admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 18:53:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-12-14 08:00:32 +00:00
parent 5530fbbb03
commit 8f1fe83ade
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 474 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
2023/1xxx/CVE-2023-1904.json
View File

@ -1,17 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-1904",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@octopus.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OpenID client secret logged in plain text during configuration"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2022.2.7897",
"version_value": "unspecified"
},
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2023.1.11942"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://advisories.octopus.com/post/2023/sa2023-12/",
"refsource": "MISC",
"name": "https://advisories.octopus.com/post/2023/sa2023-12/"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
]
}

104
2023/25xxx/CVE-2023-25642.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25642",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nThere is a buffer overflow vulnerability in some ZTE\u00a0mobile internet\u00a0producsts. Due to insufficient validation of tcp port parameter,\u00a0an authenticated attacker could use the vulnerability to perform a denial of service attack.\u00a0\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
"cweId": "CWE-120"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "MC801A",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "MC801A_Elisa3_B19",
"version_value": "B19"
}
]
}
},
{
"product_name": "MC801A1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "MC801A1_Elisa1_B04",
"version_value": "B04"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504",
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">MC801A_Elisa3_B22,&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">MC801A1_Elisa1_B06</span>\n\n</span><br>"
}
],
"value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
]
}

104
2023/25xxx/CVE-2023-25643.json
View File

@ -1,17 +1,113 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25643",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u00a0products. Due to insufficient input\u00a0validation of\u00a0multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
"cweId": "CWE-77"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "MC801A",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "MC801A_Elisa3_B19",
"version_value": "B19"
}
]
}
},
{
"product_name": "MC801A1",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "MC801A1_Elisa1_B04",
"version_value": "B04"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504",
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">MC801A_Elisa3_B22,&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">MC801A1_Elisa1_B06</span>\n\n</span><br>"
}
],
"value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

97
2023/25xxx/CVE-2023-25651.json
View File

@ -1,17 +1,106 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-25651",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@zte.com.cn",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nThere is a SQL injection vulnerability in some ZTE mobile internet\u00a0products.\u00a0Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ZTE",
"product": {
"product_data": [
{
"product_name": "Mobile Internet Products",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "BD_MF833U1V1.0.0B01",
"version_value": "V1.0.0B01"
},
{
"version_affected": "<=",
"version_name": "CR_LVWRGBMF286RV1.0.0B04",
"version_value": "V1.0.0B04"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684",
"refsource": "MISC",
"name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">BD_MF833U1V1.0.0B02,&nbsp;\n\n<span style=\"background-color: rgb(255, 255, 255);\">CR_LVWRGBMF286RV1.0.1B01</span>\n\n</span><br>"
}
],
"value": "\nBD_MF833U1V1.0.0B02,\u00a0\n\nCR_LVWRGBMF286RV1.0.1B01\n\n\n"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
]
}

86
2023/2xxx/CVE-2023-2247.json
View File

@ -1,47 +1,19 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2247",
"ASSIGNER": "security@octopus.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_value": "2018.3.0",
"version_affected": ">="
},
{
"version_value": "2022.3.10929",
"version_affected": ">="
},
{
"version_value": "2022.4.791",
"version_affected": ">="
},
{
"version_value": "2022.4.8319",
"version_affected": "<"
}
]
}
}
]
}
}
]
}
"description": {
"description_data": [
{
"lang": "eng",
"value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
@ -55,6 +27,36 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Octopus Deploy",
"product": {
"product_data": [
{
"product_name": "Octopus Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2018.3.0",
"version_value": "unspecified"
},
{
"version_affected": "<",
"version_name": "unspecified",
"version_value": "2022.3.10929"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
@ -64,12 +66,10 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function"
}
]
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
}
}

5
2023/40xxx/CVE-2023-40997.json
View File

@ -56,6 +56,11 @@
"url": "https://jira.o-ran-sc.org/browse/RIC-991",
"refsource": "MISC",
"name": "https://jira.o-ran-sc.org/browse/RIC-991"
},
{
"refsource": "MISC",
"name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html",
"url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html"
}
]
}

5
2023/40xxx/CVE-2023-40998.json
View File

@ -56,6 +56,11 @@
"url": "https://jira.o-ran-sc.org/browse/RIC-989",
"refsource": "MISC",
"name": "https://jira.o-ran-sc.org/browse/RIC-989"
},
{
"refsource": "MISC",
"name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html",
"url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html"
}
]
}

5
2023/41xxx/CVE-2023-41627.json
View File

@ -56,6 +56,11 @@
"url": "https://jira.o-ran-sc.org/browse/RIC-1001",
"refsource": "MISC",
"name": "https://jira.o-ran-sc.org/browse/RIC-1001"
},
{
"refsource": "MISC",
"name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html",
"url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html"
}
]
}

5
2023/46xxx/CVE-2023-46380.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46381.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46382.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html",
"url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46383.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46384.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46385.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html",
"url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46386.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46387.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46388.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}

5
2023/46xxx/CVE-2023-46389.json
View File

@ -61,6 +61,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html",
"url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html"
},
{
"refsource": "MISC",
"name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/",
"url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/"
}
]
}