admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-01-05 17:00:38 +00:00
parent 349ad2de4b
commit 6a0578d980
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
31 changed files with 2343 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/24xxx/CVE-2023-24805.json
View File

@ -83,6 +83,11 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/",
"refsource": "MISC",
"name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KL2SJMZQ5T5JIH3PMQ2CGCY5TUUE255Y/"
},
{
"url": "https://security.gentoo.org/glsa/202401-06",
"refsource": "MISC",
"name": "https://security.gentoo.org/glsa/202401-06"
}
]
},

79
2023/34xxx/CVE-2023-34321.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34321",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-437"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-437.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-437.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit\nis not affected.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "There is no known mitigation.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Julien Grall of Amazon.\n"
}
]
}

79
2023/34xxx/CVE-2023-34322.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34322",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "For migration as well as to work around kernels unaware of L1TF (see\nXSA-273), PV guests may be run in shadow paging mode. Since Xen itself\nneeds to be mapped when PV guests run, Xen and shadowed PV guests run\ndirectly the respective shadow page tables. For 64-bit PV guests this\nmeans running on the shadow of the guest root page table.\n\nIn the course of dealing with shortage of memory in the shadow pool\nassociated with a domain, shadows of page tables may be torn down. This\ntearing down may include the shadow root page table that the CPU in\nquestion is presently running on. While a precaution exists to\nsupposedly prevent the tearing down of the underlying live page table,\nthe time window covered by that precaution isn't large enough.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-438"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-438.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-438.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All Xen versions from at least 3.2 onwards are vulnerable. Earlier\nversions have not been inspected.\n\nOnly x86 systems are vulnerable. Only 64-bit PV guests can leverage the\nvulnerability, and only when running in shadow mode. Shadow mode would\nbe in use when migrating guests or as a workaround for XSA-273 (L1TF).\n"
}
],
"work_around": [
{
"lang": "en",
"value": "Running only HVM or PVH guests will avoid the vulnerability.\n\nRunning PV guests in the PV shim will also avoid the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Tim Deegan, and Jan Beulich of SUSE.\n"
}
]
}

79
2023/34xxx/CVE-2023-34323.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When a transaction is committed, C Xenstored will first check\nthe quota is correct before attempting to commit any nodes. It would\nbe possible that accounting is temporarily negative if a node has\nbeen removed outside of the transaction.\n\nUnfortunately, some versions of C Xenstored are assuming that the\nquota cannot be negative and are using assert() to confirm it. This\nwill lead to C Xenstored crash when tools are built without -DNDEBUG\n(this is the default).\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-440"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-440.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-440.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All versions of Xen up to and including 4.17 are vulnerable if XSA-326\nwas ingested.\n\nAll Xen systems using C Xenstored are vulnerable. C Xenstored built\nusing -DNDEBUG (can be specified via EXTRA_CFLAGS_XEN_TOOLS=-DNDEBUG)\nare not vulnerable. Systems using the OCaml variant of Xenstored are\nnot vulnerable.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "The problem can be avoided by using OCaml Xenstored variant.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Stanislav Uschakow and Julien Grall, all\nfrom Amazon.\n"
}
]
}

79
2023/34xxx/CVE-2023-34324.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34324",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Closing of an event channel in the Linux kernel can result in a deadlock.\nThis happens when the close is being performed in parallel to an unrelated\nXen console action and the handling of a Xen console interrupt in an\nunprivileged guest.\n\nThe closing of an event channel is e.g. triggered by removal of a\nparavirtual device on the other side. As this action will cause console\nmessages to be issued on the other side quite often, the chance of\ntriggering the deadlock is not neglectable.\n\nNote that 32-bit Arm-guests are not affected, as the 32-bit Linux kernel\non Arm doesn't use queued-RW-locks, which are required to trigger the\nissue (on Arm32 a waiting writer doesn't block further readers to get\nthe lock).\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Linux",
"product": {
"product_data": [
{
"product_name": "Linux",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-441"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-441.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-441.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All unprivileged guests running a Linux kernel of version 5.10 and later,\nor with the fixes for XSA-332, are vulnerable.\n\nAll guest types are vulnerable.\n\nOnly x86- and 64-bit Arm-guests are vulnerable.\n\nArm-guests running in 32-bit mode are not vulnerable.\n\nGuests not using paravirtualized drivers are not vulnerable.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "There is no known mitigation.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered as a bug by Marek Marczykowski-G\u00f3recki of\nInvisible Things Lab; the security impact was recognised by J\u00fcrgen\nGro\u00df of SUSE.\n"
}
]
}

