"-Synchronized-Data."

2025-06-21 05:40:25 +00:00 · 2023-05-22 06:00:45 +00:00 · 2023-05-22 06:00:45 +00:00 · bfd7203a06
commit bfd7203a06
parent da6713b92e
2 changed files with 93 additions and 5 deletions
--- a/2019/25xxx/CVE-2019-25137.json
+++ b/2019/25xxx/CVE-2019-25137.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "Umbraco CMS 7.12.4 allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
+                "value": "Umbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx."
            }
        ]
    },
@ -66,6 +66,11 @@
                "url": "https://0xdf.gitlab.io/2020/09/05/htb-remote.html",
                "refsource": "MISC",
                "name": "https://0xdf.gitlab.io/2020/09/05/htb-remote.html"
            },
            {
                "refsource": "MISC",
                "name": "https://github.com/Ickarah/CVE-2019-25137-Version-Research",
                "url": "https://github.com/Ickarah/CVE-2019-25137-Version-Research"
            }
        ]
    }
--- a/2023/33xxx/CVE-2023-33235.json
+++ b/2023/33xxx/CVE-2023-33235.json
@ -1,17 +1,100 @@
 {
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2023-33235",
-        "ASSIGNER": "cve@mitre.org",
+        "ASSIGNER": "psirt@moxa.com",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')",
                        "cweId": "CWE-77"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Moxa",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "MXsecurity Series",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "=",
                                            "version_value": "1.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities",
                "refsource": "MISC",
                "name": "https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:<br><ul><li>MXsecurity Series: Please upgrade to software v1.0.1 or higher.</li></ul>"
                }
            ],
            "value": "Moxa has developed appropriate solution to address the vulnerability. The solution for affected products is shown below:\n  *  MXsecurity Series: Please upgrade to software v1.0.1 or higher.\n\n\n"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }