admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-07 11:06:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-07-06 14:00:50 +00:00
parent e4c853adac
commit 79c696c6a4
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
34 changed files with 1660 additions and 118 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
2022/1xxx/CVE-2022-1981.json
View File

@ -77,24 +77,24 @@
},
"impact": {
"cvss": {
"vectorString": "AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackComplexity": "HIGH",
"vectorString": "AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"version": "3.1",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
"baseScore": 2.6,
"baseSeverity": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks [muthu_prakash](https://hackerone.com/fushbey) for reporting this vulnerability through our HackerOne bug bounty program"
"value": "Thanks [muthu_prakash](https://hackerone.com/muthu_prakash) for reporting this vulnerability through our HackerOne bug bounty program"
}
]
}

50
2022/20xxx/CVE-2022-20082.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20082",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6768, MT6769, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730."
}
]
}

50
2022/20xxx/CVE-2022-20083.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-20083",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT2731, MT2735, MT6297, MT6725, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6755, MT6757, MT6757P, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6797, MT6799, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Modem LR9, \nLR11, \nLR12, \nLR12A, \nLR13, \nNR15,\nNR16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883."
}
]
}

50
2022/21xxx/CVE-2022-21744.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21744",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT2731, MT2735, MT6297, MT6725, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6755, MT6757, MT6757P, MT6758, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769T, MT6769Z, MT6771, MT6775, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6789, MT6797, MT6799, MT6833, MT6853, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT8666, MT8667, MT8675, MT8735A, MT8735B, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Modem LR9, \nLR11, \nLR12, \nLR12A, \nLR13, \nNR15,\nNR16"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626."
}
]
}

50
2022/21xxx/CVE-2022-21763.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21763",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708."
}
]
}

50
2022/21xxx/CVE-2022-21764.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21764",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6739, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT6895, MT6983, MT6985, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717."
}
]
}

50
2022/21xxx/CVE-2022-21765.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21765",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673."
}
]
}

50
2022/21xxx/CVE-2022-21766.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21766",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653."
}
]
}

50
2022/21xxx/CVE-2022-21767.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21767",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT8167, MT8175, MT8183, MT8362A, MT8365, MT8385",
"version": {
"version_data": [
{
"version_value": "Android 8.1, 9.0, 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430."
}
]
}

50
2022/21xxx/CVE-2022-21768.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21768",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT8167S, MT8175, MT8183, MT8362A, MT8365, MT8385",
"version": {
"version_data": [
{
"version_value": "Android 8.1, 9.0, 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351."
}
]
}

50
2022/21xxx/CVE-2022-21769.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21769",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8321, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 10.0, 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687."
}
]
}

50
2022/21xxx/CVE-2022-21770.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21770",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6781, MT6877, MT6879, MT6893, MT6895, MT6983, MT8791, MT8797, MT8798",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663."
}
]
}

50
2022/21xxx/CVE-2022-21771.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21771",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6737, MT6739, MT6753, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8168, MT8365",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585."
}
]
}

50
2022/21xxx/CVE-2022-21772.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21772",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6765, MT6768, MT6771, MT6779, MT6833, MT6879, MT6885, MT6893, MT6895, MT6983, MT8185, MT8765, MT8766, MT8768, MT8785, MT8786, MT8788, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842."
}
]
}

50
2022/21xxx/CVE-2022-21773.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21773",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6737, MT6739, MT6750, MT6750S, MT6755, MT6755S, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641388; Issue ID: ALPS06641388."
}
]
}

50
2022/21xxx/CVE-2022-21774.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21774",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6875, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447."
}
]
}

50
2022/21xxx/CVE-2022-21775.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21775",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6795, MT6797, MT6799, MT6833, MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8167, MT8167S, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8675, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032."
}
]
}

50
2022/21xxx/CVE-2022-21776.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21776",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT8163, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8183, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8791, MT8797, MT8798",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450."
}
]
}

50
2022/21xxx/CVE-2022-21777.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21777",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6580, MT6735, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6785, MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6885, MT6891, MT6893, MT6895, MT6983, MT8167, MT8167S, MT8168, MT8173, MT8175, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894."
}
]
}

50
2022/21xxx/CVE-2022-21779.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21779",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393."
}
]
}

50
2022/21xxx/CVE-2022-21780.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21780",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526."
}
]
}

50
2022/21xxx/CVE-2022-21781.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21781",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433."
}
]
}

50
2022/21xxx/CVE-2022-21782.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21782",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508."
}
]
}

50
2022/21xxx/CVE-2022-21783.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21783",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482."
}
]
}

50
2022/21xxx/CVE-2022-21784.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21784",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6761, MT6779, MT6781, MT6833, MT6853, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462."
}
]
}

50
2022/21xxx/CVE-2022-21785.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21785",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6877, MT6983, MT8167S, MT8168, MT8175, MT8183, MT8185, MT8362A, MT8365, MT8385, MT8667, MT8675, MT8695, MT8696, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8797",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363."
}
]
}

50
2022/21xxx/CVE-2022-21786.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21786",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8791, MT8797, MT8798",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822."
}
]
}

50
2022/21xxx/CVE-2022-21787.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-21787",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "security@mediatek.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "MediaTek, Inc.",
"product": {
"product_data": [
{
"product_name": "MT6833, MT6853, MT6873, MT6877, MT6879, MT6885, MT6893, MT6895, MT6983, MT8791, MT8797, MT8798",
"version": {
"version_data": [
{
"version_value": "Android 11.0, 12.0"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://corp.mediatek.com/product-security-bulletin/July-2022",
"url": "https://corp.mediatek.com/product-security-bulletin/July-2022"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844."
}
]
}

97
2022/23xxx/CVE-2022-23172.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-26T13:17:00.000Z",
"ID": "CVE-2022-23172",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Priority - Priority User Enumeration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Priority",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "22.0",
"version_value": "22.0"
}
]
}
}
]
},
"vendor_name": "Priority"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": ": Dudu Moyal - Sophtix Security LTD."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An attacker can access to \"Forgot my password\" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "User Enumeration"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/departments/faq/cve_advisories",
"name": "https://www.gov.il/en/departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version V22.0"
}
],
"source": {
"defect": [
"ILVN-2022-0027"
],
"discovery": "EXTERNAL"
}
}

97
2022/23xxx/CVE-2022-23173.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-27T08:35:00.000Z",
"ID": "CVE-2022-23173",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Priority - Priority web Insecure direct object references (IDOR)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Priority web",
"version": {
"version_data": [
{
"version_affected": ">",
"version_name": "V22.0",
"version_value": "V22.0"
}
]
}
}
]
},
"vendor_name": "Priority"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gad Abuhatzeira - Sophtix Security LTD. "
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "this vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the \"Login menu - demo site\" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure direct object references (IDOR)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version V22.0."
}
],
"source": {
"defect": [
"ILVN-2022-0028"
],
"discovery": "EXTERNAL"
}
}

57
2022/23xxx/CVE-2022-23713.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2022-23713",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "kibana",
"version": {
"version_data": [
{
"version_value": "Versions 7.0.0 through 7.17.4 and 8.0.0 through 8.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"
},
{
"url": "https://www.elastic.co/community/security",
"refsource": "MISC",
"name": "https://www.elastic.co/community/security"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim\u2019s browser."
}
]
}

57
2022/23xxx/CVE-2022-23714.json
View File

@ -1,17 +1,66 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2022-23714",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Elastic",
"product": {
"product_data": [
{
"product_name": "Endpoint Security",
"version": {
"version_data": [
{
"version_value": "Versions 7.13.0 through 7.17.4 and 8.0.0 through 8.2.3"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613",
"refsource": "MISC",
"name": "https://discuss.elastic.co/t/elastic-8-3-1-8-3-0-and-7-17-5-security-update/308613"
},
{
"url": "https://www.elastic.co/community/security",
"refsource": "MISC",
"name": "https://www.elastic.co/community/security"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account."
}
]
}

97
2022/30xxx/CVE-2022-30619.json
View File

@ -1,18 +1,103 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "cna@cyber.gov.il",
"DATE_PUBLIC": "2022-06-27T08:35:00.000Z",
"ID": "CVE-2022-30619",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Agile Point - Agile Point NX SQL injection (SQLi)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agile Point NX",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_name": "7.0",
"version_value": "8.0"
}
]
}
}
]
},
"vendor_name": "Agile Point"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Osher Assor"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. He attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://www.gov.il/en/Departments/faq/cve_advisories",
"name": "https://www.gov.il/en/Departments/faq/cve_advisories"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update to version 8.0"
}
],
"source": {
"defect": [
"ILVN-2022-0029"
],
"discovery": "EXTERNAL"
}
}

9
2022/33xxx/CVE-2022-33980.json
View File

@ -42,7 +42,7 @@
"description_data": [
{
"lang": "eng",
"value": "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are:\n- \"script\" - execute expressions using the JVM script execution engine (javax.script)\n- \"dns\" - resolve dns records\n- \"url\" - load values from urls, including from remote servers\n\nApplications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used.\n\nUsers are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default."
"value": "Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is \"${prefix:name}\", where \"prefix\" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - \"script\" - execute expressions using the JVM script execution engine (javax.script) - \"dns\" - resolve dns records - \"url\" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default."
}
]
},
@ -69,8 +69,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s"
"refsource": "MISC",
"url": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s",
"name": "https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s"
}
]
},
@ -83,4 +84,4 @@
"value": "Upgrade to version Apache Commons Configuration 2.8.0"
}
]
}
}