diff --git a/2022/21xxx/CVE-2022-21788.json b/2022/21xxx/CVE-2022-21788.json index be451a580e5..2d1a885796e 100644 --- a/2022/21xxx/CVE-2022-21788.json +++ b/2022/21xxx/CVE-2022-21788.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21788", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6879, MT6895, MT6983", + "version": { + "version_data": [ + { + "version_value": "Android 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728." } ] } diff --git a/2022/21xxx/CVE-2022-21789.json b/2022/21xxx/CVE-2022-21789.json index 792c41c0c80..f0899490f19 100644 --- a/2022/21xxx/CVE-2022-21789.json +++ b/2022/21xxx/CVE-2022-21789.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21789", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6779, MT6781, MT6785, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8791, MT8797, MT8798", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101." } ] } diff --git a/2022/21xxx/CVE-2022-21790.json b/2022/21xxx/CVE-2022-21790.json index 33f76f2eb13..afae34dee97 100644 --- a/2022/21xxx/CVE-2022-21790.json +++ b/2022/21xxx/CVE-2022-21790.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21790", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6893", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306." } ] } diff --git a/2022/21xxx/CVE-2022-21791.json b/2022/21xxx/CVE-2022-21791.json index 9fb9d63021a..d5dbff2bc65 100644 --- a/2022/21xxx/CVE-2022-21791.json +++ b/2022/21xxx/CVE-2022-21791.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21791", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6885, MT6893", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059." } ] } diff --git a/2022/21xxx/CVE-2022-21792.json b/2022/21xxx/CVE-2022-21792.json index f7ba8f9eb38..b3886945228 100644 --- a/2022/21xxx/CVE-2022-21792.json +++ b/2022/21xxx/CVE-2022-21792.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-21792", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6893", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410." } ] } diff --git a/2022/26xxx/CVE-2022-26426.json b/2022/26xxx/CVE-2022-26426.json index 118728adde1..7012c782ab0 100644 --- a/2022/26xxx/CVE-2022-26426.json +++ b/2022/26xxx/CVE-2022-26426.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26426", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6893, MT8167, MT8167S, MT8168, MT8175, MT8185, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8765, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486." } ] } diff --git a/2022/26xxx/CVE-2022-26427.json b/2022/26xxx/CVE-2022-26427.json index ba5e7fda3be..df47ba1b44c 100644 --- a/2022/26xxx/CVE-2022-26427.json +++ b/2022/26xxx/CVE-2022-26427.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26427", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6893", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540." } ] } diff --git a/2022/26xxx/CVE-2022-26428.json b/2022/26xxx/CVE-2022-26428.json index 24b8feaffc8..3ef01a420e0 100644 --- a/2022/26xxx/CVE-2022-26428.json +++ b/2022/26xxx/CVE-2022-26428.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26428", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6739, MT6761, MT6765, MT6771, MT8163, MT8167, MT8173, MT8183, MT8362A, MT8385, MT8695", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260." } ] } diff --git a/2022/26xxx/CVE-2022-26429.json b/2022/26xxx/CVE-2022-26429.json index c4bec0021ed..3b9e7fea331 100644 --- a/2022/26xxx/CVE-2022-26429.json +++ b/2022/26xxx/CVE-2022-26429.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26429", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6735, MT6739, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8173, MT8185, MT8321, MT8365, MT8385, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415." } ] } diff --git a/2022/26xxx/CVE-2022-26430.json b/2022/26xxx/CVE-2022-26430.json index caac6ab860b..8b13d06b042 100644 --- a/2022/26xxx/CVE-2022-26430.json +++ b/2022/26xxx/CVE-2022-26430.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26430", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521." } ] } diff --git a/2022/26xxx/CVE-2022-26431.json b/2022/26xxx/CVE-2022-26431.json index ab2bb647361..7fde8bfc259 100644 --- a/2022/26xxx/CVE-2022-26431.json +++ b/2022/26xxx/CVE-2022-26431.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26431", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553." } ] } diff --git a/2022/26xxx/CVE-2022-26432.json b/2022/26xxx/CVE-2022-26432.json index 1af8a82fb63..4a8a829d31b 100644 --- a/2022/26xxx/CVE-2022-26432.json +++ b/2022/26xxx/CVE-2022-26432.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26432", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542." } ] } diff --git a/2022/26xxx/CVE-2022-26433.json b/2022/26xxx/CVE-2022-26433.json index b5564c2dbc6..b3c4274d51f 100644 --- a/2022/26xxx/CVE-2022-26433.json +++ b/2022/26xxx/CVE-2022-26433.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26433", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400." } ] } diff --git a/2022/26xxx/CVE-2022-26434.json b/2022/26xxx/CVE-2022-26434.json index 7217eaf3f60..99616edf894 100644 --- a/2022/26xxx/CVE-2022-26434.json +++ b/2022/26xxx/CVE-2022-26434.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26434", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450." } ] } diff --git a/2022/26xxx/CVE-2022-26435.json b/2022/26xxx/CVE-2022-26435.json index 38fc64e14f2..9ffe2958ff9 100644 --- a/2022/26xxx/CVE-2022-26435.json +++ b/2022/26xxx/CVE-2022-26435.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26435", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8532, MT8666, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0 or Yocto 3.1, 3.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435." } ] } diff --git a/2022/26xxx/CVE-2022-26436.json b/2022/26xxx/CVE-2022-26436.json index 27de660470f..8ec35d029c7 100644 --- a/2022/26xxx/CVE-2022-26436.json +++ b/2022/26xxx/CVE-2022-26436.