admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 03:27:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-09-19 11:00:37 +00:00
parent d3ed36854b
commit aa6ae49726
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
18 changed files with 488 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2023/21xxx/CVE-2023-21930.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21937.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21938.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21939.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21954.json
View File

@ -96,6 +96,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21967.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/21xxx/CVE-2023-21968.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/22xxx/CVE-2023-22006.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/22xxx/CVE-2023-22036.json
View File

@ -100,6 +100,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/22xxx/CVE-2023-22041.json
View File

@ -104,6 +104,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/22xxx/CVE-2023-22045.json
View File

@ -108,6 +108,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

5
2023/22xxx/CVE-2023-22049.json
View File

@ -108,6 +108,11 @@
"url": "https://www.debian.org/security/2023/dsa-5478",
"refsource": "MISC",
"name": "https://www.debian.org/security/2023/dsa-5478"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html",
"refsource": "MISC",
"name": "https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html"
}
]
},

120
2023/29xxx/CVE-2023-29245.json
View File

@ -1,17 +1,129 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-29245",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@nozominetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.\n\nMalicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nozomi Networks",
"product": {
"product_data": [
{
"product_name": "Guardian",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.6.0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
},
{
"product_name": "CMC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.6.0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.nozominetworks.com/NN-2023:11-01",
"refsource": "MISC",
"name": "https://security.nozominetworks.com/NN-2023:11-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div>Upgrade to v22.6.3, v23.1.0 or later.</div></div>"
}
],
"value": "Upgrade to v22.6.3, v23.1.0 or later.\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Nozomi Networks during an internal investigation."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

133
2023/2xxx/CVE-2023-2567.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@nozominetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
"cweId": "CWE-89"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nozomi Networks",
"product": {
"product_data": [
{
"product_name": "Guardian",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
},
{
"product_name": "CMC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.nozominetworks.com/NN-2023:9-01",
"refsource": "MISC",
"name": "https://security.nozominetworks.com/NN-2023:9-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div>Use internal firewall features to limit access to the web management interface.</div></div>"
}
],
"value": "Use internal firewall features to limit access to the web management interface.\n\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div>Upgrade to v22.6.3, v23.1.0 or later.</div></div>"
}
],
"value": "Upgrade to v22.6.3, v23.1.0 or later.\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Mostafa Soliman of IBM X-Force Red during a VAPT testing session commissioned by one of our customers."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
]
}

133
2023/32xxx/CVE-2023-32649.json
View File

@ -1,17 +1,142 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-32649",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "prodsec@nozominetworks.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation",
"cweId": "CWE-20"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Nozomi Networks",
"product": {
"product_data": [
{
"product_name": "Guardian",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.6.0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
},
{
"product_name": "CMC",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.6.0",
"version_value": "22.6.3"
},
{
"version_affected": "<",
"version_name": "23.0.0",
"version_value": "23.1.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.nozominetworks.com/NN-2023:10-01",
"refsource": "MISC",
"name": "https://security.nozominetworks.com/NN-2023:10-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div>N/A. It is recommended to monitor the IDS log to check for abnormal stops and restarts.</div></div>"
}
],
"value": "N/A. It is recommended to monitor the IDS log to check for abnormal stops and restarts.\n\n\n\n"
}
],
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div>Upgrade to v22.6.3, v23.1.0 or later.</div></div>"
}
],
"value": "Upgrade to v22.6.3, v23.1.0 or later.\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was found by Nozomi Networks during an internal investigation."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

18
2023/43xxx/CVE-2023-43503.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43504.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/43xxx/CVE-2023-43505.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-43505",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}