admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2023-06-12 07:00:43 +00:00
parent 7c6836be01
commit 1687207265
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
52 changed files with 743 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
2015/10xxx/CVE-2015-10118.json
View File

@ -1,17 +1,105 @@
{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-10118",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@vuldb.com",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0. This vulnerability affects the function CopyProtect_options_page of the file wp-copyprotect.php. The manipulation of the argument CopyProtect_nrc_text leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.1.0 is able to address this issue. The patch is identified as 8b8fe4102886b326330dc1ff06b17313fb10aee5. It is recommended to upgrade the affected component. VDB-231202 is the identifier assigned to this vulnerability."
},
{
"lang": "deu",
"value": "In cchetanonline WP-CopyProtect bis 3.0.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Betroffen ist die Funktion CopyProtect_options_page der Datei wp-copyprotect.php. Durch Manipulation des Arguments CopyProtect_nrc_text mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 3.1.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8b8fe4102886b326330dc1ff06b17313fb10aee5 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross Site Scripting",
"cweId": "CWE-79"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cchetanonline",
"product": {
"product_data": [
{
"product_name": "WP-CopyProtect",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://vuldb.com/?id.231202",
"refsource": "MISC",
"name": "https://vuldb.com/?id.231202"
},
{
"url": "https://vuldb.com/?ctiid.231202",
"refsource": "MISC",
"name": "https://vuldb.com/?ctiid.231202"
},
{
"url": "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5",
"refsource": "MISC",
"name": "https://github.com/wp-plugins/wp-copyprotect/commit/8b8fe4102886b326330dc1ff06b17313fb10aee5"
}
]
},
"credits": [
{
"lang": "en",
"value": "VulDB GitHub Commit Analyzer"
}
],
"impact": {
"cvss": [
{
"version": "3.1",
"baseScore": 3.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "3.0",
"baseScore": 3.5,
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"baseSeverity": "LOW"
},
{
"version": "2.0",
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"baseSeverity": "MEDIUM"
}
]
}

5
2017/0xxx/CVE-2017-0141.json
View File

@ -66,6 +66,11 @@
"name": "1038006",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038006"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172826/Microsoft-ChakaCore-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172826/Microsoft-ChakaCore-Remote-Code-Execution.html"
}
]
}

5
2017/13xxx/CVE-2017-13782.json
View File

@ -66,6 +66,11 @@
"name": "https://lgtm.com/blog/apple_xnu_dtrace_CVE-2017-13782",
"refsource": "MISC",
"url": "https://lgtm.com/blog/apple_xnu_dtrace_CVE-2017-13782"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172827/Apple-XNU-Kernel-Memory-Exposure.html",
"url": "http://packetstormsecurity.com/files/172827/Apple-XNU-Kernel-Memory-Exposure.html"
}
]
}

5
2017/13xxx/CVE-2017-13904.json
View File

@ -71,6 +71,11 @@
"name": "https://support.apple.com/HT208334",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208334"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html"
}
]
}

5
2018/1000xxx/CVE-2018-1000140.json
View File

@ -113,6 +113,11 @@
"name": "RHSA-2018:1701",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1701"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172829/librelp-Remote-Code-Execution.html"
}
]
}

5
2018/11xxx/CVE-2018-11776.json
View File

@ -145,6 +145,11 @@
"name": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC",
"refsource": "MISC",
"url": "https://github.com/hook-s3c/CVE-2018-11776-Python-PoC"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html"
}
]
}

5
2018/4xxx/CVE-2018-4249.json
View File

@ -81,6 +81,11 @@
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html"
}
]
}

5
2018/4xxx/CVE-2018-4259.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT208937",
"url": "https://support.apple.com/kb/HT208937"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html"
}
]
},

5
2018/4xxx/CVE-2018-4286.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT208937",
"url": "https://support.apple.com/kb/HT208937"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html"
}
]
},

5
2018/4xxx/CVE-2018-4287.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT208937",
"url": "https://support.apple.com/kb/HT208937"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html"
}
]
},

5
2018/4xxx/CVE-2018-4288.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT208937",
"url": "https://support.apple.com/kb/HT208937"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html"
}
]
},

5
2018/4xxx/CVE-2018-4291.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT208937",
"url": "https://support.apple.com/kb/HT208937"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172831/macOS-NFS-Client-Buffer-Overflow.html"
}
]
},

5
2018/4xxx/CVE-2018-4407.json
View File

@ -68,6 +68,11 @@
"refsource": "MISC",
"name": "https://support.apple.com/kb/HT209108",
"url": "https://support.apple.com/kb/HT209108"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172832/iOS-11.4.1-macOS-10.13.6-icmp_error-Heap-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172832/iOS-11.4.1-macOS-10.13.6-icmp_error-Heap-Buffer-Overflow.html"
}
]
},