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26436", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6855, MT6879, MT6895, MT6983", + "version": { + "version_data": [ + { + "version_value": "Android 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666." } ] } diff --git a/2022/26xxx/CVE-2022-26437.json b/2022/26xxx/CVE-2022-26437.json index 25988e91cb2..232c4579eb6 100644 --- a/2022/26xxx/CVE-2022-26437.json +++ b/2022/26xxx/CVE-2022-26437.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26437", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2621, MT2625", + "version": { + "version_data": [ + { + "version_value": "NBIOT SDK V2.8.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831." } ] } diff --git a/2022/26xxx/CVE-2022-26438.json b/2022/26xxx/CVE-2022-26438.json index c36e0031bb3..3955b37c28d 100644 --- a/2022/26xxx/CVE-2022-26438.json +++ b/2022/26xxx/CVE-2022-26438.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26438", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013." } ] } diff --git a/2022/26xxx/CVE-2022-26439.json b/2022/26xxx/CVE-2022-26439.json index 28163ed6f7b..63b4ac82bb7 100644 --- a/2022/26xxx/CVE-2022-26439.json +++ b/2022/26xxx/CVE-2022-26439.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26439", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020." } ] } diff --git a/2022/26xxx/CVE-2022-26440.json b/2022/26xxx/CVE-2022-26440.json index b9fbc1d33d9..6b9ad90e81e 100644 --- a/2022/26xxx/CVE-2022-26440.json +++ b/2022/26xxx/CVE-2022-26440.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26440", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037." } ] } diff --git a/2022/26xxx/CVE-2022-26441.json b/2022/26xxx/CVE-2022-26441.json index 1fec81cf865..e0e5b53e24b 100644 --- a/2022/26xxx/CVE-2022-26441.json +++ b/2022/26xxx/CVE-2022-26441.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26441", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044." } ] } diff --git a/2022/26xxx/CVE-2022-26442.json b/2022/26xxx/CVE-2022-26442.json index 1891def5515..1d9d4eb0acf 100644 --- a/2022/26xxx/CVE-2022-26442.json +++ b/2022/26xxx/CVE-2022-26442.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26442", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051." } ] } diff --git a/2022/26xxx/CVE-2022-26443.json b/2022/26xxx/CVE-2022-26443.json index 0eaecd439bc..e10ffc2afdc 100644 --- a/2022/26xxx/CVE-2022-26443.json +++ b/2022/26xxx/CVE-2022-26443.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26443", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068." } ] } diff --git a/2022/26xxx/CVE-2022-26444.json b/2022/26xxx/CVE-2022-26444.json index 21ce0675e5e..d87dbef32de 100644 --- a/2022/26xxx/CVE-2022-26444.json +++ b/2022/26xxx/CVE-2022-26444.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26444", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075." } ] } diff --git a/2022/26xxx/CVE-2022-26445.json b/2022/26xxx/CVE-2022-26445.json index 5c4dbff898d..c180013fcb8 100644 --- a/2022/26xxx/CVE-2022-26445.json +++ b/2022/26xxx/CVE-2022-26445.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-26445", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT7603, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915, MT7916, MT7986, MT8981", + "version": { + "version_data": [ + { + "version_value": "7.6.2.3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/August-2022", + "url": "https://corp.mediatek.com/product-security-bulletin/August-2022" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088." } ] } diff --git a/2022/2xxx/CVE-2022-2600.json b/2022/2xxx/CVE-2022-2600.json new file mode 100644 index 00000000000..26d8bcf8876 --- /dev/null +++ b/2022/2xxx/CVE-2022-2600.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2022-2600", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2022/34xxx/CVE-2022-34154.json b/2022/34xxx/CVE-2022-34154.json index 475515b7a52..d93ec0197c0 100644 --- a/2022/34xxx/CVE-2022-34154.json +++ b/2022/34xxx/CVE-2022-34154.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-01T13:21:00.000Z", "ID": "CVE-2022-34154", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Arbitrary File Upload vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enable SVG, WebP & ICO Upload (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "ideasToCode" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "HIGH", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Arbitrary File Upload" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers" + }, + { + "name": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-arbitrary-file-upload-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-arbitrary-file-upload-vulnerability" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36343.json b/2022/36xxx/CVE-2022-36343.json index 2ca3541ed03..f939fb05824 100644 --- a/2022/36xxx/CVE-2022-36343.json +++ b/2022/36xxx/CVE-2022-36343.json @@ -1,18 +1,99 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "audit@patchstack.com", + "DATE_PUBLIC": "2022-08-01T13:16:00.000Z", "ID": "CVE-2022-36343", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC", + "TITLE": "WordPress Enable SVG, WebP & ICO Upload plugin <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Enable SVG, WebP & ICO Upload (WordPress plugin)", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "<= 1.0.1", + "version_value": "1.0.1" + } + ] + } + } + ] + }, + "vendor_name": "ideasToCode" + } + ] + } + }, + "credit": [ + { + "lang": "eng", + "value": "Vulnerability discovered by Kim Jong Min aka Universe (Patchstack Alliance)" + } + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress." } ] + }, + "generator": { + "engine": "Vulnogram 0.0.9" + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "NONE", + "baseScore": 3.4, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "HIGH", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability", + "refsource": "CONFIRM", + "url": "https://patchstack.com/database/vulnerability/enable-svg-webp-ico-upload/wordpress-enable-svg-webp-ico-upload-plugin-1-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability" + }, + { + "name": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/enable-svg-webp-ico-upload/#developers" + } + ] + }, + "source": { + "discovery": "EXTERNAL" } } \ No newline at end of file