79
2023/34xxx/CVE-2023-34325.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34325",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nlibfsimage contains parsing code for several filesystems, most of them based on\ngrub-legacy code. libfsimage is used by pygrub to inspect guest disks.\n\nPygrub runs as the same user as the toolstack (root in a priviledged domain).\n\nAt least one issue has been reported to the Xen Security Team that allows an\nattacker to trigger a stack buffer overflow in libfsimage. After further\nanalisys the Xen Security Team is no longer confident in the suitability of\nlibfsimage when run against guest controlled input with super user priviledges.\n\nIn order to not affect current deployments that rely on pygrub patches are\nprovided in the resolution section of the advisory that allow running pygrub in\ndeprivileged mode.\n\nCVE-2023-4949 refers to the original issue in the upstream grub\nproject (\"An attacker with local access to a system (either through a\ndisk or external drive) can present a modified XFS partition to\ngrub-legacy in such a way to exploit a memory corruption in grub\u2019s XFS\nfile system implementation.\") CVE-2023-34325 refers specifically to\nthe vulnerabilities in Xen's copy of libfsimage, which is decended\nfrom a very old version of grub.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-443"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-443.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-443.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All Xen versions are affected.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "Ensuring that guests do not use the pygrub bootloader will avoid this\nvulnerability.\n\nFor cases where the PV guest is known to be 64bit, and uses grub2 as a\nbootloader, pvgrub is a suitable alternative pygrub.\n\nRunning only HVM guests will avoid the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Ferdinand N\u00f6lscher of Google.\n"
}
]
}

79
2023/34xxx/CVE-2023-34326.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The caching invalidation guidelines from the AMD-Vi specification (48882\u2014Rev\n3.07-PUB\u2014Oct 2022) is incorrect on some hardware, as devices will malfunction\n(see stale DMA mappings) if some fields of the DTE are updated but the IOMMU\nTLB is not flushed.\n\nSuch stale DMA mappings can point to memory ranges not owned by the guest, thus\nallowing access to unindented memory regions.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-442"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-442.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-442.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 AMD systems with IOMMU hardware are vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "Not passing through physical devices to guests will avoid the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Roger Pau Monn\u00e9 of XenServer.\n"
}
]
}

79
2023/34xxx/CVE-2023-34327.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-444"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-444.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Andrew Cooper of XenServer.\n"
}
]
}

79
2023/34xxx/CVE-2023-34328.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nAMD CPUs since ~2014 have extensions to normal x86 debugging functionality.\nXen supports guests using these extensions.\n\nUnfortunately there are errors in Xen's handling of the guest state, leading\nto denials of service.\n\n 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of\n a previous vCPUs debug mask state.\n\n 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over the live GDT.\n This allows the PV vCPU to exploit XSA-156 / CVE-2015-8104 and lock\n up the CPU entirely.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-444"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-444.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-444.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Only AMD/Hygon hardware supporting the DBEXT feature are vulnerable.\nThis is believed to be the Steamroller microarchitecture and later.\n\nFor CVE-2023-34327, Xen versions 4.5 and later are vulnerable.\n\nFor CVE-2023-34328, Xen version between 4.5 and 4.13 are vulnerable.\nThe issue is benign in Xen 4.14 and later owing to an unrelated change.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "For CVE-2023-34327, HVM VMs which can see the DBEXT feature are not\nsusceptible to running in the wrong state. By default, VMs will see the\nDBEXT feature on capable hardware, and when not explicitly levelled for\nmigration compatibility.\n\nFor CVE-2023-34328, PV VMs which cannot see the DBEXT feature cannot\nleverage the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Andrew Cooper of XenServer.\n"
}
]
}

