From 616e92b8e5d21f50b24f7cf54ae57da25a5815af Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 27 Jan 2023 00:01:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/0xxx/CVE-2023-0468.json | 50 ++++++++++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0469.json | 50 ++++++++++++++++++++++++++++++++-- 2023/0xxx/CVE-2023-0476.json | 50 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24493.json | 50 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24494.json | 50 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24495.json | 50 ++++++++++++++++++++++++++++++++-- 2023/24xxx/CVE-2023-24508.json | 6 ++-- 7 files changed, 285 insertions(+), 21 deletions(-) diff --git a/2023/0xxx/CVE-2023-0468.json b/2023/0xxx/CVE-2023-0468.json index f71050476fc..86c7829c522 100644 --- a/2023/0xxx/CVE-2023-0468.json +++ b/2023/0xxx/CVE-2023-0468.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0468", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux Kernel prior to Kernel 6.1 RC7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Kernel 6.1 RC7" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2164024", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164024" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference." } ] } diff --git a/2023/0xxx/CVE-2023-0469.json b/2023/0xxx/CVE-2023-0469.json index 612df6b2314..92291c75ccf 100644 --- a/2023/0xxx/CVE-2023-0469.json +++ b/2023/0xxx/CVE-2023-0469.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0469", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux Kernel prior t oKernel 6.1 RC7" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-191" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2163723", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2163723" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service." } ] } diff --git a/2023/0xxx/CVE-2023-0476.json b/2023/0xxx/CVE-2023-0476.json index 6586ba550bd..a023a2fc535 100644 --- a/2023/0xxx/CVE-2023-0476.json +++ b/2023/0xxx/CVE-2023-0476.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-0476", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable.sc", + "version": { + "version_data": [ + { + "version_value": "Tenable.sc versions 5.23.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "LDAP Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2023-03", + "url": "https://www.tenable.com/security/tns-2023-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection." } ] } diff --git a/2023/24xxx/CVE-2023-24493.json b/2023/24xxx/CVE-2023-24493.json index 008ee47120b..5c88c9342f7 100644 --- a/2023/24xxx/CVE-2023-24493.json +++ b/2023/24xxx/CVE-2023-24493.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24493", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable.sc", + "version": { + "version_data": [ + { + "version_value": "Tenable.sc versions 5.23.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Formula injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2023-03", + "url": "https://www.tenable.com/security/tns-2023-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host." } ] } diff --git a/2023/24xxx/CVE-2023-24494.json b/2023/24xxx/CVE-2023-24494.json index aa481180e82..0601cb0733b 100644 --- a/2023/24xxx/CVE-2023-24494.json +++ b/2023/24xxx/CVE-2023-24494.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24494", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable.sc", + "version": { + "version_data": [ + { + "version_value": "Tenable.sc versions 5.23.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stored Cross Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2023-03", + "url": "https://www.tenable.com/security/tns-2023-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session." } ] } diff --git a/2023/24xxx/CVE-2023-24495.json b/2023/24xxx/CVE-2023-24495.json index 9e4c565c8a7..bfbb3555c4f 100644 --- a/2023/24xxx/CVE-2023-24495.json +++ b/2023/24xxx/CVE-2023-24495.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-24495", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "vulnreport@tenable.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Tenable.sc", + "version": { + "version_data": [ + { + "version_value": "Tenable.sc versions 5.23.1 and earlier" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Server Side Request Forgery (SSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://www.tenable.com/security/tns-2023-03", + "url": "https://www.tenable.com/security/tns-2023-03" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly." } ] } diff --git a/2023/24xxx/CVE-2023-24508.json b/2023/24xxx/CVE-2023-24508.json index 130710df5c7..b960d4ee45c 100644 --- a/2023/24xxx/CVE-2023-24508.json +++ b/2023/24xxx/CVE-2023-24508.json @@ -11,7 +11,7 @@ "description_data": [ { "lang": "eng", - "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. BaiBS_RTS_3.6.6 (verified on live device): Pre-login Remote Execution of shell commands as root (command used - \"ls\"): POST http://:/utility/run_warn_command.sh HTTP/1.1 Cookie: browser_time=1672739229 commands=ls&hash=browser_time%3D1673903145 This happens because commands value gets executed: printf \"%s\" \"$FORM_commands\" | tr -d \"\\r\" > $tmp_file sh $tmp_file Any version of BaiBS_RTS_3.6.6 and older: Pre-login Remote Execution of shell commands as root (due to not checking anything on user-input and injecting it into shell script via haserl binary): Any POST to http://:/utility/.sh will do, due to this - in each: eval $(baicells_session_validator -c \"$COOKIE_hash\" -e \"$COOKIE_exp\" -a \"$HTTP_USER_AGENT\" -i \"$REMOTE_ADDR\" -r \"login.htm\" -t $(uci get baicells.global.session_timeout) -b \"$COOKIE_browser_time\") HTTP header User-Agent can be used and any Cookie. Exploit Sending HTTP POST requests to the Baicells equipment web-interface." + "value": "Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce." } ] }, @@ -101,10 +101,10 @@ { "base64": false, "type": "text/html", - "value": "Nova eNB would need to be configured and running on 3.6.6 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. " + "value": "Nova eNB would need to be configured and running on 3.6.6 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method. 

" } ], - "value": "Nova eNB would need to be configured and running on 3.6.6 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method.\u00a0" + "value": "Nova eNB would need to be configured and running on 3.6.6 firmware and older along with being accessible on the internal network or public network. If the Web interface is enabled it will allow users to exploit using the above method.\u00a0\n\n" } ], "solution": [