admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-18 18:00:38 +00:00
parent 81c092f43a
commit 9e7ebc554d
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
15 changed files with 622 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
2022/29xxx/CVE-2022-29840.json
View File

@ -56,9 +56,9 @@
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security",
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security"
"name": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
]
},

134
2022/36xxx/CVE-2022-36326.json
View File

@ -1,17 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36326",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@wdc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption",
"cweId": "CWE-400"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Western Digital",
"product": {
"product_data": [
{
"product_name": "My Cloud Home and My Cloud Home Duo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": " 9.4.0-191"
}
]
}
},
{
"product_name": "My Cloud OS 5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.26.202"
}
]
}
}
]
}
},
{
"vendor_name": "SanDisk",
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": " 9.4.0-191"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">For My Cloud Home, My Cloud Home Duo and SanDisk ibi devices&nbsp;</span>will be automatically updated to reflect the latest firmware version.<br><span style=\"background-color: rgb(255, 255, 255);\">For My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</span><br>"
}
],
"value": "For My Cloud Home, My Cloud Home Duo and SanDisk ibi devices\u00a0will be automatically updated to reflect the latest firmware version.\nFor My Cloud OS 5 devices, Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Sam Thomas (@_s_n_t) of Pentest Ltd (@pentestltd) working with Trend Micro\u2019s Zero Day Initiative"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

134
2022/36xxx/CVE-2022-36327.json
View File

@ -1,17 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36327",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@wdc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Western Digital",
"product": {
"product_data": [
{
"product_name": "My Cloud Home and My Cloud Home Duo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": " 9.4.0-191"
}
]
}
},
{
"product_name": "My Cloud OS 5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.26.202"
}
]
}
}
]
}
},
{
"vendor_name": "SanDisk",
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": " 9.4.0-191"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n<p>For My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.</p>\n\n<p>For My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.</p>"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nFor My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.\n\n\n\nFor My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro\u2019s Zero Day Initiative "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
]
}

134
2022/36xxx/CVE-2022-36328.json
View File

@ -1,17 +1,143 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-36328",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@wdc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered\u00a0in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Western Digital",
"product": {
"product_data": [
{
"product_name": "My Cloud Home and My Cloud Home Duo",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.4.0-191"
}
]
}
},
{
"product_name": "My Cloud OS 5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.26.202"
}
]
}
}
]
}
},
{
"vendor_name": "SanDisk",
"product": {
"product_data": [
{
"product_name": "ibi",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "9.4.0-191"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23003-western-digital-my-cloud-home-my-cloud-home-duo-and-sandisk-ibi-firmware-version-9-4-0-191"
},
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23006-my-cloud-firmware-version-5-26-202"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n\n<p>For My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.</p>\n\n<p>For My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.</p>"
}
],
"value": "\n\n\n\n\n\n\n\n\n\nFor My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.\n\n\n\nFor My Cloud OS 5 devices, Western Digital recommends\nthat users promptly update their devices to the latest firmware by clicking on\nthe firmware update notification.\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro\u2019s Zero Day Initiative "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
]
}

56
2023/31xxx/CVE-2023-31597.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31597",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-31597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://zammad.com/de/advisories/zaa-2023-03",
"refsource": "MISC",
"name": "https://zammad.com/de/advisories/zaa-2023-03"
}
]
}

18
2023/33xxx/CVE-2023-33224.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33224",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33225.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33225",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33226.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33226",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33227.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33227",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33228.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33228",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33229.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33229",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33230.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33230",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33231.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33231",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33232.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33232",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/33xxx/CVE-2023-33233.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-33233",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}