From a6d2e9ccee90ca0956c3320cc9fdf5f52270445f Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 10 Feb 2023 18:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/28xxx/CVE-2020-28871.json | 5 +++ 2022/46xxx/CVE-2022-46649.json | 60 ++++++++++++++++++++++++++++++++-- 2022/46xxx/CVE-2022-46650.json | 60 ++++++++++++++++++++++++++++++++-- 2023/21xxx/CVE-2023-21748.json | 10 ++++++ 2023/21xxx/CVE-2023-21749.json | 5 +++ 2023/21xxx/CVE-2023-21750.json | 5 +++ 2023/21xxx/CVE-2023-21772.json | 5 +++ 2023/21xxx/CVE-2023-21773.json | 5 +++ 2023/21xxx/CVE-2023-21774.json | 5 +++ 2023/21xxx/CVE-2023-21776.json | 5 +++ 2023/23xxx/CVE-2023-23489.json | 2 +- 2023/25xxx/CVE-2023-25677.json | 18 ++++++++++ 2023/25xxx/CVE-2023-25678.json | 18 ++++++++++ 13 files changed, 196 insertions(+), 7 deletions(-) create mode 100644 2023/25xxx/CVE-2023-25677.json create mode 100644 2023/25xxx/CVE-2023-25678.json diff --git a/2020/28xxx/CVE-2020-28871.json b/2020/28xxx/CVE-2020-28871.json index d443330db79..9d78fb6a3bb 100644 --- a/2020/28xxx/CVE-2020-28871.json +++ b/2020/28xxx/CVE-2020-28871.json @@ -66,6 +66,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html", "url": "http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html", + "url": "http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html" } ] } diff --git a/2022/46xxx/CVE-2022-46649.json b/2022/46xxx/CVE-2022-46649.json index 35e706ac97d..51bb88f1c92 100644 --- a/2022/46xxx/CVE-2022-46649.json +++ b/2022/46xxx/CVE-2022-46649.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46649", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@sierrawireless.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ALEOS", + "version": { + "version_data": [ + { + "version_value": "all versions before 4.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 - Improper Neutralization of Special Elements used in an OS Command" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/", + "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/" + }, + { + "refsource": "MISC", + "name": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/", + "url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device." } ] } diff --git a/2022/46xxx/CVE-2022-46650.json b/2022/46xxx/CVE-2022-46650.json index 47273f7bdb7..650d610e3f3 100644 --- a/2022/46xxx/CVE-2022-46650.json +++ b/2022/46xxx/CVE-2022-46650.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-46650", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@sierrawireless.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "ALEOS", + "version": { + "version_data": [ + { + "version_value": "all versions before 4.16" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/", + "url": "https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2023-001/" + }, + { + "refsource": "MISC", + "name": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/", + "url": "https://www.otorio.com/blog/airlink-acemanager-vulnerabilities/" + }, + { + "refsource": "MISC", + "name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04", + "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-026-04" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page." } ] } diff --git a/2023/21xxx/CVE-2023-21748.json b/2023/21xxx/CVE-2023-21748.json index 44edc932cce..185c734f1c1 100644 --- a/2023/21xxx/CVE-2023-21748.json +++ b/2023/21xxx/CVE-2023-21748.json @@ -302,6 +302,16 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21748", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21748" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170949/Windows-Kernel-Registry-Virtualization-Incompatibility.html", + "url": "http://packetstormsecurity.com/files/170949/Windows-Kernel-Registry-Virtualization-Incompatibility.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html", + "url": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21749.json b/2023/21xxx/CVE-2023-21749.json index e4c16fb70b7..08fcb3e8e12 100644 --- a/2023/21xxx/CVE-2023-21749.json +++ b/2023/21xxx/CVE-2023-21749.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21749", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21749" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170947/Windows-Kernsl-SID-Table-Poisoning.html", + "url": "http://packetstormsecurity.com/files/170947/Windows-Kernsl-SID-Table-Poisoning.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21750.json b/2023/21xxx/CVE-2023-21750.json index d6f2449e4f6..da1ad22b7d0 100644 --- a/2023/21xxx/CVE-2023-21750.json +++ b/2023/21xxx/CVE-2023-21750.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21750", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21750" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170948/Windows-Kernel-Virtualizable-Hive-Key-Deletion.html", + "url": "http://packetstormsecurity.com/files/170948/Windows-Kernel-Virtualizable-Hive-Key-Deletion.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21772.json b/2023/21xxx/CVE-2023-21772.json index 90a9517f7f7..a22d2c247f5 100644 --- a/2023/21xxx/CVE-2023-21772.json +++ b/2023/21xxx/CVE-2023-21772.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21772", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21772" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html", + "url": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21773.json b/2023/21xxx/CVE-2023-21773.json index 6fc03dde657..74ce3ca7f43 100644 --- a/2023/21xxx/CVE-2023-21773.json +++ b/2023/21xxx/CVE-2023-21773.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21773", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21773" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html", + "url": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21774.json b/2023/21xxx/CVE-2023-21774.json index 45ce061cec9..1396412b0bf 100644 --- a/2023/21xxx/CVE-2023-21774.json +++ b/2023/21xxx/CVE-2023-21774.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21774", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21774" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html", + "url": "http://packetstormsecurity.com/files/170946/Windows-Kernel-Key-Replication-Issues.html" } ] }, diff --git a/2023/21xxx/CVE-2023-21776.json b/2023/21xxx/CVE-2023-21776.json index bde4e47f948..45ba377de93 100644 --- a/2023/21xxx/CVE-2023-21776.json +++ b/2023/21xxx/CVE-2023-21776.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21776", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21776" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170947/Windows-Kernsl-SID-Table-Poisoning.html", + "url": "http://packetstormsecurity.com/files/170947/Windows-Kernsl-SID-Table-Poisoning.html" } ] }, diff --git a/2023/23xxx/CVE-2023-23489.json b/2023/23xxx/CVE-2023-23489.json index 37da5aba3fc..256f4a088d3 100644 --- a/2023/23xxx/CVE-2023-23489.json +++ b/2023/23xxx/CVE-2023-23489.json @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action." + "value": "The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action." } ] } diff --git a/2023/25xxx/CVE-2023-25677.json b/2023/25xxx/CVE-2023-25677.json new file mode 100644 index 00000000000..f21cda7ecee --- /dev/null +++ b/2023/25xxx/CVE-2023-25677.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-25677", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/25xxx/CVE-2023-25678.json b/2023/25xxx/CVE-2023-25678.json new file mode 100644 index 00000000000..55bb39ddada --- /dev/null +++ b/2023/25xxx/CVE-2023-25678.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-25678", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file