From 8f1fe83ade36829371dfa3e66f62c8d1aef0333b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 14 Dec 2023 08:00:32 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/1xxx/CVE-2023-1904.json | 77 ++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25642.json | 104 +++++++++++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25643.json | 104 +++++++++++++++++++++++++++++++-- 2023/25xxx/CVE-2023-25651.json | 97 ++++++++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2247.json | 86 +++++++++++++-------------- 2023/40xxx/CVE-2023-40997.json | 5 ++ 2023/40xxx/CVE-2023-40998.json | 5 ++ 2023/41xxx/CVE-2023-41627.json | 5 ++ 2023/46xxx/CVE-2023-46380.json | 5 ++ 2023/46xxx/CVE-2023-46381.json | 5 ++ 2023/46xxx/CVE-2023-46382.json | 5 ++ 2023/46xxx/CVE-2023-46383.json | 5 ++ 2023/46xxx/CVE-2023-46384.json | 5 ++ 2023/46xxx/CVE-2023-46385.json | 5 ++ 2023/46xxx/CVE-2023-46386.json | 5 ++ 2023/46xxx/CVE-2023-46387.json | 5 ++ 2023/46xxx/CVE-2023-46388.json | 5 ++ 2023/46xxx/CVE-2023-46389.json | 5 ++ 18 files changed, 474 insertions(+), 59 deletions(-) diff --git a/2023/1xxx/CVE-2023-1904.json b/2023/1xxx/CVE-2023-1904.json index 3d983f097fc..dbe5e1ac85d 100644 --- a/2023/1xxx/CVE-2023-1904.json +++ b/2023/1xxx/CVE-2023-1904.json @@ -1,17 +1,86 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1904", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@octopus.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In affected versions of Octopus Server it is possible for the OpenID client secret to be logged in clear text during the configuration of Octopus Server.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OpenID client secret logged in plain text during configuration" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2022.2.7897", + "version_value": "unspecified" + }, + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2023.1.11942" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://advisories.octopus.com/post/2023/sa2023-12/", + "refsource": "MISC", + "name": "https://advisories.octopus.com/post/2023/sa2023-12/" + } + ] + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25642.json b/2023/25xxx/CVE-2023-25642.json index 7c4602a5687..6f4e81a2739 100644 --- a/2023/25xxx/CVE-2023-25642.json +++ b/2023/25xxx/CVE-2023-25642.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25642", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThere is a buffer overflow vulnerability in some ZTE\u00a0mobile internet\u00a0producsts. Due to insufficient validation of tcp port parameter,\u00a0an authenticated attacker could use the vulnerability to perform a denial of service attack.\u00a0\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", + "cweId": "CWE-120" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "MC801A", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "MC801A_Elisa3_B19", + "version_value": "B19" + } + ] + } + }, + { + "product_name": "MC801A1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "MC801A1_Elisa1_B04", + "version_value": "B04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504", + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nMC801A_Elisa3_B22, \n\nMC801A1_Elisa1_B06\n\n
" + } + ], + "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25643.json b/2023/25xxx/CVE-2023-25643.json index 238de466f08..7c1860d61df 100644 --- a/2023/25xxx/CVE-2023-25643.json +++ b/2023/25xxx/CVE-2023-25643.json @@ -1,17 +1,113 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25643", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\n\n\nThere is a command injection vulnerability in some ZTE mobile internet\u00a0products. Due to insufficient input\u00a0validation of\u00a0multiple network parameters, an authenticated attacker could use the vulnerability to execute arbitrary commands.\n\n\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", + "cweId": "CWE-77" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "MC801A", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "MC801A_Elisa3_B19", + "version_value": "B19" + } + ] + } + }, + { + "product_name": "MC801A1", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "MC801A1_Elisa1_B04", + "version_value": "B04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504", + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032504" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nMC801A_Elisa3_B22, \n\nMC801A1_Elisa1_B06\n\n
