admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-02-15 19:00:37 +00:00
parent dcc8682964
commit b10c25f3ba
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
24 changed files with 1848 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
2022/38xxx/CVE-2022-38111.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-38111",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38111",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-38111"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

98
2022/47xxx/CVE-2022-47503.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-47503",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47503",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47503"
},
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/47xxx/CVE-2022-47504.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-47504",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47504",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47504"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1"
}
],
"source": {
"discovery": "EXTERNAL"
}
}

98
2022/47xxx/CVE-2022-47506.json
View File

@ -1,18 +1,104 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-47506",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47506",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47506"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/47xxx/CVE-2022-47507.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-47507",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47507",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47507"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

99
2022/47xxx/CVE-2022-47508.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2022-47508",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Disable NTLM: SAM 2022.4 "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Server & Application Monitor (SAM)",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Customers who had configured their polling to occur via Kerberos did not expect NTLM Traffic on their environment, but since we were querying for data via IP address this prevented us from utilizing Kerberos."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287 Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2022-47508"
},
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/sam/content/release_notes/sam_2023-1_release_notes.htm"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1"
}
],
"source": {
"discovery": "USER"
}
}

91
2023/23xxx/CVE-2023-23458.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23458",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Sunell DVR \u2013 Exposure of Sensitive Information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "Update to the latest version",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Sunell"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush, Dudu Moyal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0075"
],
"discovery": "UNKNOWN"
}
}

97
2023/23xxx/CVE-2023-23459.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23459",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Priority Windows \u2013 Command Execution via SQL Injection "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Priority for Windows",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "version 22.1 Web"
}
]
}
}
]
},
"vendor_name": "Priority"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gad Abuhatzeira- Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Priority Windows may allow Command Execution via SQL Injection using an unspecified method."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 22.1 Web"
}
],
"source": {
"defect": [
"ILVN-2023-0076"
],
"discovery": "UNKNOWN"
}
}

97
2023/23xxx/CVE-2023-23460.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23460",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Priority Web \u2013 Authentication bypass "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Priority Web",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "version 19.1.0.68",
"version_value": "version 22.1 Web"
}
]
}
}
]
},
"vendor_name": "Priority"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gad Abuhatzeira- Sophtix Security LTD"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Priority Web version 19.1.0.68, parameter manipulation on an unspecified end-point may allow authentication bypass."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass "
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 22.1 Web"
}
],
"source": {
"defect": [
"ILVN-2023-0077"
],
"discovery": "UNKNOWN"
}
}

81
2023/23xxx/CVE-2023-23461.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23461",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Libpeconv \u2013 access violation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Libpeconv",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "before commit b076013 (30/11/2022).",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Hasherezade (github)"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tomer Dricker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Libpeconv \u2013 access violation, before commit b076013 (30/11/2022)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "access violation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "update to latest version of Libpeconv"
}
],
"source": {
"defect": [
"ILVN-2023-0078"
],
"discovery": "UNKNOWN"
}
}

81
2023/23xxx/CVE-2023-23462.json
View File

@ -1,18 +1,87 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23462",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Libpeconv \u2013 integer overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Libpeconv",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "before commit b076013 (30/11/2022).",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Hasherezade (github)"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tomer Dricker"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Libpeconv \u2013 integer overflow, before commit 75b1565 (30/11/2022)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190 Integer Overflow or Wraparound"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "update to latest version of Libpeconv"
}
],
"source": {
"defect": [
"ILVN-2023-0079"
],
"discovery": "UNKNOWN"
}
}

91
2023/23xxx/CVE-2023-23463.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23463",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": " Sunell DVR \u2013 Insufficiently Protected Credentials"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DVR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Sunell "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dudu Moyal"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0080"
],
"discovery": "UNKNOWN"
}
}

91
2023/23xxx/CVE-2023-23464.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23464",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Media CP Media Control Panel \u2013 Information Disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Control Panel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Media CP "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Media CP Media Control Panel latest version. A Permissive Flash Cross-domain Policy may allow information disclosure."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0081"
],
"discovery": "UNKNOWN"
}
}

91
2023/23xxx/CVE-2023-23465.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23465",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Media CP Media Control Panel \u2013 CSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Control Panel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Media CP "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Media CP Media Control Panel latest version. CSRF possible through unspecified endpoint."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352 Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0082"
],
"discovery": "UNKNOWN"
}
}

91
2023/23xxx/CVE-2023-23466.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23466",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Media CP Media Control Panel \u2013 insufficiently protected credential change"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Control Panel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Media CP "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Media CP Media Control Panel latest version. Insufficiently protected credential change."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": " insufficiently protected credential change"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0083"
],
"discovery": "UNKNOWN"
}
}

91
2023/23xxx/CVE-2023-23467.json
View File

@ -1,18 +1,97 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-23467",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Media CP Media Control Panel \u2013 Reflected XSS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Control Panel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "all versions",
"version_value": "Update to the latest version"
}
]
}
}
]
},
"vendor_name": "Media CP "
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Moriel Harush"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Media CP Media Control Panel latest version. Reflected XSS possible through unspecified endpoint."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"source": {
"defect": [
"ILVN-2023-0084"
],
"discovery": "UNKNOWN"
}
}

