"-Synchronized-Data."

This commit is contained in:
CVE Team 2024-01-18 18:00:35 +00:00
parent 431f4e4bbe
commit b794d5b5da
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
13 changed files with 360 additions and 28 deletions

View File

@ -70,6 +70,18 @@
]
}
},
{
"product_name": "Remote Desktop client for Windows Desktop",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "1.2.0.0",
"version_value": "1.2.2600"
}
]
}
},
{
"product_name": "Windows 10 Version 21H1",
"version": {

View File

@ -82,6 +82,17 @@
]
}
},
{
"product_name": "Remote Desktop client for Windows Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "N/A"
}
]
}
},
{
"product_name": "Windows 10 Version 21H1",
"version": {

View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.018"
"version_value": "15.00.1497.026"
}
]
}
@ -53,7 +53,7 @@
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2242.010"
"version_value": "15.01.2308.020"
}
]
}
@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0792.015"
"version_value": "15.02.0792.019"
}
]
}
@ -77,7 +77,7 @@
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2176.014"
"version_value": "15.01.2375.017"
}
]
}
@ -89,7 +89,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0858.012"
"version_value": "15.02.0986.014"
}
]
}

View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "15.00.0",
"version_value": "15.00.1497.018"
"version_value": "15.00.1497.026"
}
]
}
@ -53,7 +53,7 @@
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2242.010"
"version_value": "15.01.2308.020"
}
]
}
@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0792.015"
"version_value": "15.02.0792.019"
}
]
}
@ -77,7 +77,7 @@
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2176.014"
"version_value": "15.01.2375.017"
}
]
}
@ -89,7 +89,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0858.012"
"version_value": "15.02.0986.014"
}
]
}

View File

@ -41,7 +41,7 @@
{
"version_affected": "<",
"version_name": "15.01.0",
"version_value": "15.01.2242.010"
"version_value": "15.01.2308.020"
}
]
}
@ -53,7 +53,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0792.015"
"version_value": "15.02.0792.019"
}
]
}
@ -65,7 +65,7 @@
{
"version_affected": "<",
"version_name": "15.0.0",
"version_value": "15.01.2176.014"
"version_value": "15.01.2375.017"
}
]
}
@ -77,7 +77,7 @@
{
"version_affected": "<",
"version_name": "15.02.0",
"version_value": "15.02.0858.012"
"version_value": "15.02.0986.014"
}
]
}

View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-31274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-772 Missing Release of Resource after Effective Lifetime",
"cweId": "CWE-772"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Aveva",
"product": {
"product_data": [
{
"product_name": "PI Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2018 SP3 P05 "
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>All affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.</p><p>For an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.</p><p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.</p><p>AVEVA recommends the following defensive measures:</p><ul><li>Set the PI Message Subsystem to auto restart.</li><li>Monitor the memory usage of the PI Message Subsystem.</li><li>Limit network access to port 5450 to trusted workstations and software</li><li>Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.</li></ul><p>For more information on this vulnerability, including security updates, users should see security bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf\">AVEVA-2024-001</a>.</p>\n\n<br>"
}
],
"value": "\nAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\n\nFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\n\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\n\nAVEVA recommends the following defensive measures:\n\n * Set the PI Message Subsystem to auto restart.\n * Monitor the memory usage of the PI Message Subsystem.\n * Limit network access to port 5450 to trusted workstations and software\n * Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\n\n\nFor more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2024-001 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf .\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Aveva"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
]
}

View File

@ -1,17 +1,111 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-34348",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "ics-cert@hq.dhs.gov",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "\nAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.\n\n\n\n\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"cweId": "CWE-703"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Aveva",
"product": {
"product_data": [
{
"product_name": "PI Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2023"
},
{
"version_affected": "<=",
"version_name": "0",
"version_value": "2018 SP3 P05 "
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<p>All affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.</p><p>For an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From <a target=\"_blank\" rel=\"nofollow\" href=\"https://my.osisoft.com/\">OSI Soft Customer Portal</a>, search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.</p><p>AVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.</p><p>AVEVA recommends the following defensive measures:</p><ul><li>Set the PI Message Subsystem to auto restart.</li><li>Monitor the memory usage of the PI Message Subsystem.</li><li>Limit network access to port 5450 to trusted workstations and software</li><li>Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.</li></ul><p>For more information on this vulnerability, including security updates, users should see security bulletin <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf\">AVEVA-2024-001</a>.</p>\n\n<br>"
}
],
"value": "\nAll affected versions can be fixed by upgrading to AVEVA PI Server version 2023 Patch 1 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2023 Patch 1\u201d.\n\nFor an alternative fix, AVEVA PI Server 2018 SP3 Patch 5 and prior can be fixed by deploying AVEVA PI Server version 2018 SP3 Patch 6 or later. From OSI Soft Customer Portal https://my.osisoft.com/ , search for \u201cPI Server\u201d and select version \u201c2018 SP3 Patch 6\u201d.\n\nAVEVA recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment, architecture, and product implementation. Customers using affected products should apply security updates as soon as possible.\n\nAVEVA recommends the following defensive measures:\n\n * Set the PI Message Subsystem to auto restart.\n * Monitor the memory usage of the PI Message Subsystem.\n * Limit network access to port 5450 to trusted workstations and software\n * Confirm that only authorized users have access to write to the PI Server Message Log. This is done through configuration of the PIMSGSS entry within the Database Security plugin accessible through PI System Management Tools.\n\n\nFor more information on this vulnerability, including security updates, users should see security bulletin AVEVA-2024-001 https://www.aveva.com/content/dam/aveva/documents/support/cyber-security-updates/SecurityBulletin_AVEVA-2024-001.pdf .\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Aveva"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
]
}

View File

@ -88,6 +88,11 @@
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail=",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3006541%40backup-backup&new=3006541%40backup-backup&sfp_email=&sfph_mail="
},
{
"url": "http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/176638/WordPress-Backup-Migration-1.3.7-Remote-Command-Execution.html"
}
]
},

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0693",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-0694",
"ASSIGNER": "security@wordfence.com",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6620. Reason: This candidate is a reservation duplicate of CVE-2023-6620. Notes: All CVE users should reference CVE-2023-6620 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0695",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-0696",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-22601",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2024-22601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/ljw11e/cms/blob/main/5.md",
"refsource": "MISC",
"name": "https://github.com/ljw11e/cms/blob/main/5.md"
}
]
}