5
2018/5xxx/CVE-2018-5388.json
View File

@ -104,6 +104,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:0403",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00047.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172833/strongSwan-VPN-Charon-Server-Buffer-Overflow.html"
}
]
},

5
2019/11xxx/CVE-2019-11476.json
View File

@ -97,6 +97,11 @@
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863",
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/whoopsie/%2Bbug/1830863"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
]
},

5
2019/11xxx/CVE-2019-11481.json
View File

@ -105,6 +105,11 @@
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4171-2",
"name": "https://usn.ubuntu.com/usn/usn-4171-2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
]
},

5
2019/11xxx/CVE-2019-11484.json
View File

@ -100,6 +100,11 @@
"refsource": "MISC",
"url": "https://usn.ubuntu.com/usn/usn-4170-2",
"name": "https://usn.ubuntu.com/usn/usn-4170-2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
]
},

5
2019/13xxx/CVE-2019-13115.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[debian-lts-announce] 20211217 [SECURITY] [DLA 2848-1] libssh2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00013.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html",
"url": "http://packetstormsecurity.com/files/172834/libssh2-1.8.2-Out-Of-Bounds-Read.html"
}
]
}

5
2019/15xxx/CVE-2019-15790.json
View File

@ -153,6 +153,11 @@
"refsource": "CONFIRM",
"name": "https://bugs.launchpad.net/apport/+bug/1854237",
"url": "https://bugs.launchpad.net/apport/+bug/1854237"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
]
},

5
2019/17xxx/CVE-2019-17498.json
View File

@ -101,6 +101,11 @@
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220909-0004/",
"url": "https://security.netapp.com/advisory/ntap-20220909-0004/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html",
"url": "http://packetstormsecurity.com/files/172835/libssh2-1.9.0-Out-Of-Bounds-Read.html"
}
]
}

5
2019/3xxx/CVE-2019-3560.json
View File

@ -62,6 +62,11 @@
"name": "https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2",
"refsource": "MISC",
"url": "https://github.com/facebookincubator/fizz/commit/40bbb161e72fb609608d53b9d64c56bb961a6ee2"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
}
]
}

5
2019/3xxx/CVE-2019-3828.json
View File

@ -89,6 +89,11 @@
"refsource": "REDHAT",
"name": "RHSA-2019:3789",
"url": "https://access.redhat.com/errata/RHSA-2019:3789"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html",
"url": "http://packetstormsecurity.com/files/172837/Ansible-Fetch-Path-Traversal.html"
}
]
},

5
2019/6xxx/CVE-2019-6986.json
View File

@ -61,6 +61,11 @@
"name": "https://github.com/vivo-project/Vitro/pull/111",
"refsource": "MISC",
"url": "https://github.com/vivo-project/Vitro/pull/111"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172838/VIVO-SPARQL-Injection.html",
"url": "http://packetstormsecurity.com/files/172838/VIVO-SPARQL-Injection.html"
}
]
}

5
2019/7xxx/CVE-2019-7307.json
View File

@ -100,6 +100,11 @@
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858",
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/apport/%2Bbug/1830858"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html",
"url": "http://packetstormsecurity.com/files/172858/Ubuntu-Apport-Whoopsie-DoS-Integer-Overflow.html"
}
]
},

5
2020/12xxx/CVE-2020-12049.json
View File

@ -96,6 +96,11 @@
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak",
"url": "https://securitylab.github.com/advisories/GHSL-2020-057-DBus-DoS-file-descriptor-leak"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html",
"url": "http://packetstormsecurity.com/files/172840/D-Bus-File-Descriptor-Leak-Denial-Of-Service.html"
}
]
}

5
2020/12xxx/CVE-2020-12861.json
View File

@ -76,6 +76,11 @@
"refsource": "SUSE",
"name": "openSUSE-SU-2020:1798",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172841/SANE-Backends-Memory-Corruption-Code-Execution.html"
}
]
}

5
2020/15xxx/CVE-2020-15972.json
View File

@ -84,6 +84,11 @@
"refsource": "GENTOO",
"name": "GLSA-202101-30",
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172842/Chrome-Renderer-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172842/Chrome-Renderer-Remote-Code-Execution.html"
}
]
},

5
2020/28xxx/CVE-2020-28188.json
View File

@ -66,6 +66,11 @@
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/",
"url": "https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html"
}
]
}