99
2023/23xxx/CVE-2023-23836.json
View File

@ -1,18 +1,105 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "psirt@solarwinds.com",
"DATE_PUBLIC": "2023-02-15T00:00:00.000Z",
"ID": "CVE-2023-23836",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "SolarWinds Platform Deserialization of Untrusted Data Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SolarWinds Platform",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "2022.4.1 and prior versions",
"version_value": "2022.4.1"
}
]
}
}
]
},
"vendor_name": "SolarWinds"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "SolarWinds would like to thank Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative for reporting on the issue in a responsible manner."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands."
}
]
},
"generator": {
"engine": "vulnogram 0.1.0-rc1"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502 Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm",
"name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-1_release_notes.htm"
},
{
"refsource": "MISC",
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836",
"name": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-23836"
}
]
},
"solution": [
{
"lang": "eng",
"value": "All SolarWinds Platform customers are advised to upgrade to the latest version of the SolarWinds Platform version 2023.1."
}
],
"source": {
"discovery": "EXTERNAL"
}
}

62
2023/23xxx/CVE-2023-23847.json
View File

@ -1,17 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23847",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Synopsys",
"product": {
"product_data": [
{
"product_name": "Synopsys Jenkins Coverity Plugin",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site request forgery (CSRF) vulnerability in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"refsource": "CONFIRM"
},
{
"name": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(2)",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(2)",
"refsource": "CONFIRM"
}
]
}

62
2023/23xxx/CVE-2023-23848.json
View File

@ -1,17 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23848",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Synopsys",
"product": {
"product_data": [
{
"product_name": "Synopsys Jenkins Coverity Plugin",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"refsource": "CONFIRM"
},
{
"name": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(2)",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(2)",
"refsource": "CONFIRM"
}
]
}

62
2023/23xxx/CVE-2023-23850.json
View File

@ -1,17 +1,67 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-23850",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "disclosure@synopsys.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Synopsys",
"product": {
"product_data": [
{
"product_name": "Synopsys Jenkins Coverity Plugin",
"version": {
"version_data": [
{
"version_value": "3.0.2",
"version_affected": "<="
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(1)",
"url": "https://www.jenkins.io/security/advisory/2023-02-15/#SECURITY-2793%20(1)",
"refsource": "CONFIRM"
},
{
"name": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-Multiple-CVEs-affecting-Coverity-Jenkins-Plugin",
"refsource": "CONFIRM"
}
]
}

95
2023/24xxx/CVE-2023-24498.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-24498",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Netgear ProSAFE 24 Port 10/100 FS726TP - CWE-522: Insufficiently Protected Credentials."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ProSAFE 24 Port 10/100 FS726TP",
"version": {
"version_data": [
{
"version_value": "."
}
]
}
}
]
},
"vendor_name": "Netgear"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "MetaData"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-522 Insufficiently Protected Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The FS726TP switch is End of Life. Users should consider upgrading to a modern switch."
}
],
"source": {
"defect": [
"ILVN-2023-0085"
],
"discovery": "UNKNOWN"
}
}

95
2023/24xxx/CVE-2023-24499.json
View File

@ -1,18 +1,101 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2023-02-15T13:42:00.000Z",
"ID": "CVE-2023-24499",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Butterfly Button plugin may leave traces of its use on user's device"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Butterfly Button plugin",
"version": {
"version_data": [
{
"version_value": "."
}
]
}
}
]
},
"vendor_name": "Butterfly Button"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Erez Kalman"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Butterfly Button plugin may leave traces of its use on user's device. Since it is used for reporting domestic problems, this may lead to spouse knowing about its use."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Leaves usage trail on user's device"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Vendor improved the plugin to make sure it doesn't write data to device. Make sure your site uses the latest plugin."
}
],
"source": {
"defect": [
"ILVN-2023-0086"
],
"discovery": "UNKNOWN"
}
}

10
2023/25xxx/CVE-2023-25156.json
View File

@ -74,11 +74,6 @@
},
"references": {
"reference_data": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9",
"refsource": "CONFIRM",
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9"
},
{
"name": "https://huntr.dev/bounties/2b1a9be9-45e9-490b-8de0-26a492e79795/",
"refsource": "MISC",
@ -89,6 +84,11 @@
"refsource": "MISC",
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"
},
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9",
"refsource": "CONFIRM",
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7968-h4m4-ghm9"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/0ed213fa0ddb7a6dc77e3c3b99e8fc90ccdaf46f",
"refsource": "MISC",

12
2023/25xxx/CVE-2023-25171.json
View File

@ -75,9 +75,9 @@
"references": {
"reference_data": [
{
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf",
"refsource": "CONFIRM",
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/",
"refsource": "MISC",
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"
},
{
"name": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e",
@ -85,9 +85,9 @@
"url": "https://huntr.dev/bounties/3b712cb6-3fa3-4f71-8562-7a7016c6262e"
},
{
"name": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/",
"refsource": "MISC",
"url": "https://kiwitcms.org/blog/kiwi-tcms-team/2023/02/15/kiwi-tcms-120/"
"name": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf",
"refsource": "CONFIRM",
"url": "https://github.com/kiwitcms/Kiwi/security/advisories/GHSA-7j9h-3jxf-3vrf"
},
{
"name": "https://github.com/kiwitcms/Kiwi/commit/761305d04f5910ba14cc04d1255a8f1afdbb87f3",