admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-12 16:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-01-20 22:00:40 +00:00
parent 2550d4c06b
commit afc0110aa6
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
11 changed files with 515 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
2022/46xxx/CVE-2022-46732.json
View File

@ -21,8 +21,7 @@
"description": [
{
"lang": "eng",
"value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"cweId": "CWE-288"
"value": "CWE-288"
}
]
}
@ -32,7 +31,7 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "GE Digital ",
"vendor_name": "GE Digital",
"product": {
"product_data": [
{
@ -67,46 +66,11 @@
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2022-46732"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nGE Digital released <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.ge.com/digital/applications/proficy-historian\">Proficy Historian 2023</a>&nbsp;<span style=\"background-color: var(--wht);\">to mitigate these vulnerabilities. &nbsp;SIMs have also been released for all affected versions.</span><p>Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting <a target=\"_blank\" rel=\"nofollow\" href=\"https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01\">this notification document from GE Digital</a><span style=\"background-color: var(--wht);\">.&nbsp;&nbsp;</span></p>"
}
],
"value": "GE Digital released Proficy Historian 2023 https://www.ge.com/digital/applications/proficy-historian \u00a0to mitigate these vulnerabilities. \u00a0SIMs have also been released for all affected versions.Users can find out more about the vulnerabilities, how to obtain, and install the updates by visiting this notification document from GE Digital https://digitalsupport.ge.com/s/article/GE-Digital-Product-Security-Advisory-GED-23-01 .\u00a0\u00a0\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Uri Katz of Claroty Research reported these vulnerabilities to GE.\u00a0"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
"discovery": "UNKNOWN"
}
}

135
2023/0xxx/CVE-2023-0052.json
View File

@ -1,17 +1,144 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-0052",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAUTER Controls Nova 200\u2013220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-306 Missing Authentication for Critical Function",
"cweId": "CWE-306"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAUTER Controls",
"product": {
"product_data": [
{
"product_name": "Nova 220 (EYK220F001) DDC with BACnet connection",
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
}
]
}
},
{
"product_name": "Nova 230 (EYK230F001) DDC with BACnet connection",
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
}
]
}
},
{
"product_name": "Nova 106 (EYK300F001) BACnet communication card",
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
}
]
}
},
{
"product_name": "moduNet300 (EY-AM300F001, EY-AM300F002)",
"version": {
"version_data": [
{
"version_value": "Firmware all versions",
"version_affected": "="
},
{
"version_value": "BACnetstac all versions",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05",
"refsource": "MISC",
"name": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-05"
}
]
},
"generator": {
"engine": "VINCE 2.0.5",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-0052"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Jairo Alonso Ortiz, Aar\u00f3n Flecha Men\u00e9ndez and I\u00f1aki L\u00e1zaro Ayanz of S21Sec"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

106
2023/22xxx/CVE-2023-22726.json
View File

@ -1,17 +1,115 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security-advisories@github.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"cweId": "CWE-434"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "nektos",
"product": {
"product_data": [
{
"product_name": "act",
"version": {
"version_data": [
{
"version_value": "< 0.2.40",
"version_affected": "="
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/nektos/act/security/advisories/GHSA-pc99-qmg4-rcff",
"refsource": "MISC",
"name": "https://github.com/nektos/act/security/advisories/GHSA-pc99-qmg4-rcff"
},
{
"url": "https://github.com/nektos/act/issues/1553",
"refsource": "MISC",
"name": "https://github.com/nektos/act/issues/1553"
},
{
"url": "https://github.com/nektos/act/commit/63ae215071f94569d910964bdee866d91d6e3a10",
"refsource": "MISC",
"name": "https://github.com/nektos/act/commit/63ae215071f94569d910964bdee866d91d6e3a10"
},
{
"url": "https://github.com/nektos/act/blob/master/pkg/artifacts/server.go#L65",
"refsource": "MISC",
"name": "https://github.com/nektos/act/blob/master/pkg/artifacts/server.go#L65"
},
{
"url": "https://github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#L245",
"refsource": "MISC",
"name": "https://github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#L245"
},
{
"url": "https://github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#LL103C2-L103C2",
"refsource": "MISC",
"name": "https://github.com/nektos/act/blob/v0.2.35/pkg/artifacts/server.go#LL103C2-L103C2"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-004_act/",
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2023-004_act/"
}
]
},
"source": {
"advisory": "GHSA-pc99-qmg4-rcff",
"discovery": "UNKNOWN"
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

62
2023/24xxx/CVE-2023-24026.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-24026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/a46f794a136001101cbec84fccf3cc824e983493",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/a46f794a136001101cbec84fccf3cc824e983493"
}
]
}
}

62
2023/24xxx/CVE-2023-24027.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-24027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/72c5424034c378583d128fc1e769aae33fb1c8b9"
}
]
}
}

62
2023/24xxx/CVE-2023-24028.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2023-24028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/MISP/MISP/commit/93bf15d3bd703a32ebfe86cb6c1c9b735cf23e30",
"refsource": "MISC",
"name": "https://github.com/MISP/MISP/commit/93bf15d3bd703a32ebfe86cb6c1c9b735cf23e30"
}
]
}
}

18
2023/24xxx/CVE-2023-24029.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24029",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24030.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24030",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24031.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24031",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24032.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24032",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2023/24xxx/CVE-2023-24033.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-24033",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}