5
2023/38xxx/CVE-2023-38146.json
View File

@ -70,6 +70,11 @@
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146",
"refsource": "MISC",
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38146"
},
{
"url": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/176391/Themebleed-Windows-11-Themes-Arbitrary-Code-Execution.html"
}
]
},

111
2023/39xxx/CVE-2023-39294.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.3.2578 build 20231110"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.3.2578 build 20231110"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-54",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-54"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-54",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.3.2578 build 20231110 and later<br>QuTS hero h5.1.3.2578 build 20231110 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "rekter0"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/39xxx/CVE-2023-39296.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-39296",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1321",
"cweId": "CWE-1321"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.3.2578 build 20231110"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.3.2578 build 20231110"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-64",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-64"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-64",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.3.2578 build 20231110 and later<br>QuTS hero h5.1.3.2578 build 20231110 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.3.2578 build 20231110 and later\nQuTS hero h5.1.3.2578 build 20231110 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Anonymous working with SSD Secure Disclosure"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

99
2023/41xxx/CVE-2023-41287.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41287",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "Video Station",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.7.x",
"version_value": "5.7.2 ( 2023/11/23 )"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-55",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-55"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-55",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>Video Station 5.7.2 ( 2023/11/23 ) and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Vladimir Meier and Thomas Dewaele (Bugscale SA)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/41xxx/CVE-2023-41288.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "Video Station",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.7.x",
"version_value": "5.7.2 ( 2023/11/23 )"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-55",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-55"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-55",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>Video Station 5.7.2 ( 2023/11/23 ) and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nVideo Station 5.7.2 ( 2023/11/23 ) and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Vladimir Meier and Thomas Dewaele (Bugscale SA)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

99
2023/41xxx/CVE-2023-41289.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-41289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS command injection vulnerability has been reported to affect QcalAgent. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQcalAgent 1.1.8 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QcalAgent",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.1.x",
"version_value": "1.1.8"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-34",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-34"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-34",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QcalAgent 1.1.8 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQcalAgent 1.1.8 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "lebr0nli (Alan Li)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45039.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45039",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45040.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45040",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45041.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45041",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45042.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45042",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45043.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45043",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

111
2023/45xxx/CVE-2023-45044.json
View File

@ -1,17 +1,120 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-45044",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuTS hero",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "h5.1.x",
"version_value": "h5.1.4.2596 build 20231128"
}
]
}
},
{
"product_name": "QTS",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "5.1.x",
"version_value": "5.1.4.2596 build 20231128"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-27",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-27"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-27",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following versions:<br>QTS 5.1.4.2596 build 20231128 and later<br>QuTS hero h5.1.4.2596 build 20231128 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following versions:\nQTS 5.1.4.2596 build 20231128 and later\nQuTS hero h5.1.4.2596 build 20231128 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jiaxu Zhao && Bingwei Peng"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
]
}

79
2023/46xxx/CVE-2023-46835.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46835",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The current setup of the quarantine page tables assumes that the\nquarantine domain (dom_io) has been initialized with an address width\nof DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table levels.\n\nHowever dom_io being a PV domain gets the AMD-Vi IOMMU page tables\nlevels based on the maximum (hot pluggable) RAM address, and hence on\nsystems with no RAM above the 512GB mark only 3 page-table levels are\nconfigured in the IOMMU.\n\nOn systems without RAM above the 512GB boundary\namd_iommu_quarantine_init() will setup page tables for the scratch\npage with 4 levels, while the IOMMU will be configured to use 3 levels\nonly, resulting in the last page table directory (PDE) effectively\nbecoming a page table entry (PTE), and hence a device in quarantine\nmode gaining write access to the page destined to be a PDE.\n\nDue to this page table level mismatch, the sink page the device gets\nread/write access to is no longer cleared between device assignment,\npossibly leading to data leaks.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-445"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-445.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-445.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All Xen versions supporting PCI passthrough are affected.\n\nOnly x86 AMD systems with IOMMU hardware are vulnerable.\n\nOnly x86 guests which have physical devices passed through to them can\nleverage the vulnerability.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "Not passing through physical devices to guests will avoid the\nvulnerability.\n\nNot using quarantine scratch-page mode will avoid the vulnerability,\nbut could result in other issues.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Roger Pau Monn\u00e9 of XenServer.\n"
}
]
}