5
2020/35xxx/CVE-2020-35665.json
View File

@ -61,6 +61,11 @@
"refsource": "EXPLOIT-DB",
"name": "49330",
"url": "https://www.exploit-db.com/exploits/49330"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html"
}
]
}

5
2020/6xxx/CVE-2020-6449.json
View File

@ -89,6 +89,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2020-39e0b8bd14",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/172843/Chrome-WebAudio-Use-After-Free.html"
}
]
},

123
2021/1xxx/CVE-2021-1940.json
View File

@ -1,69 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, QCA6391, QCA6420, QCA6430, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD660, SD665, SD675, SD678, SD720G, SD730, SD855, SDA429W, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, QCA6391, QCA6420, QCA6430, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD660, SD665, SD675, SD678, SD720G, SD730, SD855, SDA429W, SDX50M, SDX55, SDX55M, SM6250, SM6250P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
"lang": "eng",
"value": "Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
]
},
"impact": {
"cvss": {
"baseScore": "8.4",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Neural Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin"
}
]
}
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Neural Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html",
"url": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html"
}
]
}
}

137
2021/1xxx/CVE-2021-1968.json
View File

@ -1,69 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD665, SD675, SD678, SD720G, SD855, SDA429W, SDX55, SDX55M, SM6250, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Neural Processing"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD665, SD675, SD678, SD720G, SD855, SDA429W, SDX55, SDX55M, SM6250, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Neural Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html",
"url": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html"
}
]
}
}

137
2021/1xxx/CVE-2021-1969.json
View File

@ -1,69 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD665, SD675, SD678, SD720G, SD855, SDA429W, SDX55, SDX55M, SM6250, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Neural Processing"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-1969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD665, SD675, SD678, SD720G, SD855, SDA429W, SDX55, SDX55M, SM6250, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Neural Processing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html",
"url": "http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html"
}
]
}
}

151
2021/24xxx/CVE-2021-24499.json
View File

@ -1,80 +1,85 @@
{
"CVE_data_meta": {
"ID": "CVE-2021-24499",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Workreap",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.2",
"version_value": "2.2.2"
"CVE_data_meta": {
"ID": "CVE-2021-24499",
"ASSIGNER": "contact@wpscan.com",
"STATE": "PUBLIC",
"TITLE": "Workreap theme < 2.2.2 - Unauthenticated Upload Leading to Remote Code Execution"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"generator": "WPScan CVE Generator",
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Unknown",
"product": {
"product_data": [
{
"product_name": "Workreap",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "2.2.2",
"version_value": "2.2.2"
}
]
}
}
]
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts."
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb",
"name": "https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/",
"name": "https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts."
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Harald Eilertsen (Jetpack)"
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb",
"name": "https://wpscan.com/vulnerability/74611d5f-afba-42ae-bc19-777cdf2808cb"
},
{
"refsource": "MISC",
"url": "https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/",
"name": "https://jetpack.com/2021/07/07/multiple-vulnerabilities-in-workreap-theme/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html",
"url": "http://packetstormsecurity.com/files/172876/WordPress-Workreap-2.2.2-Shell-Upload.html"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"value": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "eng"
}
]
}
]
},
"credit": [
{
"lang": "eng",
"value": "Harald Eilertsen (Jetpack)"
}
],
"source": {
"discovery": "UNKNOWN"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
}

5
2021/30xxx/CVE-2021-30528.json
View File

@ -69,6 +69,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-ca58c57bdf",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ETMZL6IHCTCTREEL434BQ4THQ7EOHJ43/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172844/Chrome-Sandbox-Escape.html",
"url": "http://packetstormsecurity.com/files/172844/Chrome-Sandbox-Escape.html"
}
]
},

5
2021/30xxx/CVE-2021-30632.json
View File

@ -64,6 +64,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2021-591b3a2af0",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172845/Chrome-JIT-Compiler-Type-Confusion.html",
"url": "http://packetstormsecurity.com/files/172845/Chrome-JIT-Compiler-Type-Confusion.html"
}
]
},

5
2021/37xxx/CVE-2021-37975.json
View File

@ -74,6 +74,11 @@
"refsource": "DEBIAN",
"name": "DSA-5046",
"url": "https://www.debian.org/security/2022/dsa-5046"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172847/Chrome-V8-Logic-Bug-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/172847/Chrome-V8-Logic-Bug-Use-After-Free.html"
}
]
},

5
2021/3xxx/CVE-2021-3560.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/",
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html",
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
}
]
},

