admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-08 11:37:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-03-22 00:00:36 +00:00
parent 29a30d332a
commit e1ff6692db
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
4 changed files with 376 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
2022/41xxx/CVE-2022-41418.json
View File

@ -1,35 +1,12 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-41418",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
@ -50,6 +27,37 @@
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "n/a",
"status": "unknown"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
@ -58,14 +66,19 @@
"name": "https://github.com/BlogEngine/BlogEngine.NET/commit/7f927567db94462ffd37e128c0a53c11c1f81a8d"
},
{
"url": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95",
"refsource": "MISC",
"name": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95",
"url": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95"
"name": "https://gist.github.com/tree-chtsec/22a0a531ea188fd5b76fe11d32f41e95"
},
{
"url": "https://gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05",
"refsource": "MISC",
"name": "https://gist.github.com/tree-chtsec/a02258bb6dea0d16e7e631898c066e05"
},
{
"url": "https://www.chtsecurity.com/news/8719b7f3-1129-4fb4-8801-298970d81df7",
"refsource": "MISC",
"name": "https://www.chtsecurity.com/news/8719b7f3-1129-4fb4-8801-298970d81df7"
}
]
}

121
2023/27xxx/CVE-2023-27855.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27855",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "ThinManager ThinServer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.x - 10.x"
},
{
"version_affected": "=",
"version_value": "11.0.0 - 11.0.5"
},
{
"version_affected": "=",
"version_value": "11.1.0 - 11.1.5"
},
{
"version_affected": "=",
"version_value": "11.2.0 - 11.2.6"
},
{
"version_affected": "=",
"version_value": "12.0.0 - 12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0 - 12.1.5"
},
{
"version_affected": "=",
"version_value": "13.0.0 - 13.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.</span><br>"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}

121
2023/27xxx/CVE-2023-27856.json
View File

@ -1,17 +1,130 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-27856",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@rockwellautomation.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
"cweId": "CWE-22"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Rockwell Automation",
"product": {
"product_data": [
{
"product_name": "ThinManager ThinServer",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.x - 10.x"
},
{
"version_affected": "=",
"version_value": "11.0.0 - 11.0.5"
},
{
"version_affected": "=",
"version_value": "11.1.0 - 11.1.5"
},
{
"version_affected": "=",
"version_value": "11.2.0 - 11.2.6"
},
{
"version_affected": "=",
"version_value": "12.0.0 - 12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0 - 12.1.5"
},
{
"version_affected": "=",
"version_value": "13.0.0 - 13.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640",
"refsource": "MISC",
"name": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1138640"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"solution": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Customers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.</span><br>"
}
],
"value": "\nCustomers are directed to update to versions of the product that correct the vulnerability as listed in the reference article.\n"
}
],
"credits": [
{
"lang": "en",
"value": "Security researchers from Tenable reported this to Rockwell Automation."
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
]
}

100
2023/28xxx/CVE-2023-28725.json Normal file
View File

@ -0,0 +1,100 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2023-28725",
"ASSIGNER": "cve@mitre.org",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"version": "n/a",
"status": "unknown"
}
]
}
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023",
"refsource": "MISC",
"name": "https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/2885222430/Security+Incident+March+17-18th+2023"
},
{
"url": "https://www.generalbytes.com/en/support/changelog",
"refsource": "MISC",
"name": "https://www.generalbytes.com/en/support/changelog"
},
{
"url": "https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAS",
"refsource": "MISC",
"name": "https://generalbytes.atlassian.net/wiki/spaces/ESD/pages/951418958/Update+CAS"
},
{
"url": "https://twitter.com/generalbytes/status/1637192687160897537",
"refsource": "MISC",
"name": "https://twitter.com/generalbytes/status/1637192687160897537"
},
{
"url": "https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million",
"refsource": "MISC",
"name": "https://web3isgoinggreat.com/single/general-bytes-crypto-atms-exploited-for-over-1-6-million"
},
{
"url": "https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/",
"refsource": "MISC",
"name": "https://arstechnica.com/information-technology/2023/03/hackers-drain-bitcoin-atms-of-1-5-million-by-exploiting-0-day-bug/"
},
{
"url": "https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/",
"refsource": "MISC",
"name": "https://www.bleepingcomputer.com/news/security/general-bytes-bitcoin-atms-hacked-using-zero-day-15m-stolen/"
}
]
}
}