diff --git a/2023/41xxx/CVE-2023-41344.json b/2023/41xxx/CVE-2023-41344.json index b9eede364e9..cc22b14d7d6 100644 --- a/2023/41xxx/CVE-2023-41344.json +++ b/2023/41xxx/CVE-2023-41344.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41344", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "NCSIST ManageEngine", + "product": { + "product_data": [ + { + "product_name": "MDM", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "V1.4 2021/09/14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7507-55b28-1.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TVN-202311013", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to the latest version." + } + ], + "value": "Update to the latest version." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41356.json b/2023/41xxx/CVE-2023-41356.json index 04bda05f04e..2ac351426f0 100644 --- a/2023/41xxx/CVE-2023-41356.json +++ b/2023/41xxx/CVE-2023-41356.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41356", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-639 Authorization Bypass Through User-Controlled Key", + "cweId": "CWE-639" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "WisdomGarden", + "product": { + "product_data": [ + { + "product_name": "Tronclass ilearn", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "V1.4 2021/09/14" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7506-b4e29-1.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TVN-202311012", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Update to the latest version." + } + ], + "value": "Update to the latest version." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" } ] } diff --git a/2023/41xxx/CVE-2023-41357.json b/2023/41xxx/CVE-2023-41357.json index a71658a4056..eae00c6fb59 100644 --- a/2023/41xxx/CVE-2023-41357.json +++ b/2023/41xxx/CVE-2023-41357.json @@ -1,17 +1,101 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-41357", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cve@cert.org.tw", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-434 Unrestricted Upload of File with Dangerous Type", + "cweId": "CWE-434" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Galaxy Software Services", + "product": { + "product_data": [ + { + "product_name": "Vitals ESP ", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "6.1 and prior" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html", + "refsource": "MISC", + "name": "https://www.twcert.org.tw/tw/cp-132-7508-6d1ef-1.html" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "advisory": "TVN-202311014", + "discovery": "EXTERNAL" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Contact Galaxy Software Services Corporation for update version." + } + ], + "value": "Contact\u00a0Galaxy Software Services Corporation for update version." + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5763.json b/2023/5xxx/CVE-2023-5763.json index 1439a079594..7d7ce27975a 100644 --- a/2023/5xxx/CVE-2023-5763.json +++ b/2023/5xxx/CVE-2023-5763.json @@ -1,17 +1,126 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-5763", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@eclipse.org", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-913 Improper Control of Dynamically-Managed Code Resources", + "cweId": "CWE-913" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation", + "cweId": "CWE-20" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Eclipse Foundation", + "product": { + "product_data": [ + { + "product_name": "Glassfish", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "6.0.0", + "version_value": "6.2.5" + }, + { + "version_affected": "<=", + "version_name": "5.0", + "version_value": "5.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server", + "refsource": "MISC", + "name": "https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server" + }, + { + "url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14", + "refsource": "MISC", + "name": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/14" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.1.0-dev" + }, + "source": { + "discovery": "UNKNOWN" + }, + "configuration": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Running with older versions of the JDK (lower than 6u211, or < 7u201, or < 8u191)
" + } + ], + "value": "Running with older versions of the JDK (lower than 6u211, or < 7u201, or < 8u191)\n" + } + ], + "credits": [ + { + "lang": "en", + "value": "tr1ple kurosel (AntGroup FG)" + } + ], + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", + "version": "3.1" } ] } diff --git a/2023/5xxx/CVE-2023-5948.json b/2023/5xxx/CVE-2023-5948.json new file mode 100644 index 00000000000..5fc7eceb312 --- /dev/null +++ b/2023/5xxx/CVE-2023-5948.json @@ -0,0 +1,92 @@ +{ + "data_version": "4.0", + "data_type": "CVE", + "data_format": "MITRE", + "CVE_data_meta": { + "ID": "CVE-2023-5948", + "ASSIGNER": "security@huntr.dev", + "STATE": "PUBLIC" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization", + "cweId": "CWE-285" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "teamamaze", + "product": { + "product_data": [ + { + "product_name": "teamamaze/amazefileutilities", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "unspecified", + "version_value": "1.91" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692", + "refsource": "MISC", + "name": "https://huntr.com/bounties/ac1363b5-207b-40d9-aac5-e66d6213f692" + }, + { + "url": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7", + "refsource": "MISC", + "name": "https://github.com/teamamaze/amazefileutilities/commit/62d02204d452603ab85c50d43c7c680e4256c7d7" + } + ] + }, + "source": { + "advisory": "ac1363b5-207b-40d9-aac5-e66d6213f692", + "discovery": "EXTERNAL" + }, + "impact": { + "cvss": [ + { + "version": "3.0", + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + ] + } +} \ No newline at end of file