admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-04-04 17:00:34 +00:00
parent eb32403cd1
commit 7e2816aee0
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
7 changed files with 557 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
2021/40xxx/CVE-2021-40422.json
View File

@ -4,9 +4,8 @@
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2021-40422",
"STATE": "PUBLIC",
"DATE_PUBLIC": "2022-02-28",
"ASSIGNER": "talos-cna@cisco.com"
"ASSIGNER": "talos-cna@cisco.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
@ -16,35 +15,19 @@
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1431",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1431"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798: Use of Hard-coded Credentials"
"value": "CWE-798: Use of Hard-coded Credentials",
"cweId": "CWE-798"
}
]
}
]
},
"impact": {
"cvss": {
"baseScore": 10.0,
"baseSeverity": null,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"affects": {
"vendor": {
"vendor_data": [
@ -57,8 +40,8 @@
"version": {
"version_data": [
{
"version_value": "SG3-1010",
"version_affected": "="
"version_affected": "=",
"version_value": "SG3-1010"
}
]
}
@ -68,5 +51,38 @@
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1431",
"refsource": "MISC",
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1431"
}
]
},
"credits": [
{
"lang": "en",
"value": "Discovered by Dave McDaniel of Cisco Talos."
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL"
}
]
}
}

104
2023/1xxx/CVE-2023-1748.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1748",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798 Use of Hard-coded Credentials"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nexx",
"product": {
"product_data": [
{
"product_name": "Smart Alarm NXAL-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxal100v-p1-9-1"
}
]
}
},
{
"product_name": "Smart Plug NXPG-100W",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxpg100cv4-0-0"
}
]
}
},
{
"product_name": "Garage Door Controller NXG-100B, NXG-200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxg200v-p3-4-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1748"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
]
}

104
2023/1xxx/CVE-2023-1749.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1749",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nexx",
"product": {
"product_data": [
{
"product_name": "Smart Alarm NXAL-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxal100v-p1-9-1"
}
]
}
},
{
"product_name": "Smart Plug NXPG-100W",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxpg100cv4-0-0"
}
]
}
},
{
"product_name": "Garage Door Controller NXG-100B, NXG-200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxg200v-p3-4-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1749"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
}
]
}

104
2023/1xxx/CVE-2023-1750.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1750",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-639 Authorization Bypass Through User-Controlled Key"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nexx",
"product": {
"product_data": [
{
"product_name": "Smart Alarm NXAL-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxal100v-p1-9-1"
}
]
}
},
{
"product_name": "Smart Plug NXPG-100W",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxpg100cv4-0-0"
}
]
}
},
{
"product_name": "Garage Door Controller NXG-100B, NXG-200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxg200v-p3-4-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1750"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
]
}

104
2023/1xxx/CVE-2023-1751.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1751",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nexx",
"product": {
"product_data": [
{
"product_name": "Smart Alarm NXAL-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxal100v-p1-9-1"
}
]
}
},
{
"product_name": "Smart Plug NXPG-100W",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxpg100cv4-0-0"
}
]
}
},
{
"product_name": "Garage Door Controller NXG-100B, NXG-200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxg200v-p3-4-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1751"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH"
}
]
}

104
2023/1xxx/CVE-2023-1752.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1752",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device\u2019s MAC address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nexx",
"product": {
"product_data": [
{
"product_name": "Smart Alarm NXAL-100",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxal100v-p1-9-1"
}
]
}
},
{
"product_name": "Smart Plug NXPG-100W",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxpg100cv4-0-0"
}
]
}
},
{
"product_name": "Garage Door Controller NXG-100B, NXG-200",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "nxg200v-p3-4-1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-094-01"
}
]
},
"generator": {
"engine": "VINCE 2.0.7",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1752"
},
"source": {
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"version": "3.1",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH"
}
]
}

18
2023/1xxx/CVE-2023-1838.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1838",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}