5
2021/3xxx/CVE-2021-3939.json
View File

@ -100,6 +100,11 @@
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149",
"name": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1950149"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html",
"url": "http://packetstormsecurity.com/files/172848/Ubuntu-accountsservice-Double-Free-Memory-Corruption.html"
}
]
},

5
2021/45xxx/CVE-2021-45837.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}

5
2021/45xxx/CVE-2021-45839.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}

5
2021/45xxx/CVE-2021-45841.json
View File

@ -56,6 +56,11 @@
"refsource": "MISC",
"name": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/",
"url": "https://thatsn0tmy.site/posts/2021/12/how-to-summon-rces/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172881/TerraMaster-TOS-4.2.15-Remote-Code-Execution.html"
}
]
}

5
2021/4xxx/CVE-2021-4115.json
View File

@ -68,6 +68,11 @@
"url": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html",
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
}
]
},

5
2022/1xxx/CVE-2022-1134.json
View File

@ -59,6 +59,11 @@
"refsource": "GENTOO",
"name": "GLSA-202208-25",
"url": "https://security.gentoo.org/glsa/202208-25"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172851/Chrome-Renderer-Type-Confusion-Remote-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172851/Chrome-Renderer-Type-Confusion-Remote-Code-Execution.html"
}
]
},

5
2022/20xxx/CVE-2022-20186.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/pixel/2022-06-01",
"url": "https://source.android.com/security/bulletin/pixel/2022-06-01"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172852/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172852/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html"
}
]
},

137
2022/22xxx/CVE-2022-22057.json
View File

@ -1,69 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-22057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8053, AR8035, MSM8953, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6595AU, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, QRB5165, QRB5165M, QRB5165N, Qualcomm215, SA6155P, SA8155P, SA8195P, SD 8 Gen1 5G, SD439, SD460, SD480, SD662, SD680, SD690 5G, SD695, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX12, SDX55M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Graphics"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-22057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8053, AR8035, MSM8953, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6595AU, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, QRB5165, QRB5165M, QRB5165N, Qualcomm215, SA6155P, SA8155P, SA8195P, SD 8 Gen1 5G, SD439, SD460, SD480, SD662, SD680, SD690 5G, SD695, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX12, SDX55M, SDX65, SDXR2 5G, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172850/Qualcomm-kgsl-Driver-Use-After-Free.html",
"url": "http://packetstormsecurity.com/files/172850/Qualcomm-kgsl-Driver-Use-After-Free.html"
}
]
}
}

137
2022/25xxx/CVE-2022-25664.json
View File

@ -1,69 +1,74 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-25664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8052, APQ8053, APQ8056, APQ8076, APQ8096AU, AQT1000, MDM9150, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCC5100, QCM6125, QCS410, QCS605, QCS610, QCS6125, QCS8155, QSM8250, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD660, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Graphics Linux"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2022-25664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8052, APQ8053, APQ8056, APQ8076, APQ8096AU, AQT1000, MDM9150, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, QAM8295P, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCC5100, QCM6125, QCS410, QCS605, QCS610, QCS6125, QCS8155, QSM8250, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD660, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SW5100, SW5100P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Graphics Linux"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2022-bulletin"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172853/Qualcomm-Adreno-GPU-Information-Leak.html",
"url": "http://packetstormsecurity.com/files/172853/Qualcomm-Adreno-GPU-Information-Leak.html"
}
]
}
}

5
2022/38xxx/CVE-2022-38181.json
View File

@ -71,6 +71,11 @@
"refsource": "MISC",
"name": "https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/",
"url": "https://securitylab.github.com/advisories/GHSL-2022-054_Arm_Mali/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172854/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html"
}
]
}

5
2022/46xxx/CVE-2022-46395.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/172855/Android-Arm-Mali-GPU-Arbitrary-Code-Execution.html"
}
]
}

9
2023/21xxx/CVE-2023-21839.json
View File

@ -12,10 +12,6 @@
{
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
@ -69,6 +65,11 @@
"url": "https://www.oracle.com/security-alerts/cpujan2023.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"url": "http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html"
}
]
},

5
2023/21xxx/CVE-2023-21931.json
View File

@ -65,6 +65,11 @@
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2023.html"
},
{
"url": "http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172882/Oracle-Weblogic-PreAuth-Remote-Command-Execution.html"
}
]
},

5
2023/2xxx/CVE-2023-2283.json
View File

@ -63,6 +63,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2023-5fa5ca2043",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27PD44ALQTZXX7K6JAM3BXBUHYA6DFFN/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html",
"url": "http://packetstormsecurity.com/files/172861/libssh-0.9.6-0.10.4-pki_verify_data_signature-Authorization-Bypass.html"
}
]
},