diff --git a/2022/47xxx/CVE-2022-47966.json b/2022/47xxx/CVE-2022-47966.json index d79065a9cf8..1809845cb88 100644 --- a/2022/47xxx/CVE-2022-47966.json +++ b/2022/47xxx/CVE-2022-47966.json @@ -76,6 +76,11 @@ "refsource": "MISC", "name": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html", "url": "http://packetstormsecurity.com/files/170925/ManageEngine-ADSelfService-Plus-Unauthenticated-SAML-Remote-Code-Execution.html" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html", + "url": "http://packetstormsecurity.com/files/170943/Zoho-ManageEngine-Endpoint-Central-MSP-10.1.2228.10-Remote-Code-Execution.html" } ] } diff --git a/2023/0xxx/CVE-2023-0767.json b/2023/0xxx/CVE-2023-0767.json new file mode 100644 index 00000000000..cfb36ee0f17 --- /dev/null +++ b/2023/0xxx/CVE-2023-0767.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-0767", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21419.json b/2023/21xxx/CVE-2023-21419.json index 866d395f820..ca98377b735 100644 --- a/2023/21xxx/CVE-2023-21419.json +++ b/2023/21xxx/CVE-2023-21419.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21419", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cwe-287 improper authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21420.json b/2023/21xxx/CVE-2023-21420.json index e6d2b77fb38..48323bd75b1 100644 --- a/2023/21xxx/CVE-2023-21420.json +++ b/2023/21xxx/CVE-2023-21420.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11) devices with Teegris", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-134: Use of Externally-Controlled Format String" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21421.json b/2023/21xxx/CVE-2023-21421.json index 8ec837d04b0..20fcb642ac5 100644 --- a/2023/21xxx/CVE-2023-21421.json +++ b/2023/21xxx/CVE-2023-21421.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-280: Improper Handling of Insufficient Permissions or Privileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21422.json b/2023/21xxx/CVE-2023-21422.json index bc2a00c0391..5f45aa53521 100644 --- a/2023/21xxx/CVE-2023-21422.json +++ b/2023/21xxx/CVE-2023-21422.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21423.json b/2023/21xxx/CVE-2023-21423.json index 10cbd115566..67a3c49c70b 100644 --- a/2023/21xxx/CVE-2023-21423.json +++ b/2023/21xxx/CVE-2023-21423.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21424.json b/2023/21xxx/CVE-2023-21424.json index a5773a51b5b..5b616a3c12a 100644 --- a/2023/21xxx/CVE-2023-21424.json +++ b/2023/21xxx/CVE-2023-21424.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21424", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21425.json b/2023/21xxx/CVE-2023-21425.json index dc1e0593a65..a1b4a209399 100644 --- a/2023/21xxx/CVE-2023-21425.json +++ b/2023/21xxx/CVE-2023-21425.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21425", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21426.json b/2023/21xxx/CVE-2023-21426.json index 473953111cf..0c5c5a03d85 100644 --- a/2023/21xxx/CVE-2023-21426.json +++ b/2023/21xxx/CVE-2023-21426.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select Q(10) devices", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21427.json b/2023/21xxx/CVE-2023-21427.json index 75b71c90a6c..8051978d80e 100644 --- a/2023/21xxx/CVE-2023-21427.json +++ b/2023/21xxx/CVE-2023-21427.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21428.json b/2023/21xxx/CVE-2023-21428.json index 2f628935243..2e62c41df42 100644 --- a/2023/21xxx/CVE-2023-21428.json +++ b/2023/21xxx/CVE-2023-21428.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21429.json b/2023/21xxx/CVE-2023-21429.json index 0e0cf935a6c..78aee5270bb 100644 --- a/2023/21xxx/CVE-2023-21429.json +++ b/2023/21xxx/CVE-2023-21429.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 : Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21430.json b/2023/21xxx/CVE-2023-21430.json index c7a5dc942de..ad29fbb9945 100644 --- a/2023/21xxx/CVE-2023-21430.json +++ b/2023/21xxx/CVE-2023-21430.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Jan-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125 Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21431.json b/2023/21xxx/CVE-2023-21431.json index 55c51cbb555..c63e4675134 100644 --- a/2023/21xxx/CVE-2023-21431.json +++ b/2023/21xxx/CVE-2023-21431.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Bixby Vision", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "3.7.70.17" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21432.json b/2023/21xxx/CVE-2023-21432.json index 2643cc8f156..a06c446acec 100644 --- a/2023/21xxx/CVE-2023-21432.json +++ b/2023/21xxx/CVE-2023-21432.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Smart Things", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "1.7.93" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21433.json b/2023/21xxx/CVE-2023-21433.json index de9e661240f..80cf46edf07 100644 --- a/2023/21xxx/CVE-2023-21433.json +++ b/2023/21xxx/CVE-2023-21433.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy Store", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "4.5.49.8" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21434.json b/2023/21xxx/CVE-2023-21434.json index 4de9694e8de..8a1a3da3101 100644 --- a/2023/21xxx/CVE-2023-21434.json +++ b/2023/21xxx/CVE-2023-21434.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Galaxy Store", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "4.5.49.8" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=01" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21435.json b/2023/21xxx/CVE-2023-21435.json index 4a269e28bff..8f2406d8c70 100644 --- a/2023/21xxx/CVE-2023-21435.json +++ b/2023/21xxx/CVE-2023-21435.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Select R(11), S(12), T(13) devices", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21436.json b/2023/21xxx/CVE-2023-21436.json index fdbf0dd396c..6f00b0ee2ae 100644 --- a/2023/21xxx/CVE-2023-21436.json +++ b/2023/21xxx/CVE-2023-21436.