79
2023/46xxx/CVE-2023-46836.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative\nReturn Stack Overflow) are not IRQ-safe. It was believed that the\nmitigations always operated in contexts with IRQs disabled.\n\nHowever, the original XSA-254 fix for Meltdown (XPTI) deliberately left\ninterrupts enabled on two entry paths; one unconditionally, and one\nconditionally on whether XPTI was active.\n\nAs BTC/SRSO and Meltdown affect different CPU vendors, the mitigations\nare not active together by default. Therefore, there is a race\ncondition whereby a malicious PV guest can bypass BTC/SRSO protections\nand launch a BTC/SRSO attack against Xen.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-446"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-446.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-446.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "All versions of Xen are vulnerable.\n\nXen is only vulnerable in default configurations on AMD and Hygon CPUs.\n\nXen is not believed to be vulnerable in default configurations on CPUs\nfrom other hardware vendors.\n\nOnly PV guests can leverage the vulnerability.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "Running only HVM or PVH VMs will avoid the vulnerability.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Andrew Cooper of XenServer.\n"
}
]
}

79
2023/46xxx/CVE-2023-46837.json
View File

@ -1,18 +1,89 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-46837",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@xen.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Arm provides multiple helpers to clean & invalidate the cache\nfor a given region. This is, for instance, used when allocating\nguest memory to ensure any writes (such as the ones during scrubbing)\nhave reached memory before handing over the page to a guest.\n\nUnfortunately, the arithmetics in the helpers can overflow and would\nthen result to skip the cache cleaning/invalidation. Therefore there\nis no guarantee when all the writes will reach the memory.\n\nThis undefined behavior was meant to be addressed by XSA-437, but the\napproach was not sufficient.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Xen",
"product": {
"product_data": [
{
"product_name": "Xen",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"status": "unknown",
"version": "consult Xen advisory XSA-447"
}
],
"defaultStatus": "unknown"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-447.html",
"refsource": "MISC",
"name": "https://xenbits.xenproject.org/xsa/advisory-447.html"
}
]
},
"configuration": [
{
"lang": "en",
"value": "Systems running all version of Xen are affected.\n\nOnly systems running Xen on Arm 32-bit are vulnerable. Xen on Arm 64-bit\nis not affected.\n"
}
],
"work_around": [
{
"lang": "en",
"value": "There is no known mitigation.\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Michal Orzel from AMD.\n"
}
]
}

93
2023/47xxx/CVE-2023-47219.json
View File

@ -1,17 +1,102 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47219",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuMagie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-32",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-32"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-32",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QuMagie 2.2.1 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
}
]
}

99
2023/47xxx/CVE-2023-47559.json
View File

@ -1,17 +1,108 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47559",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuMagie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-23"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-23",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QuMagie 2.2.1 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "lebr0nli (Alan Li)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

104
2023/47xxx/CVE-2023-47560.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-47560",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@qnap.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network.\n\nWe have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77",
"cweId": "CWE-77"
},
{
"lang": "eng",
"value": "CWE-78",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "QNAP Systems Inc.",
"product": {
"product_data": [
{
"product_name": "QuMagie",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.qnap.com/en/security-advisory/qsa-23-23",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-23"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"advisory": "QSA-23-23",
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We have already fixed the vulnerability in the following version:<br>QuMagie 2.2.1 and later<br>"
}
],
"value": "We have already fixed the vulnerability in the following version:\nQuMagie 2.2.1 and later\n"
}
],
"credits": [
{
"lang": "en",
"value": "lebr0nli (Alan Li)"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

18
2024/0xxx/CVE-2024-0251.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0251",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/22xxx/CVE-2024-22164.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22164",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/22xxx/CVE-2024-22165.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22165",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2024/22xxx/CVE-2024-22166.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22166",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}