From 92b9db909b18b9e2e23e4ae13eb1d4893bd31014 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 8 Dec 2023 16:00:33 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2023/48xxx/CVE-2023-48397.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48398.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48399.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48401.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48402.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48403.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48404.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48405.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48406.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48407.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48408.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48409.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48410.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48411.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48412.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48413.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48414.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48415.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48416.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48420.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48421.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48422.json | 53 +++++++++++++++++-- 2023/48xxx/CVE-2023-48423.json | 53 +++++++++++++++++-- 2023/49xxx/CVE-2023-49484.json | 56 +++++++++++++++++--- 2023/49xxx/CVE-2023-49485.json | 56 +++++++++++++++++--- 2023/49xxx/CVE-2023-49486.json | 56 +++++++++++++++++--- 2023/49xxx/CVE-2023-49487.json | 56 +++++++++++++++++--- 2023/50xxx/CVE-2023-50408.json | 18 +++++++ 2023/50xxx/CVE-2023-50409.json | 18 +++++++ 2023/50xxx/CVE-2023-50410.json | 18 +++++++ 2023/50xxx/CVE-2023-50411.json | 18 +++++++ 2023/6xxx/CVE-2023-6612.json | 95 ++++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6613.json | 95 ++++++++++++++++++++++++++++++++-- 2023/6xxx/CVE-2023-6625.json | 18 +++++++ 2023/6xxx/CVE-2023-6626.json | 18 +++++++ 2023/6xxx/CVE-2023-6627.json | 18 +++++++ 2023/6xxx/CVE-2023-6628.json | 18 +++++++ 37 files changed, 1653 insertions(+), 124 deletions(-) create mode 100644 2023/50xxx/CVE-2023-50408.json create mode 100644 2023/50xxx/CVE-2023-50409.json create mode 100644 2023/50xxx/CVE-2023-50410.json create mode 100644 2023/50xxx/CVE-2023-50411.json create mode 100644 2023/6xxx/CVE-2023-6625.json create mode 100644 2023/6xxx/CVE-2023-6626.json create mode 100644 2023/6xxx/CVE-2023-6627.json create mode 100644 2023/6xxx/CVE-2023-6628.json diff --git a/2023/48xxx/CVE-2023-48397.json b/2023/48xxx/CVE-2023-48397.json index d916801d426..7dfd8b320ca 100644 --- a/2023/48xxx/CVE-2023-48397.json +++ b/2023/48xxx/CVE-2023-48397.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48397", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48398.json b/2023/48xxx/CVE-2023-48398.json index 3ffc3c89a7b..ed98ba5852a 100644 --- a/2023/48xxx/CVE-2023-48398.json +++ b/2023/48xxx/CVE-2023-48398.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48398", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48399.json b/2023/48xxx/CVE-2023-48399.json index 3404e196b75..19be4bba668 100644 --- a/2023/48xxx/CVE-2023-48399.json +++ b/2023/48xxx/CVE-2023-48399.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48399", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48401.json b/2023/48xxx/CVE-2023-48401.json index 2c7bff925cf..5285505c6d2 100644 --- a/2023/48xxx/CVE-2023-48401.json +++ b/2023/48xxx/CVE-2023-48401.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48401", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48402.json b/2023/48xxx/CVE-2023-48402.json index d99eecc267c..bbea20a168d 100644 --- a/2023/48xxx/CVE-2023-48402.json +++ b/2023/48xxx/CVE-2023-48402.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48402", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48403.json b/2023/48xxx/CVE-2023-48403.json index eccb94b33f8..8d0cdba7b11 100644 --- a/2023/48xxx/CVE-2023-48403.json +++ b/2023/48xxx/CVE-2023-48403.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48403", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48404.json b/2023/48xxx/CVE-2023-48404.json index c77b418fea8..1010c23b9ed 100644 --- a/2023/48xxx/CVE-2023-48404.json +++ b/2023/48xxx/CVE-2023-48404.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48404", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48405.json b/2023/48xxx/CVE-2023-48405.json index 6fcc90698c9..672d7596de6 100644 --- a/2023/48xxx/CVE-2023-48405.json +++ b/2023/48xxx/CVE-2023-48405.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48405", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48406.json b/2023/48xxx/CVE-2023-48406.json index c1cc73ff7f3..251a923c171 100644 --- a/2023/48xxx/CVE-2023-48406.json +++ b/2023/48xxx/CVE-2023-48406.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48406", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48407.json b/2023/48xxx/CVE-2023-48407.json index e230b617958..eefc0e4b296 100644 --- a/2023/48xxx/CVE-2023-48407.json +++ b/2023/48xxx/CVE-2023-48407.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48407", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48408.json b/2023/48xxx/CVE-2023-48408.json index 18fff9960d8..829e5b1379a 100644 --- a/2023/48xxx/CVE-2023-48408.json +++ b/2023/48xxx/CVE-2023-48408.