From 36e19b5af51fad1ab9d89d23c40ecd7817787ad3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Wed, 27 Sep 2023 16:01:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2022/27xxx/CVE-2022-27635.json | 5 +++ 2022/40xxx/CVE-2022-40964.json | 5 +++ 2023/44xxx/CVE-2023-44121.json | 79 ++-------------------------------- 2023/44xxx/CVE-2023-44122.json | 78 ++------------------------------- 2023/44xxx/CVE-2023-44123.json | 78 ++------------------------------- 2023/44xxx/CVE-2023-44124.json | 78 ++------------------------------- 2023/44xxx/CVE-2023-44125.json | 78 ++------------------------------- 2023/44xxx/CVE-2023-44126.json | 79 ++-------------------------------- 2023/44xxx/CVE-2023-44127.json | 79 ++-------------------------------- 2023/44xxx/CVE-2023-44128.json | 79 ++-------------------------------- 2023/44xxx/CVE-2023-44129.json | 79 ++-------------------------------- 2023/4xxx/CVE-2023-4504.json | 10 +++++ 2023/5xxx/CVE-2023-5183.json | 12 +++--- 13 files changed, 62 insertions(+), 677 deletions(-) diff --git a/2022/27xxx/CVE-2022-27635.json b/2022/27xxx/CVE-2022-27635.json index d07b1e703d7..da3cffc1448 100644 --- a/2022/27xxx/CVE-2022-27635.json +++ b/2022/27xxx/CVE-2022-27635.json @@ -72,6 +72,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/" } ] }, diff --git a/2022/40xxx/CVE-2022-40964.json b/2022/40xxx/CVE-2022-40964.json index 03627601cb0..e8f38ee0e77 100644 --- a/2022/40xxx/CVE-2022-40964.json +++ b/2022/40xxx/CVE-2022-40964.json @@ -72,6 +72,11 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUCYUR4WBTELCRHELISJ3RMZVHKIV5TN/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y76A3PLHIQCEPESB4XVBV5SRRXQEZ5JY/" } ] }, diff --git a/2023/44xxx/CVE-2023-44121.json b/2023/44xxx/CVE-2023-44121.json index 11e61df14c2..ec526b0c33a 100644 --- a/2023/44xxx/CVE-2023-44121.json +++ b/2023/44xxx/CVE-2023-44121.json @@ -1,88 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44121", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is an intent redirection in LG ThinQ Service (\"com.lge.lms2\") in the \"com/lge/lms/things/ui/notification/NotificationManager.java\" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action \"com.lge.lms.things.notification.ACTION\". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId=\"android.uid.system\" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-926 Improper Export of Android Application Components", - "cweId": "CWE-926" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Android 9", - "version_value": "13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44122.json b/2023/44xxx/CVE-2023-44122.json index 22ee8489160..843d81ab6d2 100644 --- a/2023/44xxx/CVE-2023-44122.json +++ b/2023/44xxx/CVE-2023-44122.json @@ -1,87 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44122", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings (\"com.lge.lockscreensettings\") app in the \"com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java\" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the \"onActivityResult()\" method. The LockScreenSettings app copies the received file to the \"/data/shared/dw/mycategory/wallpaper_01.png\" path and then changes the file access mode to world-readable and world-writable." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-927 Use of Implicit Intent for Sensitive Communication", - "cweId": "CWE-927" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "Android 12, 13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44123.json b/2023/44xxx/CVE-2023-44123.json index 99846e78652..2f79aa2a80e 100644 --- a/2023/44xxx/CVE-2023-44123.json +++ b/2023/44xxx/CVE-2023-44123.json @@ -1,87 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44123", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth (\"com.lge.bluetoothsetting\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag. " - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-285 Improper Authorization", - "cweId": "CWE-285" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "Android 12, 13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44124.json b/2023/44xxx/CVE-2023-44124.json index 1a9178eaace..cca49455ccd 100644 --- a/2023/44xxx/CVE-2023-44124.json +++ b/2023/44xxx/CVE-2023-44124.json @@ -1,87 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44124", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is to theft of arbitrary files with system privilege in the Screen recording (\"com.lge.gametools.gamerecorder\") app in the \"com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java\" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the \"onActivityResult()\" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-927 Use of Implicit Intent for Sensitive Communication", - "cweId": "CWE-927" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "Android 12, 13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44125.json b/2023/44xxx/CVE-2023-44125.json index 4189f146348..d5e71762d4d 100644 --- a/2023/44xxx/CVE-2023-44125.json +++ b/2023/44xxx/CVE-2023-44125.json @@ -1,87 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44125", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service (\"com.lge.abba\") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions=\"true\"` flag." