_name": "MW WP Form",
"version": {
"version_data": [
{
"version_value": "versions v4.4.2 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted upload of file with dangerous type"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://plugins.2inc.org/mw-wp-form/blog/2023/05/08/752/"
},
{
"url": "https://jvn.jp/en/jp/JVN01093915/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file."
}
]
}

View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-28413",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vultures@jpcert.or.jp"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Monkey Wrench Inc.",
"product": {
"product_data": [
{
"product_name": "Snow Monkey Forms",
"version": {
"version_data": [
{
"version_value": "versions v5.0.6 and earlier"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://snow-monkey.2inc.org/2023/04/28/snow-monkey-forms-v5-0-7/"
},
{
"url": "https://jvn.jp/en/jp/JVN01093915/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition."
}
]
}