admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-10-25 17:39:47 +00:00
parent a294ca8596
commit 67072dbc48
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
87 changed files with 5051 additions and 490 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
2022/36xxx/CVE-2022-36784.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Elsight \u2013 Elsight Halo Remote Code Execution (RCE) Elsight Halo web panel allows us to perform connection validation. through the POST request : /api/v1/nics/wifi/wlan0/ping we can abuse DESTINATION parameter and leverage it to remote code execution."
"value": "\nElsight \u2013 Elsight Halo \u00a0Remote Code Execution (RCE)\nElsight Halo web panel allows us to perform connection validation.\nthrough the POST request :\n/api/v1/nics/wifi/wlan0/ping\nwe can abuse DESTINATION parameter and leverage it to remote code execution.\n\n"
}
]
},
@ -35,12 +35,13 @@
"product": {
"product_data": [
{
"product_name": "Elsight Halo ",
"product_name": "Elsight Halo",
"version": {
"version_data": [
{
"version_value": "10.6.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": "Update to version 10.6.1"
}
]
}
@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0055",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"solution": [
{
@ -83,23 +84,23 @@
"credits": [
{
"lang": "en",
"value": "Dudu Moyal ,Moriel Harush"
"value": "Dudu Moyal ,Moriel Harush "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

29
2022/36xxx/CVE-2022-36785.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "D-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure \u2013 file contains a URL with private IP at line 15 \"login.asp\" A. The window.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ; \"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at *Authorization Bypass \u2013 URL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface."
"value": "\nD-Link \u2013 G integrated Access Device4 Information Disclosure & Authorization Bypass.\n*Information Disclosure \u2013 \nfile contains a URL with private IP at line 15 \"login.asp\" A. The\nwindow.location.href = http://192.168.1.1/setupWizard.asp\" http://192.168.1.1/setupWizard.asp\" ;\n\"admin\" \u2013 contains default username value \"login.asp\" B. While accessing the web interface, the login form at \n\n*Authorization Bypass \u2013 \nURL by \"setupWizard.asp' while it blocks direct access to \u2013 the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a \"login_glag\" and \"login_status\" checking browser and to read the admin user credentials for the web interface.\n\n\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Information Disclosure & Authorization Bypass"
"value": "Information Disclosure & Authorization Bypass."
}
]
}
@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0056",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"credits": [
{
@ -76,17 +77,17 @@
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]

40
2022/36xxx/CVE-2022-36786.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "DLINK - DSL-224 Post-auth PCE. DLINK router has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API. It is possible to inject a command through this interface that will run with ROOT permissions on the router."
"value": "DLINK - DSL-224 Post-auth RCE.\nDLINK router version 3.0.8 has an interface where you can configure NTP servers (Network Time Protocol) via jsonrpc API.\nIt is possible to inject a command through this interface that will run with ROOT permissions on the router.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Post-auth PCE"
"value": "Post-auth RCE"
}
]
}
@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": "Update to version 3.0.9_Beta Hotfix"
}
]
}
@ -65,8 +66,21 @@
},
"source": {
"advisory": "ILVN-2022-0057",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to version 3.0.9_Beta Hotfix</span>\n\n<br>"
}
],
"value": "\nUpdate to version 3.0.9_Beta Hotfix\n\n\n"
}
],
"credits": [
{
"lang": "en",
@ -76,17 +90,17 @@
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]

35
2022/36xxx/CVE-2022-36787.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Webvendome - Webvendome SQL Injection. SQL Injection in the Parameter \" DocNumber\" Request : Get Request : /webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE."
"value": "\nwebvendome - webvendome SQL Injection.\nSQL Injection in the Parameter \" DocNumber\"\nRequest :\nGet Request :\n/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.\n\n"
}
]
},
@ -32,16 +32,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Webvendome",
"vendor_name": "webvendome",
"product": {
"product_data": [
{
"product_name": "Webvendome",
"product_name": "webvendome",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0058",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"solution": [
{
@ -75,10 +76,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest version.</span>\n\n"
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest version.</span>\n\n<br>"
}
],
"value": "\nUpdate to the latest version.\n\n"
"value": "\nUpdate to the latest version.\n\n\n"
}
],
"credits": [
@ -91,16 +92,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

33
2022/39xxx/CVE-2022-39178.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Webvendome - Webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure."
"value": "\nWebvendome - webvendome Internal Server IP Disclosure.\nSend GET Request to the request which is shown in the picture.\nInternal Server IP and Full path disclosure. \n\n"
}
]
},
@ -31,16 +31,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "Webvendome",
"vendor_name": "webvendome",
"product": {
"product_data": [
{
"product_name": "Webvendome",
"product_name": "webvendome",
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -54,9 +55,9 @@
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0059",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"solution": [
{
@ -74,10 +75,10 @@
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest version.</span>\n\n"
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Update to the latest version.</span>\n\n<br>"
}
],
"value": "\nUpdate to the latest version.\n\n"
"value": "\nUpdate to the latest version.\n\n\n"
}
],
"credits": [
@ -90,16 +91,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]

35
2022/39xxx/CVE-2022-39179.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php file."
"value": "\nCollege Management System v1.0 - Authenticated remote code execution.\nAn admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload\n.php file that contains malicious code via student.php file.\n\n"
}
]
},
@ -21,7 +21,7 @@
"description": [
{
"lang": "eng",
"value": "Authenticated remote code execution."
"value": "Authenticated remote code execution"
}
]
}
@ -31,7 +31,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "College Management System v1.0",
"vendor_name": "College Management",
"product": {
"product_data": [
{
@ -39,8 +39,9 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -54,9 +55,9 @@
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@ -65,7 +66,7 @@
},
"source": {
"advisory": "ILVN-2022-0060",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"credits": [
{
@ -77,16 +78,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

33
2022/39xxx/CVE-2022-39180.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php page."
"value": "\nCollege Management System v1.0 - SQL Injection (SQLi).\nBy inserting SQL commands to the username and password fields in the login.php page\n\n"
}
]
},
@ -32,7 +32,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "College Management System v1.0",
"vendor_name": "College Management",
"product": {
"product_data": [
{
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0061",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"credits": [
{
@ -78,16 +79,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]

25
2022/39xxx/CVE-2022-39181.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "GLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS). Type 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser."
"value": "\nGLPI - Reports plugin for GLPI Reflected Cross-Site-Scripting (RXSS).\nType 1: Reflected XSS (or Non-Persistent) - The server reads data directly from the HTTP request and reflects it back in\nthe HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a\nvulnerable web application, which is then reflected back to the victim and executed by the web browser. The most\ncommon mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or emailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby\nan attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content\nback to the victim, the content is executed by the victim's browser. \n\n"
}
]
},
@ -40,8 +40,9 @@
"version": {
"version_data": [
{
"version_value": "1.0",
"version_affected": "="
"version_affected": "<",
"version_name": "All versions",
"version_value": " Upgrade to the latest version."
}
]
}
@ -55,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"refsource": "MISC",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
@ -66,7 +67,7 @@
},
"source": {
"advisory": "ILVN-2022-0062",
"discovery": "EXTERNAL"
"discovery": "UNKNOWN"
},
"credits": [
{
@ -78,16 +79,16 @@
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
]

78
2023/1xxx/CVE-2023-1356.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1356",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Reflected cross-site scripting in the StudentSearch component in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows hijacking of a user\u2019s browsing session by attackers who have convinced the said user to click on a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-1356"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

78
2023/26xxx/CVE-2023-26583.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26583",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-26583"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/26xxx/CVE-2023-26584.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-26584",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-26584"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27254.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the GetRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27254"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27255.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27255"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27256.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27256",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the GetLogFiles method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of sensitive log files by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27256"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27257.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27257",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the GetActiveToiletPasses method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27257"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2023/27xxx/CVE-2023-27258.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27258",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the GetStudentGroupStudents method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27258"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Melodi Dey"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2023/27xxx/CVE-2023-27259.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27259",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27259"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Melodi Dey"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27260.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27260",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27261.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27261",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the DeleteAssignments method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27261"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
]
}

78
2023/27xxx/CVE-2023-27262.json
View File

@ -1,17 +1,87 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27262",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27260"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

84
2023/27xxx/CVE-2023-27375.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the StudentPopupDetails_ContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27375"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Melodi Dey"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2023/27xxx/CVE-2023-27376.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the StudentPopupDetails_StudentDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27376"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Melodi Dey"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

84
2023/27xxx/CVE-2023-27377.json
View File

@ -1,17 +1,93 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27377",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "vdp@themissinglink.com.au",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing authentication in the StudentPopupDetails_EmergencyContactDetails method in IDAttend\u2019s IDWeb application 3.1.052 and earlier allows extraction of sensitive student data by unauthenticated attackers. "
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication",
"cweId": "CWE-287"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IDAttend Pty Ltd",
"product": {
"product_data": [
{
"product_name": "IDWeb",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.052"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377",
"refsource": "MISC",
"name": "https://www.themissinglink.com.au/security-advisories/cve-2023-27377"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Melodi Dey"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

94
2023/41xxx/CVE-2023-41255.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41255",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication \r\nof the \u2018su\u2019 binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

94
2023/41xxx/CVE-2023-41372.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}
]
}

94
2023/41xxx/CVE-2023-41960.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41960",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-926 Improper Export of Android Application Components",
"cweId": "CWE-926"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
]
}

