admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-11-10 23:00:32 +00:00
parent 979cc8d3cc
commit b8e5143d9c
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
5 changed files with 250 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
2023/0xxx/CVE-2023-0574.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13."
"value": "Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0.0.0 through 2.13.0.0\n\n"
}
]
},
@ -50,16 +50,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "YugaByte, Inc.",
"vendor_name": "YugabyteDB",
"product": {
"product_data": [
{
"product_name": "Yugabyte Managed",
"product_name": "YugabyteDB Anywhere",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "<=",
"version_name": "2.0.0.0",
"version_value": "2.13.0.0"
}
]
}

11
2023/0xxx/CVE-2023-0575.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2."
"value": "External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py.\n\nThis issue affects Yugabyte DB: Lesser then 2.2.0.0\n\n"
}
]
},
@ -41,16 +41,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "YugaByte, Inc.",
"vendor_name": "YugabyteDB",
"product": {
"product_data": [
{
"product_name": "Yugabyte DB",
"product_name": "YugabyteDB",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "<",
"version_name": "2.0",
"version_value": "2.15"
}
]
}

11
2023/0xxx/CVE-2023-0745.json
View File

@ -11,7 +11,7 @@
"description_data": [
{
"lang": "eng",
"value": "Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13."
"value": "\n\t\n\t\t\n\t\t\n\t\n\t\n\t\t\n\t\t\t\n\t\t\t\t\n\t\t\t\t\tThe High Availability functionality of Yugabyte Anywhere can be abused to write arbitrary\nfiles through the backup upload endpoint by using path traversal characters.\n\n\n\n\t\t\t\t\n\n\n\t\t\t\n\n\n\t\t\n\n\n\t\n This vulnerability is associated with program files PlatformReplicationManager.Java.\n\nThis issue affects YugabyteDB Anywhere: from 2.0.0.0 through 2.13.0.0\n\n"
}
]
},
@ -32,16 +32,17 @@
"vendor": {
"vendor_data": [
{
"vendor_name": "YugaByte, Inc.",
"vendor_name": "YugabyteDB",
"product": {
"product_data": [
{
"product_name": "Yugabyte Managed",
"product_name": "YugabyteDB Anywhere",
"version": {
"version_data": [
{
"version_value": "2.0",
"version_affected": "="
"version_affected": "<=",
"version_name": "2.0",
"version_value": "2.13"
}
]
}

218
2023/4xxx/CVE-2023-4804.json
View File

@ -1,17 +1,227 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-4804",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "productsecurity@jci.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An\u00a0unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489: Active Debug Code",
"cweId": "CWE-489"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Johnson Controls",
"product": {
"product_data": [
{
"product_name": "Quantum HD Unity Compressor",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.22"
}
]
}
},
{
"product_name": "Quantum HD Unity AcuAir",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.12"
}
]
}
},
{
"product_name": "Quantum HD Unity Condenser/Vessel",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.11"
}
]
}
},
{
"product_name": "Quantum HD Unity Evaporator",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.11"
}
]
}
},
{
"product_name": "Quantum HD Unity Engine Room",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.11"
}
]
}
},
{
"product_name": "Quantum HD Unity Interface",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "11.11"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"refsource": "MISC",
"name": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01",
"refsource": "MISC",
"name": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-313-01"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "EXTERNAL"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).<br>"
}
],
"value": "Update all Quantum HD Unity Compressor control panels to firmware version 11.22 (Q5) or 12.22 (Q6).\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).<br>"
}
],
"value": "Update all Quantum HD Unity AcuAir control panels to firmware version 11.12 (Q5) or 12.12 (Q6).\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).<br>"
}
],
"value": "Update all Quantum HD Unity Condenser/Vessel control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n<br>"
}
],
"value": "\nUpdate all Quantum HD Unity Evaporator control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n<br>"
}
],
"value": "\nUpdate all Quantum HD Unity Engine Room control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n<br>"
}
],
"value": "\nUpdate all Quantum HD Unity Interface control panels to firmware version 11.11 (Q5) or 12.11 (Q6).\n\n\n"
}
],
"credits": [
{
"lang": "en",
"value": "Jim Reprogle"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
]
}

18
2023/6xxx/CVE-2023-6083.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-6083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}