admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-05-10 22:00:36 +00:00
parent 86f6c8a41d
commit b0e46634d9
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
6 changed files with 161 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2022/29xxx/CVE-2022-29841.json
View File

@ -1,17 +1,107 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-29841",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "psirt@wdc.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability\u00a0that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell\u00a0in Western Digital My Cloud OS 5 devices.This issue affects My Cloud OS 5: before 5.26.119.\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
"cweId": "CWE-78"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Western Digital",
"product": {
"product_data": [
{
"product_name": "My Cloud OS 5",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "5.26.119"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119",
"refsource": "MISC",
"name": "https://www.westerndigital.com/support/product-security/wdc-23002-my-cloud-firmware-version-5-26-119"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.</span><br>"
}
],
"value": "Western Digital recommends that users promptly update their devices to the latest firmware by clicking on the firmware update notification.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Claroty Research, Team82 - Vera Mens, Noam Moshe, Uri Katz and Sharon Brizinov working with Trend Micro\u2019s Zero Day Initiative "
}
],
"impact": {
"cvss": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

6
2022/29xxx/CVE-2022-29842.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: through 5.26.119.\n\n"
"value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.\n\n"
}
]
},
@ -40,9 +40,9 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": " 5.26.119"
"version_value": "5.26.119"
}
]
}

2
2022/36xxx/CVE-2022-36329.json
View File

@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": "9.4.0-191"
}

15
2022/36xxx/CVE-2022-36330.json
View File

@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": " 9.4.0-191"
}
@ -87,6 +87,19 @@
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\n\n\n\n\n\n\n\n<p>For My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.</p>"
}
],
"value": "\n\n\n\n\n\n\n\n\nFor My Cloud Home, My Cloud Home Duo and SanDisk ibi\ndevices will be automatically updated to reflect the latest\nfirmware version.\n\n"
}
],
"impact": {
"cvss": [
{

80
2023/22xxx/CVE-2023-22813.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A device API endpoint was missing access controls on\u00a0Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App.\u00a0Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.\n\n"
"value": "\n\n\n\n\n\n\n\n\n\nA device API\nendpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy\nand missing authentication requirement for private IPs, a remote attacker on\nthe same network as the device could obtain device information by convincing a\nvictim user to visit an attacker-controlled server and issue a cross-site\nrequest.\n\n\n\nThis issue affects\nMy Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; My\nCloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126;\nibi Web App: before 4.26.0-6126.\n\n"
}
]
},
@ -40,7 +40,7 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": "4.21.0"
}
@ -52,19 +52,7 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.21.0"
}
]
}
},
{
"product_name": "WD Cloud Mobile App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": "4.21.0"
}
@ -76,7 +64,7 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": " 4.26.0-6126"
}
@ -88,43 +76,12 @@
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": " 4.26.0-6126"
}
]
}
},
{
"product_name": "WD Web App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": " 4.26.0-6126"
}
]
}
}
]
}
},
{
"vendor_name": "SanDIsk",
"product": {
"product_data": [
{
"product_name": "ibi Mobile App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "0",
"version_value": "4.21.0"
}
]
}
}
]
}
@ -133,12 +90,24 @@
"vendor_name": "SanDisk",
"product": {
"product_data": [
{
"product_name": "ibi Mobile App",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "4.21.0"
}
]
}
},
{
"product_name": "ibi Web App",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_affected": "<",
"version_name": "0",
"version_value": " 4.26.0-6126"
}
@ -166,6 +135,19 @@
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "<div><div><div><div><div><p>Western Digital recommends that users of the mobile apps should promptly update the apps to reflect the latest changes. The web apps have automatically been updated.</p></div></div></div></div></div><div><div><div><div><div><div></div></div></div></div></div></div>"
}
],
"value": "Western Digital recommends that users of the mobile apps should promptly update the apps to reflect the latest changes. The web apps have automatically been updated.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n"
}
],
"impact": {
"cvss": [
{

18
2023/2xxx/CVE-2023-2640.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-2640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}