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21436", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 : Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21437.json b/2023/21xxx/CVE-2023-21437.json index 8500ccc3bb7..d199d5a4058 100644 --- a/2023/21xxx/CVE-2023-21437.json +++ b/2023/21xxx/CVE-2023-21437.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12), T(13)", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287 Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21438.json b/2023/21xxx/CVE-2023-21438.json index 42586245464..1fb3ec92ca1 100644 --- a/2023/21xxx/CVE-2023-21438.json +++ b/2023/21xxx/CVE-2023-21438.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12)", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21439.json b/2023/21xxx/CVE-2023-21439.json index cce5a620123..0564147c0bd 100644 --- a/2023/21xxx/CVE-2023-21439.json +++ b/2023/21xxx/CVE-2023-21439.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12), T(13)", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21440.json b/2023/21xxx/CVE-2023-21440.json index 8d15497cda9..ff816d49721 100644 --- a/2023/21xxx/CVE-2023-21440.json +++ b/2023/21xxx/CVE-2023-21440.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "T(13)", + "version_value": "SMR Feb-2023 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285 Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21441.json b/2023/21xxx/CVE-2023-21441.json index 6c80a03daaf..fec29e9e663 100644 --- a/2023/21xxx/CVE-2023-21441.json +++ b/2023/21xxx/CVE-2023-21441.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Routine", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-345: Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21442.json b/2023/21xxx/CVE-2023-21442.json index 95a3322ed9f..80f486f389b 100644 --- a/2023/21xxx/CVE-2023-21442.json +++ b/2023/21xxx/CVE-2023-21442.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Runestone", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21443.json b/2023/21xxx/CVE-2023-21443.json index 77fee451b97..85962f62f30 100644 --- a/2023/21xxx/CVE-2023-21443.json +++ b/2023/21xxx/CVE-2023-21443.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Flow for Android", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "4.9.04" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21444.json b/2023/21xxx/CVE-2023-21444.json index b422aa53ef3..99b111de20a 100644 --- a/2023/21xxx/CVE-2023-21444.json +++ b/2023/21xxx/CVE-2023-21444.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Flow for PC", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "4.9.14.0" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "availabilityImpact": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-326 Inadequate Encryption Strength" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21445.json b/2023/21xxx/CVE-2023-21445.json index df2871c4795..fb6f6ea0170 100644 --- a/2023/21xxx/CVE-2023-21445.json +++ b/2023/21xxx/CVE-2023-21445.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "The patch adds proper access control to use explicit intent.", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21446.json b/2023/21xxx/CVE-2023-21446.json index fe6e911a280..2e9380843a0 100644 --- a/2023/21xxx/CVE-2023-21446.json +++ b/2023/21xxx/CVE-2023-21446.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21446", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MyFiles", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21447.json b/2023/21xxx/CVE-2023-21447.json index 7d43a794fde..fc8f83b26d6 100644 --- a/2023/21xxx/CVE-2023-21447.json +++ b/2023/21xxx/CVE-2023-21447.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21447", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "5.3.0.32" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21448.json b/2023/21xxx/CVE-2023-21448.json index 66af2628488..8d18c0957f9 100644 --- a/2023/21xxx/CVE-2023-21448.json +++ b/2023/21xxx/CVE-2023-21448.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21448", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Cloud", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "5.3.0.32" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21450.json b/2023/21xxx/CVE-2023-21450.json index 5dd085df2d9..d4eb66fdc29 100644 --- a/2023/21xxx/CVE-2023-21450.json +++ b/2023/21xxx/CVE-2023-21450.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21450", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "One Hand Operation +", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "6.1.21" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-862: Missing Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=02" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21451.json b/2023/21xxx/CVE-2023-21451.json index 997ccf85b6c..b51714e689b 100644 --- a/2023/21xxx/CVE-2023-21451.json +++ b/2023/21xxx/CVE-2023-21451.json @@ -1,18 +1,81 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2023-21451", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "Android S(12)" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=04", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=04" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2023/21xxx/CVE-2023-21747.json b/2023/21xxx/CVE-2023-21747.json index d2d1ff3710c..c658d287b2d 100644 --- a/2023/21xxx/CVE-2023-21747.json +++ b/2023/21xxx/CVE-2023-21747.json @@ -302,6 +302,11 @@ "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21747", "refsource": "MISC", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21747" + }, + { + "refsource": "MISC", + "name": "http://packetstormsecurity.com/files/170933/Windows-Kernel-Dangling-Registry-Link-Node-Use-After-Free.html", + "url": "http://packetstormsecurity.com/files/170933/Windows-Kernel-Dangling-Registry-Link-Node-Use-After-Free.html" } ] },