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48408", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48409.json b/2023/48xxx/CVE-2023-48409.json index d359e13f038..cdcd68c9c46 100644 --- a/2023/48xxx/CVE-2023-48409.json +++ b/2023/48xxx/CVE-2023-48409.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48409", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48410.json b/2023/48xxx/CVE-2023-48410.json index 2011f08713d..e8cc3372247 100644 --- a/2023/48xxx/CVE-2023-48410.json +++ b/2023/48xxx/CVE-2023-48410.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48410", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48411.json b/2023/48xxx/CVE-2023-48411.json index 0616bc47be9..f8c2eae585e 100644 --- a/2023/48xxx/CVE-2023-48411.json +++ b/2023/48xxx/CVE-2023-48411.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48411", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48412.json b/2023/48xxx/CVE-2023-48412.json index f39873c0012..a38c49a020f 100644 --- a/2023/48xxx/CVE-2023-48412.json +++ b/2023/48xxx/CVE-2023-48412.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48412", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48413.json b/2023/48xxx/CVE-2023-48413.json index 6ba3f47b160..6c52fdaf832 100644 --- a/2023/48xxx/CVE-2023-48413.json +++ b/2023/48xxx/CVE-2023-48413.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48413", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48414.json b/2023/48xxx/CVE-2023-48414.json index f6c8ac0f7a6..c478180cce4 100644 --- a/2023/48xxx/CVE-2023-48414.json +++ b/2023/48xxx/CVE-2023-48414.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48414", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48415.json b/2023/48xxx/CVE-2023-48415.json index ba64df5eb36..6e0506e669f 100644 --- a/2023/48xxx/CVE-2023-48415.json +++ b/2023/48xxx/CVE-2023-48415.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48415", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48416.json b/2023/48xxx/CVE-2023-48416.json index ffdd0a042fc..14faa0db03f 100644 --- a/2023/48xxx/CVE-2023-48416.json +++ b/2023/48xxx/CVE-2023-48416.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48416", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48420.json b/2023/48xxx/CVE-2023-48420.json index 0d3ae7cd5ca..844176ddc0b 100644 --- a/2023/48xxx/CVE-2023-48420.json +++ b/2023/48xxx/CVE-2023-48420.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48420", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48421.json b/2023/48xxx/CVE-2023-48421.json index 86345314e42..8dc8778848f 100644 --- a/2023/48xxx/CVE-2023-48421.json +++ b/2023/48xxx/CVE-2023-48421.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48421", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48422.json b/2023/48xxx/CVE-2023-48422.json index 8ac336a8b89..728bfd9037b 100644 --- a/2023/48xxx/CVE-2023-48422.json +++ b/2023/48xxx/CVE-2023-48422.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48422", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/48xxx/CVE-2023-48423.json b/2023/48xxx/CVE-2023-48423.json index 44918f98dfa..b5f64ed4a47 100644 --- a/2023/48xxx/CVE-2023-48423.json +++ b/2023/48xxx/CVE-2023-48423.json @@ -1,17 +1,62 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-48423", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "dsap-vuln-management@google.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Google", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://source.android.com/security/bulletin/pixel/2023-12-01", + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/pixel/2023-12-01" } ] } diff --git a/2023/49xxx/CVE-2023-49484.json b/2023/49xxx/CVE-2023-49484.json index d12cf79952c..33867899ace 100644 --- a/2023/49xxx/CVE-2023-49484.json +++ b/2023/49xxx/CVE-2023-49484.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49484", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49484", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md", + "refsource": "MISC", + "name": "https://github.com/jiaofj/cms/blob/main/There%20is%20a%20storage%20based%20XSS%20in%20the%20article%20management%20department.md" } ] } diff --git a/2023/49xxx/CVE-2023-49485.json b/2023/49xxx/CVE-2023-49485.json index 2b33402a5e9..07c3615b160 100644 --- a/2023/49xxx/CVE-2023-49485.json +++ b/2023/49xxx/CVE-2023-49485.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49485", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49485", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20storage%20type%20XSS%20in%20the%20column%20management%20department.md", + "refsource": "MISC", + "name": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20storage%20type%20XSS%20in%20the%20column%20management%20department.md" } ] } diff --git a/2023/49xxx/CVE-2023-49486.json b/2023/49xxx/CVE-2023-49486.json index b064f457ea8..8b99714bff8 100644 --- a/2023/49xxx/CVE-2023-49486.json +++ b/2023/49xxx/CVE-2023-49486.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49486", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49486", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md", + "refsource": "MISC", + "name": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20model%20management%20department.md" } ] } diff --git a/2023/49xxx/CVE-2023-49487.json b/2023/49xxx/CVE-2023-49487.json index c714b85ac18..b3d350865ab 100644 --- a/2023/49xxx/CVE-2023-49487.json +++ b/2023/49xxx/CVE-2023-49487.json @@ -1,17 +1,61 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-49487", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ID": "CVE-2023-49487", + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md", + "refsource": "MISC", + "name": "https://github.com/Rabb1ter/cms/blob/main/There%20is%20a%20stored%20XSS%20in%20the%20navigation%20management%20office.md" } ] } diff --git a/2023/50xxx/CVE-2023-50408.json b/2023/50xxx/CVE-2023-50408.json new file mode 100644 index 00000000000..1a6183aa15c --- /dev/null +++ b/2023/50xxx/CVE-2023-50408.