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-285 Improper AuthorizationCWE-285 Improper Authorization", - "cweId": "CWE-285" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "=", - "version_value": "Android 12, 13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44126.json b/2023/44xxx/CVE-2023-44126.json index f85e635055d..4442ddd369c 100644 --- a/2023/44xxx/CVE-2023-44126.json +++ b/2023/44xxx/CVE-2023-44126.json @@ -1,88 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44126", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is that the Call management (\"com.android.server.telecom\") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-925 Improper Verification of Intent by Broadcast Receiver", - "cweId": "CWE-925" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Android 8", - "version_value": "13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 3.6, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44127.json b/2023/44xxx/CVE-2023-44127.json index 65b21fe7434..641c9c077bf 100644 --- a/2023/44xxx/CVE-2023-44127.json +++ b/2023/44xxx/CVE-2023-44127.json @@ -1,88 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44127", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "he vulnerability is that the Call management (\"com.android.server.telecom\") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-927 Use of Implicit Intent for Sensitive Communication", - "cweId": "CWE-927" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Android 8", - "version_value": "13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 3.6, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44128.json b/2023/44xxx/CVE-2023-44128.json index 929c1399996..b82a7513f2e 100644 --- a/2023/44xxx/CVE-2023-44128.json +++ b/2023/44xxx/CVE-2023-44128.json @@ -1,88 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44128", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "he vulnerability is to delete arbitrary files in LGInstallService (\"com.lge.lginstallservies\") app. The app contains the exported \"com.lge.lginstallservies.InstallService\" service that exposes an AIDL interface. All its \"installPackage*\" methods are finally calling the \"installPackageVerify()\" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", - "cweId": "CWE-367" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Android 4", - "version_value": "13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "LOW", - "baseScore": 5, - "baseSeverity": "MEDIUM", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/44xxx/CVE-2023-44129.json b/2023/44xxx/CVE-2023-44129.json index d55a9367c94..ef514702f60 100644 --- a/2023/44xxx/CVE-2023-44129.json +++ b/2023/44xxx/CVE-2023-44129.json @@ -1,88 +1,17 @@ { - "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", + "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-44129", - "ASSIGNER": "product.security@lge.com", - "STATE": "PUBLIC" + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" }, "description": { "description_data": [ { "lang": "eng", - "value": "The vulnerability is that the Messaging (\"com.android.mms\") app patched by LG forwards attacker-controlled intents back to the attacker in the exported \"com.android.mms.ui.QClipIntentReceiverActivity\" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the \"com.lge.message.action.QCLIP\" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the \"onActivityResult()\" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions=\"true\"` flag set." - } - ] - }, - "problemtype": { - "problemtype_data": [ - { - "description": [ - { - "lang": "eng", - "value": "CWE-926 Improper Export of Android Application Components", - "cweId": "CWE-926" - } - ] - } - ] - }, - "affects": { - "vendor": { - "vendor_data": [ - { - "vendor_name": "LG Electronics", - "product": { - "product_data": [ - { - "product_name": "LG V60 Thin Q 5G(LMV600VM)", - "version": { - "version_data": [ - { - "version_affected": "<=", - "version_name": "Android 12", - "version_value": "13" - } - ] - } - } - ] - } - } - ] - } - }, - "references": { - "reference_data": [ - { - "url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", - "refsource": "MISC", - "name": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails" - } - ] - }, - "generator": { - "engine": "Vulnogram 0.1.0-dev" - }, - "source": { - "discovery": "UNKNOWN" - }, - "impact": { - "cvss": [ - { - "attackComplexity": "LOW", - "attackVector": "LOCAL", - "availabilityImpact": "NONE", - "baseScore": 3.6, - "baseSeverity": "LOW", - "confidentialityImpact": "LOW", - "integrityImpact": "NONE", - "privilegesRequired": "NONE", - "scope": "CHANGED", - "userInteraction": "REQUIRED", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", - "version": "3.1" + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." } ] } diff --git a/2023/4xxx/CVE-2023-4504.json b/2023/4xxx/CVE-2023-4504.json index 9deee9c9c80..e8801be1dea 100644 --- a/2023/4xxx/CVE-2023-4504.json +++ b/2023/4xxx/CVE-2023-4504.json @@ -91,6 +91,16 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/", "refsource": "MISC", "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AMYDKIE4PSJDEMC5OWNFCDMHFGLJ57XG/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WVS4I7JG3LISFPKTM6ADKJXXEPEEWBQ/" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/", + "refsource": "MISC", + "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WHEJIYMMAIXU2EC35MGTB5LGGO2FFJE/" } ] }, diff --git a/2023/5xxx/CVE-2023-5183.json b/2023/5xxx/CVE-2023-5183.json index 13c5349bfbb..75a28063e70 100644 --- a/2023/5xxx/CVE-2023-5183.json +++ b/2023/5xxx/CVE-2023-5183.json @@ -46,37 +46,37 @@ { "lessThanOrEqual": "19.3.6", "status": "affected", - "version": "19.3.0", + "version": "0", "versionType": "release train" }, { "lessThanOrEqual": "21.2.7", "status": "affected", - "version": "21.2.0", + "version": "0", "versionType": "release train" }, { "lessThanOrEqual": "21.5.35", "status": "affected", - "version": "21.5.0", + "version": "0", "versionType": "release train" }, { "lessThanOrEqual": "22.2.41", "status": "affected", - "version": "22.2.0", + "version": "0", "versionType": "release train" }, { "lessThanOrEqual": "22.5.30", "status": "affected", - "version": "22.5.0", + "version": "0", "versionType": "release train" }, { "lessThanOrEqual": "23.2.10", "status": "affected", - "version": "23.2.0", + "version": "0", "versionType": "release train" } ],