94
2023/43xxx/CVE-2023-43488.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows a low privileged (untrusted) application to\r\nmodify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862 Missing Authorization",
"cweId": "CWE-862"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 7.9,
"baseSeverity": "HIGH"
}
]
}

94
2023/45xxx/CVE-2023-45220.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45220",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and credentials to connect to a remote MQTT broker entity) instead of HTTPS and this feature is not configurable by the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
}
]
}

94
2023/45xxx/CVE-2023-45844.json
View File

@ -1,17 +1,103 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45844",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@bosch.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device settings such as the device power management or eventually the device secure settings (ADB debug)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control",
"cweId": "CWE-284"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rexroth",
"product": {
"product_data": [
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2107)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2110)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
},
{
"product_name": "ctrlX HMI Web Panel - WR21 (WR2115)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "all"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html",
"refsource": "MISC",
"name": "https://psirt.bosch.com/security-advisories/BOSCH-SA-175607.html"
}
]
},
"impact": {
"cvss": [
{
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
}
]
}

66
2023/46xxx/CVE-2023-46518.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46518",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mercury A15 V1.0 20230818_1.0.3 was discovered to contain a command execution vulnerability via the component cloudDeviceTokenSuccCB."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/MERCURY/A15/1/1.md"
},
{
"url": "https://www.mercurycom.com.cn/",
"refsource": "MISC",
"name": "https://www.mercurycom.com.cn/"
},
{
"url": "https://service.mercurycom.com.cn/download-2341.html",
"refsource": "MISC",
"name": "https://service.mercurycom.com.cn/download-2341.html"
}
]
}

61
2023/46xxx/CVE-2023-46520.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46520",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function uninstallPluginReqHandle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/1/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46521.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46521",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function RegisterRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/11/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46522.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46522",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function deviceInfoRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/2/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46525.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46525",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function loginRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/12/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46526.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46526",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function resetCloudPwdRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/10/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46527.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46527",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function bindRequestHandle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/13/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46534.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46534",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function modifyAccPwdRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/9/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46535.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46535",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getResetVeriRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/6/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46536.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46536",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkRegVeriRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/5/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46537.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46537",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function getRegVeriRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/7/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46538.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46538",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function chkResetVeriRegister."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/4/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46539.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46539",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TP-LINK TL-WR886N V7.0_3.0.14_Build_221115_Rel.56908n.bin was discovered to contain a stack overflow via the function registerRequestHandle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165",
"refsource": "MISC",
"name": "https://resource.tp-link.com.cn/pc/docCenter/showDoc?id=1676623713687165"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TP-LINK/TL-WR886N/8/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46540.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46540",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formNtp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/11/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46541.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46541",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpv6Setup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/10/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46542.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46542",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMeshUploadConfig."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/13/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46543.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46543",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlSiteSurvey."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/16/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46544.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46544",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWirelessTbl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/14/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46545.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46545",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWsc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/17/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46546.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46546",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formStats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/15/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46547.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46547",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSysLog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/12/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46548.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46548",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formWlanRedirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/1/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46549.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46549",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formSetLg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/18/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46550.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46550",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/21/1.md#2firmware-download-address"
}
]
}

61
2023/46xxx/CVE-2023-46551.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46551",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formReflashClientTbl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/2/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46552.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46552",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/19/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46553.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46553",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formParentControl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/5/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46554.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/20/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46555.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46555",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPortFw."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/3/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46556.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46556",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formFilter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/4/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46557.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46557",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMultiAPVLAN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/22/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46558.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46558",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formMapDelDevice."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/25/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46559.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIPv6Addr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/9/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46560.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formTcpipSetup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/23/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46562.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46562",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDosCfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/8/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46563.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46563",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formIpQoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/7/1.md"
}
]
}

61
2023/46xxx/CVE-2023-46564.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46564",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-46564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formDMZ."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36",
"refsource": "MISC",
"name": "https://totolink.cn/home/menu/detail.html?menu_listtpl=download&id=85&ids=36"
},
{
"url": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md",
"refsource": "MISC",
"name": "https://github.com/XYIYM/Digging/blob/main/TOTOLINK/X2000R/6/1.md"
}
]
}

59
2023/46xxx/CVE-2023-46650.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46650",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins GitHub Plugin 1.37.3 and earlier does not escape the GitHub project URL on the build page when showing changes, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins GitHub Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.37.3"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3246"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

