admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-27 19:00:33 +00:00
parent 5260dfeeca
commit 4fddcd54b0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 998 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2022/34xxx/CVE-2022-34886.json
View File

@ -1,17 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34886",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A remote code execution vulnerability was found in the firmware used in some Lenovo printers, which can be caused by a remote user pushing an illegal string to the server-side interface via a script, resulting in a stack overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Printer GM265DN (production date June 2022 and before)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "01.00.20N"
}
]
}
},
{
"product_name": "Printer GM265DN (production date July 2022 and later)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": " 01.17.00.03.00"
}
]
}
},
{
"product_name": "Printer GM266DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
},
{
"product_name": "Printer G263DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/205041.html",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/205041.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of&nbsp;LEN-101969 -&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."
}
],
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

128
2022/34xxx/CVE-2022-34887.json
View File

@ -1,17 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-34887",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Printer GM265DN (production date June 2022 and before)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "01.00.20N"
}
]
}
},
{
"product_name": "Printer GM265DN (production date July 2022 and later)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": " 01.17.00.03.00"
}
]
}
},
{
"product_name": "Printer GM266DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
},
{
"product_name": "Printer G263DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/205041.html",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/205041.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of&nbsp;LEN-101969 -&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."
}
],
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

128
2022/3xxx/CVE-2022-3429.json
View File

@ -1,17 +1,137 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-3429",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@lenovo.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Lenovo",
"product": {
"product_data": [
{
"product_name": "Printer GM265DN (production date June 2022 and before)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "01.00.20N"
}
]
}
},
{
"product_name": "Printer GM265DN (production date July 2022 and later)",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": " 01.17.00.03.00"
}
]
}
},
{
"product_name": "Printer GM266DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
},
{
"product_name": "Printer G263DNS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": " ",
"version_value": "02.06.00.04.00"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://iknow.lenovo.com.cn/detail/205041.html",
"refsource": "MISC",
"name": "https://iknow.lenovo.com.cn/detail/205041.html"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of&nbsp;LEN-101969 -&nbsp;<a target=\"_blank\" rel=\"nofollow\" href=\"https://iknow.lenovo.com.cn/detail/205041.html\">https://iknow.lenovo.com.cn/detail/205041.html</a>."
}
],
"value": "Upgrade printer firmware to the version (or later) listed in the Customer Mitigation section of\u00a0LEN-101969 -\u00a0 https://iknow.lenovo.com.cn/detail/205041.html ."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

97
2023/27xxx/CVE-2023-27854.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27854",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAn arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125 Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "Arena Simulation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions before 16.20.02 Patch"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<ul><li>Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\">BF29820 - Patch: ZDI Security Patch &amp; Windows 11 updates , Arena 16.2</a>.</li></ul>\n\n<br>"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch & Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl. "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2023/27xxx/CVE-2023-27858.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27858",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation Arena Simulation contains an arbitrary code execution vulnerability that could potentially allow a malicious user to commit unauthorized code to the software by using an\u00a0uninitialized pointer in the application. \u00a0The threat-actor could then execute malicious code on the system affecting the confidentiality, integrity, and availability of the product. \u00a0The user would need to open a malicious file provided to them by the attacker for the code to execute.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-824 Access of Uninitialized Pointer",
"cweId": "CWE-824"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "Arena Simulation",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "All versions before the 16.20.02 Patch"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141145"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<ul><li>Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044\">BF29820 - Patch: ZDI Security Patch &amp; Windows 11 updates , Arena 16.2</a>.</li></ul>\n\n<br>"
}
],
"value": "\n * Upgrade to 16.20.02 which has been patched to mitigate these issues, by referencing BF29820 - Patch: ZDI Security Patch & Windows 11 updates , Arena 16.2 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141044 .\n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "These vulnerabilities were reported to Rockwell Automation by Michael Heinzl"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

5
2023/45xxx/CVE-2023-45498.json
View File

@ -56,6 +56,11 @@
"url": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/",
"refsource": "MISC",
"name": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/"
},
{
"refsource": "FULLDISC",
"name": "20231027 LKX-2023-001 VinChin VMWare Backup",
"url": "http://seclists.org/fulldisclosure/2023/Oct/31"
}
]
}

5
2023/45xxx/CVE-2023-45499.json
View File

@ -56,6 +56,11 @@
"url": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/",
"refsource": "MISC",
"name": "https://blog.leakix.net/2023/10/vinchin-backup-rce-chain/"
},
{
"refsource": "FULLDISC",
"name": "20231027 LKX-2023-001 VinChin VMWare Backup",
"url": "http://seclists.org/fulldisclosure/2023/Oct/31"
}
]
}

