admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 10:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2024-02-15 06:00:32 +00:00
parent b27e0fa16a
commit b82246cc98
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
23 changed files with 966 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
2021/29xxx/CVE-2021-29633.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29633",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29634.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29634",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29635.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29635",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29636.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29636",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29637.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29637",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29638.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29638",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29639.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29639",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

8
2021/29xxx/CVE-2021-29640.json
View File

@ -1,17 +1,17 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-29640",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** This candidate was in a CNA pool that was not assigned to any issues during 2021."
}
]
}

82
2022/23xxx/CVE-2022-23087.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23087",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload (\"TSO\"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets.\n\nWhen checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on-stack buffer. The offset was not validated for certain packet types.\n\nA misbehaving bhyve guest could overwrite memory in the bhyve process on the host, possibly leading to code execution in the host context.\n\nThe bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD version and bhyve configuration) limits the impact of exploiting this issue."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RC1",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p11"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:05.bhyve.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Mehdi Talbi"
},
{
"lang": "en",
"value": "Synacktiv"
}
]
}

82
2022/23xxx/CVE-2022-23088.json
View File

@ -1,18 +1,90 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23088",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer.\n\nWhile a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with a SSID) a malicious beacon frame may overwrite kernel memory, leading to remote code execution."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RC1",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p11"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p5"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "m00nbsd"
},
{
"lang": "en",
"value": "Trend Micro Zero Day Initiative"
}
]
}

78
2022/23xxx/CVE-2022-23089.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23089",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "When dumping core and saving process information, proc_getargv() might return an sbuf which have a sbuf_len() of 0 or -1, which is not properly handled.\n\nAn out-of-bound read can happen when user constructs a specially crafted ps_string, which in turn can cause the kernel to crash."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RELEASE",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p12"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:09.elf.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Josef 'Jeff' Sipek"
}
]
}

78
2022/23xxx/CVE-2022-23090.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23090",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The aio_aqueue function, used by the lio_listio system call, fails to release a reference to a credential in an error case.\n\nAn attacker may cause the reference count to overflow, leading to a use after free (UAF)."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RELEASE",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p12"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:10.aio.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Chris J-D <chris@accessvector.net>"
}
]
}

78
2022/23xxx/CVE-2022-23091.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23091",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A particular case of memory sharing is mishandled in the virtual memory system. This is very similar to SA-21:08.vm, but with a different root cause.\n\nAn unprivileged local user process can maintain a mapping of a page after it is freed, allowing that process to read private data belonging to other processes or the kernel."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RELEASE",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p12"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:11.vm.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Mark Johnston"
}
]
}

73
2022/23xxx/CVE-2022-23092.json
View File

@ -1,18 +1,81 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23092",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The implementation of lib9p's handling of RWALK messages was missing a bounds check needed when unpacking the message contents. The missing check means that the receipt of a specially crafted message will cause lib9p to overwrite unrelated memory.\n\nThe bug can be triggered by a malicious bhyve guest kernel to overwrite memory in the bhyve(8) process. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RELEASE",
"version_value": "p1"
},
{
"version_affected": "<",
"version_name": "13.0-RELEASE",
"version_value": "p12"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:12.lib9p.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Robert Morris"
}
]
}

78
2022/23xxx/CVE-2022-23093.json
View File

@ -1,18 +1,86 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-23093",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secteam@freebsd.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ping reads raw IP packets from the network to process responses in the pr_pack() function. As part of processing a response ping has to\u00a0reconstruct the IP header, the ICMP header and if present a \"quoted\u00a0packet,\" which represents the packet that generated an ICMP error. The\u00a0quoted packet again has an IP header and an ICMP header.\n\nThe pr_pack() copies received IP and ICMP headers into stack buffers\u00a0for further processing. In so doing, it fails to take into account the possible presence of IP option headers following the IP header in either the response or the quoted packet. When IP options are present, pr_pack() overflows the destination buffer by up to 40 bytes.\n\nThe memory safety bugs described above can be triggered by a remote\u00a0host, causing the ping program to crash.\n\nThe ping process runs in a capability mode sandbox on all affected\u00a0versions of FreeBSD and is thus very constrained in how it can interact\u00a0with the rest of the system at the point where the bug can occur."
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "FreeBSD",
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "13.1-RELEASE",
"version_value": "p5"
},
{
"version_affected": "<",
"version_name": "12.4-RC2",
"version_value": "p2"
},
{
"version_affected": "<",
"version_name": "12.3-RELEASE",
"version_value": "p10"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc",
"refsource": "MISC",
"name": "https://security.freebsd.org/advisories/FreeBSD-SA-22:15.ping.asc"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "NetApp, Inc."
}
]
}