" + } + ], + "value": "\nMC801A_Elisa3_B22,\u00a0\n\nMC801A1_Elisa1_B06\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/25xxx/CVE-2023-25651.json b/2023/25xxx/CVE-2023-25651.json index ddb93b3fdf3..a360f393853 100644 --- a/2023/25xxx/CVE-2023-25651.json +++ b/2023/25xxx/CVE-2023-25651.json @@ -1,17 +1,106 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-25651", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "psirt@zte.com.cn", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "\nThere is a SQL injection vulnerability in some ZTE mobile internet\u00a0products.\u00a0Due to insufficient input validation of SMS interface parameter, an authenticated attacker could use the vulnerability to execute SQL injection and cause information leak.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "ZTE", + "product": { + "product_data": [ + { + "product_name": "Mobile Internet Products", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "BD_MF833U1V1.0.0B01", + "version_value": "V1.0.0B01" + }, + { + "version_affected": "<=", + "version_name": "CR_LVWRGBMF286RV1.0.0B04", + "version_value": "V1.0.0B04" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684", + "refsource": "MISC", + "name": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1032684" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "\n\nBD_MF833U1V1.0.0B02, \n\nCR_LVWRGBMF286RV1.0.1B01\n\n
" + } + ], + "value": "\nBD_MF833U1V1.0.0B02,\u00a0\n\nCR_LVWRGBMF286RV1.0.1B01\n\n\n" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" } ] } diff --git a/2023/2xxx/CVE-2023-2247.json b/2023/2xxx/CVE-2023-2247.json index 3a5501c5060..3d2855f8f75 100644 --- a/2023/2xxx/CVE-2023-2247.json +++ b/2023/2xxx/CVE-2023-2247.json @@ -1,47 +1,19 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2247", "ASSIGNER": "security@octopus.com", "STATE": "PUBLIC" }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "Octopus Deploy", - "product": { - "product_data": [ - { - "product_name": "Octopus Server", - "version": { - "version_data": [ - { - "version_value": "2018.3.0", - "version_affected": ">=" - }, - { - "version_value": "2022.3.10929", - "version_affected": ">=" - }, - { - "version_value": "2022.4.791", - "version_affected": ">=" - }, - { - "version_value": "2022.4.8319", - "version_affected": "<" - } - ] - } - } - ] - } - } - ] - } + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function\n\n" + } + ] }, "problemtype": { "problemtype_data": [ @@ -55,6 +27,36 @@ } ] }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Octopus Deploy", + "product": { + "product_data": [ + { + "product_name": "Octopus Server", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "2018.3.0", + "version_value": "unspecified" + }, + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "2022.3.10929" + } + ] + } + } + ] + } + } + ] + } + }, "references": { "reference_data": [ { @@ -64,12 +66,10 @@ } ] }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function" - } - ] + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/40xxx/CVE-2023-40997.json b/2023/40xxx/CVE-2023-40997.json index 67d71521520..4f58f7f02ef 100644 --- a/2023/40xxx/CVE-2023-40997.json +++ b/2023/40xxx/CVE-2023-40997.json @@ -56,6 +56,11 @@ "url": "https://jira.o-ran-sc.org/browse/RIC-991", "refsource": "MISC", "name": "https://jira.o-ran-sc.org/browse/RIC-991" + }, + { + "refsource": "MISC", + "name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html" } ] } diff --git