90
2023/46xxx/CVE-2023-46246.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46246",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Vim is an improved version of the good old UNIX editor Vi. Heap-use-after-free in memory allocated in the function `ga_grow_inner` in in the file `src/alloc.c` at line 748, which is freed in the file `src/ex_docmd.c` in the function `do_cmdline` at line 1010 and then used again in `src/cmdhist.c` at line 759. When using the `:history` command, it's possible that the provided argument overflows the accepted value. Causing an Integer Overflow and potentially later an use-after-free. This vulnerability has been patched in version 9.0.2068.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free",
"cweId": "CWE-416"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190: Integer Overflow or Wraparound",
"cweId": "CWE-190"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "vim",
"product": {
"product_data": [
{
"product_name": "vim",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "<= 9.0.2067"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm",
"refsource": "MISC",
"name": "https://github.com/vim/vim/security/advisories/GHSA-q22m-h7m2-9mgm"
},
{
"url": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a",
"refsource": "MISC",
"name": "https://github.com/vim/vim/commit/9198c1f2b1ddecde22af918541e0de2a32f0f45a"
}
]
},
"source": {
"advisory": "GHSA-q22m-h7m2-9mgm",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

97
2023/46xxx/CVE-2023-46289.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nRockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. If exploited, the product would become unavailable and require a restart to recover resulting in a denial-of-service condition.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk\u00ae View Site Edition ",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 11.0-13.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141167"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<ul><li>Install the patch that remediates the issue: <a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243\">BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0</a>.</li></ul>"
}
],
"value": "\n * Install the patch that remediates the issue: BF29581 - Patch: External Service Interaction (HTTP), FactoryTalk View SE 11.0, 12.0 13.0 https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140243 .\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "This vulnerability was found internally during routine testing."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

97
2023/46xxx/CVE-2023-46290.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46290",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nDue to inadequate code logic, a previously unauthenticated threat actor could potentially obtain a local Windows OS user token through the FactoryTalk\u00ae Services Platform web service and then use the token to log in into FactoryTalk\u00ae Services Platform . This vulnerability can only be exploited if the authorized user did not previously log in into the FactoryTalk\u00ae Services Platform web service.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "FactoryTalk\u00ae Services Platform",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions before 2.80"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1141165"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<ul><li>Install the respective <a target=\"_blank\" rel=\"nofollow\" href=\"https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx?crumb=113&amp;versions=61602,60883,59837,59480,58564,57413,58591,59481,59482,59483,59484,59485,59486,59487,59488,59490,59491,59492,59493,59494,59495,59496\">FactoryTalk Services Version</a>&nbsp;that remediates the issue.</li><li><a target=\"_blank\" rel=\"nofollow\" href=\"https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012\">QA43240 - Recommended Security Guidelines from Rockwell Automation</a></li></ul>\n\n<br>"
}
],
"value": "\n * Install the respective FactoryTalk Services Version https://compatibility.rockwellautomation.com/Pages/MultiProductCompareSelections.aspx \u00a0that remediates the issue.\n * QA43240 - Recommended Security Guidelines from Rockwell Automation https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1085012 \n\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": " This vulnerability was found internally during routine testing."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

126
2023/4xxx/CVE-2023-4967.json
View File

@ -1,17 +1,135 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4967",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secure@citrix.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer",
"cweId": "CWE-119"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Cloud Software Group",
"product": {
"product_data": [
{
"product_name": "NetScaler ADC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1",
"version_value": "8.50"
},
{
"version_affected": "<",
"version_name": "13.1",
"version_value": "49.15"
},
{
"version_affected": "<",
"version_name": "13.0",
"version_value": "92.19"
},
{
"version_affected": "<",
"version_name": "13.1-FIPS",
"version_value": "37.164"
},
{
"version_affected": "<",
"version_name": "12.1-FIPS",
"version_value": "55.300"
},
{
"version_affected": "<",
"version_name": "12.1-NDcPP",
"version_value": "55.300"
}
]
}
},
{
"product_name": "NetScaler Gateway",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "14.1",
"version_value": "8.50"
},
{
"version_affected": "<",
"version_name": "13.1",
"version_value": "49.15"
},
{
"version_affected": "<",
"version_name": "13.0",
"version_value": "92.19"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.citrix.com/article/CTX579459/",
"refsource": "MISC",
"name": "https://support.citrix.com/article/CTX579459/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
]
}

18
2023/5xxx/CVE-2023-5832.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5833.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}