12
2023/46xxx/CVE-2023-46595.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Net-NTLM leak via stored HTML injection in FireFlow's VisualFlow workflow editor using Name and Description field. It also impacts\u00a0\n\nFireFlow's VisualFlow workflow editor\n\n outbound actions using Name and Category parameter. Fixed in version A32.20 (b570 and above),\u00a0\n\nA32.50 (b400 and above),\u00a0\n\nA32.60 (b220 and above)\n\n"
"value": "Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker\u00a0to obtain victim\u2019s domain credentials and Net-NTLM hash which can lead\u00a0to relay domain attacks.\n\n"
}
]
},
@ -41,7 +41,7 @@
"version_data": [
{
"version_affected": "=",
"version_value": "A32.20, A32.50, A32.60"
"version_value": "A32.20, A32.50"
}
]
}
@ -55,9 +55,9 @@
"references": {
"reference_data": [
{
"url": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm",
"url": "https://cwe.mitre.org/data/definitions/79.html",
"refsource": "MISC",
"name": "https://www.algosec.com/docs/en/cves/Content/tech-notes/cves/cve-2023-46595.htm"
"name": "https://cwe.mitre.org/data/definitions/79.html"
}
]
},
@ -74,10 +74,10 @@
{
"base64": false,
"type": "text/html",
"value": "Upgrade ASMS suite to&nbsp;A32.20 (b570 or above),&nbsp;\n\nA32.50 (b400 and above), \n\nA32.60 (b220 and above)\n\n<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>"
"value": "Upgrade ASMS suite to&nbsp;A32.20 (b570 or above),&nbsp; A32.50 (b390 or above)<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://portal.algosec.com/en/downloads/hotfix_releases\">https://portal.algosec.com/en/downloads/hotfix_releases</a><br>"
}
],
"value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0\n\nA32.50 (b400 and above), \n\nA32.60 (b220 and above)\n\n\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n"
"value": "Upgrade ASMS suite to\u00a0A32.20 (b570 or above),\u00a0 A32.50 (b390 or above)\n https://portal.algosec.com/en/downloads/hotfix_releases https://portal.algosec.com/en/downloads/hotfix_releases \n"
}
],
"credits": [

5
2023/47xxx/CVE-2023-47218.json
View File

@ -114,6 +114,11 @@
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"url": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/",
"refsource": "MISC",
"name": "https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/"
}
]
},

189
2023/4xxx/CVE-2023-4625.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login."
"value": "Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login."
}
]
},
@ -823,6 +823,193 @@
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R00CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 05 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R01CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 05 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R02CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 05 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R04CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R08CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R16CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R32CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R120CPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R04ENCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R08ENCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R16ENCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R32ENCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R120ENCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 35 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R08PCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 37 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R16PCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 37 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R32PCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 37 or later"
}
]
}
},
{
"product_name": "MELSEC iQ-R Series R120PCPU",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "versions 37 or later"
}
]
}
}
]
}

10
2023/50xxx/CVE-2023-50358.json
View File

@ -113,6 +113,16 @@
"url": "https://www.qnap.com/en/security-advisory/qsa-23-57",
"refsource": "MISC",
"name": "https://www.qnap.com/en/security-advisory/qsa-23-57"
},
{
"url": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/",
"refsource": "MISC",
"name": "https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/"
},
{
"url": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032",
"refsource": "MISC",
"name": "https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032"
}
]
},

2
2023/50xxx/CVE-2023-50782.json
View File

@ -191,7 +191,7 @@
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
"defaultStatus": "unaffected"
}
}
]

56
2023/51xxx/CVE-2023-51787.json
View File

@ -1,17 +1,61 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-51787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2023-51787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in Wind River VxWorks 7 22.09 and 23.03. If a VxWorks task or POSIX thread that uses OpenSSL exits, limited per-task memory is not freed, resulting in a memory leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787",
"url": "https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2023-51787"
}
]
}

2
2024/1xxx/CVE-2024-1485.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was found in the decompression function of registry-support. This issue can be triggered by an unauthenticated remote attacker when tricking a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
"value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
}
]
},

163
2024/1xxx/CVE-2024-1488.json
View File

@ -1,17 +1,172 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2024-1488",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External Control of System or Configuration Setting",
"cweId": "CWE-15"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "unbound",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "1.19.1-2.fc40",
"status": "unaffected"
}
]
}
}
]
}
}
]
}
},
{
"vendor_name": "Red Hat",
"product": {
"product_data": [
{
"product_name": "Red Hat Enterprise Linux 6",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 7",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 8",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
},
{
"product_name": "Red Hat Enterprise Linux 9",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "unknown"
}
}
]
}
}
]
}
},
{
"vendor_name": "Fedora",
"product": {
"product_data": [
{
"product_name": "Fedora",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"defaultStatus": "affected"
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1488",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/CVE-2024-1488"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=2264183"
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
}
]
}