a/2023/40xxx/CVE-2023-40998.json b/2023/40xxx/CVE-2023-40998.json index ffde66c773e..0deb51527f0 100644 --- a/2023/40xxx/CVE-2023-40998.json +++ b/2023/40xxx/CVE-2023-40998.json @@ -56,6 +56,11 @@ "url": "https://jira.o-ran-sc.org/browse/RIC-989", "refsource": "MISC", "name": "https://jira.o-ran-sc.org/browse/RIC-989" + }, + { + "refsource": "MISC", + "name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html" } ] } diff --git a/2023/41xxx/CVE-2023-41627.json b/2023/41xxx/CVE-2023-41627.json index c463892f159..e39889880b7 100644 --- a/2023/41xxx/CVE-2023-41627.json +++ b/2023/41xxx/CVE-2023-41627.json @@ -56,6 +56,11 @@ "url": "https://jira.o-ran-sc.org/browse/RIC-1001", "refsource": "MISC", "name": "https://jira.o-ran-sc.org/browse/RIC-1001" + }, + { + "refsource": "MISC", + "name": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html", + "url": "https://www.trendmicro.com/en_us/research/23/l/the-current-state-of-open-ran-security.html" } ] } diff --git a/2023/46xxx/CVE-2023-46380.json b/2023/46xxx/CVE-2023-46380.json index 80153f0ae89..05b94f7d024 100644 --- a/2023/46xxx/CVE-2023-46380.json +++ b/2023/46xxx/CVE-2023-46380.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html", "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46381.json b/2023/46xxx/CVE-2023-46381.json index 8014714f98d..53624f51ebd 100644 --- a/2023/46xxx/CVE-2023-46381.json +++ b/2023/46xxx/CVE-2023-46381.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html", "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46382.json b/2023/46xxx/CVE-2023-46382.json index ec353e979ce..c27cee7de0b 100644 --- a/2023/46xxx/CVE-2023-46382.json +++ b/2023/46xxx/CVE-2023-46382.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html", "url": "http://packetstormsecurity.com/files/175646/LOYTEC-Electronics-Insecure-Transit-Insecure-Permissions-Unauthenticated-Access.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46383.json b/2023/46xxx/CVE-2023-46383.json index c91ddc760c6..64e61770ba3 100644 --- a/2023/46xxx/CVE-2023-46383.json +++ b/2023/46xxx/CVE-2023-46383.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46384.json b/2023/46xxx/CVE-2023-46384.json index deadd12d599..e9320f1d551 100644 --- a/2023/46xxx/CVE-2023-46384.json +++ b/2023/46xxx/CVE-2023-46384.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46385.json b/2023/46xxx/CVE-2023-46385.json index 41e2092c2dd..a68b1e615e6 100644 --- a/2023/46xxx/CVE-2023-46385.json +++ b/2023/46xxx/CVE-2023-46385.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html", "url": "https://packetstormsecurity.com/files/175951/Loytec-LINX-Configurator-7.4.10-Insecure-Transit-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46386.json b/2023/46xxx/CVE-2023-46386.json index 5bcbfe0baf2..3380a2c80a1 100644 --- a/2023/46xxx/CVE-2023-46386.json +++ b/2023/46xxx/CVE-2023-46386.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46387.json b/2023/46xxx/CVE-2023-46387.json index 61116ecfd79..9a7e6507062 100644 --- a/2023/46xxx/CVE-2023-46387.json +++ b/2023/46xxx/CVE-2023-46387.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46388.json b/2023/46xxx/CVE-2023-46388.json index 358dda8f844..6421cb6f148 100644 --- a/2023/46xxx/CVE-2023-46388.json +++ b/2023/46xxx/CVE-2023-46388.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] } diff --git a/2023/46xxx/CVE-2023-46389.json b/2023/46xxx/CVE-2023-46389.json index 02fbbac163a..20156e71594 100644 --- a/2023/46xxx/CVE-2023-46389.json +++ b/2023/46xxx/CVE-2023-46389.json @@ -61,6 +61,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html", "url": "http://packetstormsecurity.com/files/175952/Loytec-L-INX-Automation-Servers-Information-Disclosure-Cleartext-Secrets.html" + }, + { + "refsource": "MISC", + "name": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/", + "url": "https://www.txone.com/blog/ten-unpatched-vulnerabilities-in-building-automation-products-identified-by-txone-networks/" } ] }