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-50408", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/50xxx/CVE-2023-50409.json b/2023/50xxx/CVE-2023-50409.json new file mode 100644 index 00000000000..4d096fee4eb --- /dev/null +++ b/2023/50xxx/CVE-2023-50409.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-50409", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/50xxx/CVE-2023-50410.json b/2023/50xxx/CVE-2023-50410.json new file mode 100644 index 00000000000..7ffa736e6bd --- /dev/null +++ b/2023/50xxx/CVE-2023-50410.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-50410", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/50xxx/CVE-2023-50411.json b/2023/50xxx/CVE-2023-50411.json new file mode 100644 index 00000000000..95eb9d62c08 --- /dev/null +++ b/2023/50xxx/CVE-2023-50411.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-50411", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6612.json b/2023/6xxx/CVE-2023-6612.json index a43ad61b92a..7e89ec4ed5f 100644 --- a/2023/6xxx/CVE-2023-6612.json +++ b/2023/6xxx/CVE-2023-6612.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6612", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Eine Schwachstelle wurde in Totolink X5000R 9.1.0cu.2300_B20230112 ausgemacht. Sie wurde als kritisch eingestuft. Dies betrifft die Funktion setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg der Datei /cgi-bin/cstecgi.cgi. Dank der Manipulation mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-78 OS Command Injection", + "cweId": "CWE-78" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Totolink", + "product": { + "product_data": [ + { + "product_name": "X5000R", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "9.1.0cu.2300_B20230112" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247247", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247247" + }, + { + "url": "https://vuldb.com/?ctiid.247247", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247247" + }, + { + "url": "https://github.com/OraclePi/repo/tree/main/totolink%20X5000R", + "refsource": "MISC", + "name": "https://github.com/OraclePi/repo/tree/main/totolink%20X5000R" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "oraclepi (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "3.0", + "baseScore": 5.5, + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseSeverity": "MEDIUM" + }, + { + "version": "2.0", + "baseScore": 5.2, + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P" } ] } diff --git a/2023/6xxx/CVE-2023-6613.json b/2023/6xxx/CVE-2023-6613.json index b1e7e587c15..b3e5831240c 100644 --- a/2023/6xxx/CVE-2023-6613.json +++ b/2023/6xxx/CVE-2023-6613.json @@ -1,17 +1,104 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-6613", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "cna@vuldb.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability classified as problematic has been found in Typecho 1.2.1. Affected is an unknown function of the file /admin/options-theme.php of the component Logo Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247248. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "deu", + "value": "Es wurde eine problematische Schwachstelle in Typecho 1.2.1 entdeckt. Dabei betrifft es einen unbekannter Codeteil der Datei /admin/options-theme.php der Komponente Logo Handler. Dank Manipulation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Cross Site Scripting", + "cweId": "CWE-79" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Typecho", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "1.2.1" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://vuldb.com/?id.247248", + "refsource": "MISC", + "name": "https://vuldb.com/?id.247248" + }, + { + "url": "https://vuldb.com/?ctiid.247248", + "refsource": "MISC", + "name": "https://vuldb.com/?ctiid.247248" + }, + { + "url": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md", + "refsource": "MISC", + "name": "https://github.com/JTZ-a/SRC/blob/master/Typecho/Typecho-Stored%20XSS/en-us.md" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "JTZ- (VulDB User)" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "baseScore": 2.4, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "3.0", + "baseScore": 2.4, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "LOW" + }, + { + "version": "2.0", + "baseScore": 3.3, + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N" } ] } diff --git a/2023/6xxx/CVE-2023-6625.json b/2023/6xxx/CVE-2023-6625.json new file mode 100644 index 00000000000..3c017ff4068 --- /dev/null +++ b/2023/6xxx/CVE-2023-6625.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6625", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6626.json b/2023/6xxx/CVE-2023-6626.json new file mode 100644 index 00000000000..12bb7a3c7ac --- /dev/null +++ b/2023/6xxx/CVE-2023-6626.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6626", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6627.json b/2023/6xxx/CVE-2023-6627.json new file mode 100644 index 00000000000..7fe310518d5 --- /dev/null +++ b/2023/6xxx/CVE-2023-6627.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6627", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/6xxx/CVE-2023-6628.json b/2023/6xxx/CVE-2023-6628.json new file mode 100644 index 00000000000..5e5b60f0b67 --- /dev/null +++ b/2023/6xxx/CVE-2023-6628.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-6628", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file