74
2023/46xxx/CVE-2023-46651.json
View File

@ -1,17 +1,83 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to. This fix has been backported to 10.4.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Warnings Plugin",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "10.5.1",
"versionType": "maven",
"lessThan": "*",
"status": "unaffected"
},
{
"version": "10.4.1",
"versionType": "maven",
"lessThan": "10.4.*",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3265"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46652.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46652",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins lambdatest-automation Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.20.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3222"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46653.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46653",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins lambdatest-automation Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.20.10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3202"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46654.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46654",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the expected directory during the cleanup process of the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to delete arbitrary files on the Jenkins controller file system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins CloudBees CD Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.1.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3237"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46655.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46655",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins controller file system to the previously configured CloudBees CD server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins CloudBees CD Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.1.32"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3238"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46656.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46656",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Multibranch Scan Webhook Trigger Plugin 1.0.9 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Multibranch Scan Webhook Trigger Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.0.9"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2875"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46657.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46657",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Gogs Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.0.15"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2896"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46658.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46658",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins MSTeams Webhook Trigger Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "0.1.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2876"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46659.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46659",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Edgewall Trac Plugin 1.13 and earlier does not escape the Trac website URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Edgewall Trac Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "1.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-3247"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

59
2023/46xxx/CVE-2023-46660.json
View File

@ -1,17 +1,68 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46660",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "jenkinsci-cert@googlegroups.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jenkins Project",
"product": {
"product_data": [
{
"product_name": "Jenkins Zanata Plugin",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "0.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879",
"refsource": "MISC",
"name": "https://www.jenkins.io/security/advisory/2023-10-25/#SECURITY-2879"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/25/2"
}
]
}

12
2023/4xxx/CVE-2023-4128.json
View File

@ -514,6 +514,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2225511"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/",
"refsource": "MISC",
@ -538,18 +543,13 @@
"url": "https://www.debian.org/security/2023/dsa-5492",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5492"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html"
}
]
},
"work_around": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
"value": "To mitigate this issue, prevent the module cls_u32 from being loaded by blacklisting the module to prevent it from loading automatically. \n~~~\nhttps://access.redhat.com/solutions/41278 \n~~~"
}
],
"impact": {

160
2023/4xxx/CVE-2023-4692.json
View File

@ -1,17 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4692",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap metadata. As a result, arbitrary code execution and secure boot protection bypass may be achieved."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap-based Buffer Overflow",
"cweId": "CWE-122"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "grub2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4692",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-4692"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2236613"
},
{
"url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
"refsource": "MISC",
"name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"
},
{
"url": "https://seclists.org/oss-sec/2023/q4/37",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q4/37"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

160
2023/4xxx/CVE-2023-4693.json
View File

@ -1,17 +1,169 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memory locations. A successful attack allows sensitive data cached in memory or EFI variable values to be leaked, presenting a high Confidentiality risk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds Read",
"cweId": "CWE-125"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "grub2",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4693",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2023-4693"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2238343"
},
{
"url": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/",
"refsource": "MISC",
"name": "https://dfir.ru/2023/10/03/cve-2023-4692-cve-2023-4693-vulnerabilities-in-the-grub-boot-manager/"
},
{
"url": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html"
},
{
"url": "https://seclists.org/oss-sec/2023/q4/37",
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2023/q4/37"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

100
2023/4xxx/CVE-2023-4853.json
View File

@ -128,6 +128,83 @@
]
}
},
{
"product_name": "RHEL-8 based Middleware Containers",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.13.4-3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.13.4-2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.13.4-2",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.13.4-3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
},
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "7.13.4-3",
"lessThan": "*",
"versionType": "rpm",
"status": "unaffected"
}
],
"defaultStatus": "affected"
}
}
]
}
},
{
"product_name": "RHINT Camel-K-1.10.2",
"version": {
@ -288,6 +365,19 @@
]
}
},
{
"product_name": "RHPAM 7.13.4 async",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Decision Manager 7",
"version": {
@ -365,6 +455,16 @@
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:5480"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:6107",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:6107"
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:6112",
"refsource": "MISC",
"name": "https://access.redhat.com/errata/RHSA-2023:6112"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4853",
"refsource": "MISC",

10
2023/5xxx/CVE-2023-5363.json
View File

@ -73,6 +73,16 @@
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d",
"refsource": "MISC",
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/24/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2023/10/24/1"
},
{
"url": "https://www.debian.org/security/2023/dsa-5532",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5532"
}
]
},

2
2023/5xxx/CVE-2023-5568.json
View File

@ -119,7 +119,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
}
]

90
2023/5xxx/CVE-2023-5717.json
View File

@ -1,17 +1,99 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5717",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@google.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation.\n\nIf perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can increment or write to memory locations outside of the allocated buffer.\n\nWe recommend upgrading past commit 32671e3799ca2e4590773fd0e63aaa4229e50c06.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write",
"cweId": "CWE-787"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "4.4",
"version_value": "6.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06",
"refsource": "MISC",
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06"
},
{
"url": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06",
"refsource": "MISC",
"name": "https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"credits": [
{
"lang": "en",
"value": "Budimir Markovic"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseSeverity": "HIGH",
"baseScore": 7.8,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
]
}

18
2023/5xxx/CVE-2023-5764.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5765.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/5xxx/CVE-2023-5766.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-5766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}