From ac773c793f127c4db04586d05de3b7eb0a0caabd Mon Sep 17 00:00:00 2001 From: CVE Team Date: Tue, 8 Oct 2024 07:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2024/34xxx/CVE-2024-34662.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34663.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34664.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34665.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34666.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34667.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34668.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34669.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34670.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34671.json | 79 +++++++++++++++++++++++++-- 2024/34xxx/CVE-2024-34672.json | 79 +++++++++++++++++++++++++-- 2024/48xxx/CVE-2024-48017.json | 18 +++++++ 2024/7xxx/CVE-2024-7206.json | 97 ++++++++++++++++++++++++++++++++-- 13 files changed, 936 insertions(+), 48 deletions(-) create mode 100644 2024/48xxx/CVE-2024-48017.json diff --git a/2024/34xxx/CVE-2024-34662.json b/2024/34xxx/CVE-2024-34662.json index 6ff8a05c842..835eae54165 100644 --- a/2024/34xxx/CVE-2024-34662.json +++ b/2024/34xxx/CVE-2024-34662.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34662", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 6.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ] } diff --git a/2024/34xxx/CVE-2024-34663.json b/2024/34xxx/CVE-2024-34663.json index 9d925cafe3b..6c40d3f2e09 100644 --- a/2024/34xxx/CVE-2024-34663.json +++ b/2024/34xxx/CVE-2024-34663.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34663", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-680: Integer Overflow to Buffer Overflow" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseSeverity": "MEDIUM", + "baseScore": 5.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ] } diff --git a/2024/34xxx/CVE-2024-34664.json b/2024/34xxx/CVE-2024-34664.json index c2dbc91375c..b3cc97af499 100644 --- a/2024/34xxx/CVE-2024-34664.json +++ b/2024/34xxx/CVE-2024-34664.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34664", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-754: Improper Check for Unusual or Exceptional Conditions" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseSeverity": "MEDIUM", + "baseScore": 4.1, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ] } diff --git a/2024/34xxx/CVE-2024-34665.json b/2024/34xxx/CVE-2024-34665.json index 19088c316d3..ec5f24008f8 100644 --- a/2024/34xxx/CVE-2024-34665.json +++ b/2024/34xxx/CVE-2024-34665.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34665", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/34xxx/CVE-2024-34666.json b/2024/34xxx/CVE-2024-34666.json index cb24e50cfff..d0b8b971744 100644 --- a/2024/34xxx/CVE-2024-34666.json +++ b/2024/34xxx/CVE-2024-34666.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34666", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/34xxx/CVE-2024-34667.json b/2024/34xxx/CVE-2024-34667.json index 25dbb49caa5..ffc0f56e178 100644 --- a/2024/34xxx/CVE-2024-34667.json +++ b/2024/34xxx/CVE-2024-34667.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34667", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/34xxx/CVE-2024-34668.json b/2024/34xxx/CVE-2024-34668.json index 6011644d7eb..c925620ae63 100644 --- a/2024/34xxx/CVE-2024-34668.json +++ b/2024/34xxx/CVE-2024-34668.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34668", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/34xxx/CVE-2024-34669.json b/2024/34xxx/CVE-2024-34669.json index 72381262f2f..682d75f6179 100644 --- a/2024/34xxx/CVE-2024-34669.json +++ b/2024/34xxx/CVE-2024-34669.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34669", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787 Out-of-bounds Write" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Oct-2024 Release in Android 12, 13, 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ] } diff --git a/2024/34xxx/CVE-2024-34670.json b/2024/34xxx/CVE-2024-34670.json index 23bbaff0d35..f2f7f8380a8 100644 --- a/2024/34xxx/CVE-2024-34670.json +++ b/2024/34xxx/CVE-2024-34670.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34670", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-927: Use of Implicit Intent for Sensitive Communication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Sound Assistant", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "6.1.0.9" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2024/34xxx/CVE-2024-34671.json b/2024/34xxx/CVE-2024-34671.json index 14dabf6be23..9b9ff26a693 100644 --- a/2024/34xxx/CVE-2024-34671.json +++ b/2024/34xxx/CVE-2024-34671.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34671", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Use of implicit intent for sensitive communication in translation\ud63bin Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-927: Use of Implicit Intent for Sensitive Communication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Internet", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "26.0.3.1" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "LOW", + "baseScore": 3.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ] } diff --git a/2024/34xxx/CVE-2024-34672.json b/2024/34xxx/CVE-2024-34672.json index 8f7ad0675d8..272395dfd14 100644 --- a/2024/34xxx/CVE-2024-34672.json +++ b/2024/34xxx/CVE-2024-34672.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-34672", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "SamsungVideoPlayer", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "7.3.29.1 in Android 12, 7.3.36.1 in Android 13 and 7.3.41.230 in Android 14" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=10" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2024/48xxx/CVE-2024-48017.json b/2024/48xxx/CVE-2024-48017.json new file mode 100644 index 00000000000..4bcef4f6903 --- /dev/null +++ b/2024/48xxx/CVE-2024-48017.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2024-48017", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2024/7xxx/CVE-2024-7206.json b/2024/7xxx/CVE-2024-7206.json index 4d402ea9e66..2d66e226719 100644 --- a/2024/7xxx/CVE-2024-7206.json +++ b/2024/7xxx/CVE-2024-7206.json @@ -1,18 +1,107 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2024-7206", "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SSL Pinning Bypass\u00a0in\u00a0eWeLink Some hardware products\u00a0allows local ATTACKER to Decrypt TLS communication and Extract secrets to clone the device\u00a0via Flash the modified firmware" } ] - } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295 Improper Certificate Validation", + "cweId": "CWE-295" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-798 Use of Hard-coded Credentials", + "cweId": "CWE-798" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "eWeLink", + "product": { + "product_data": [ + { + "product_name": "Zigbee Bridge Pro", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "0", + "version_value": "2.0.0" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://ewelink.cc/security-advisory-firmware-extraction-and-hardware-ssl-pinning-bypass/", + "refsource": "MISC", + "name": "https://ewelink.cc/security-advisory-firmware-extraction-and-hardware-ssl-pinning-bypass/" + } + ] + }, + "generator": { + "engine": "Vulnogram 0.2.0" + }, + "source": { + "discovery": "UNKNOWN" + }, + "solution": [ + { + "lang": "en", + "supportingMedia": [ + { + "base64": false, + "type": "text/html", + "value": "Upgrade to firmware 2.1.0 and above
" + } + ], + "value": "Upgrade to firmware 2.1.0 and above" + } + ], + "credits": [ + { + "lang": "en", + "value": "Aarav Sinha, Senior Security Researcher, FEV India Pvt Ltd." + }, + { + "lang": "en", + "value": "Jerin Sunny, Security Researcher, FEV India Pvt Ltd." + }, + { + "lang": "en", + "value": "Shakir Zari,Security Researcher,FEV India Pvt Ltd." + } + ] } \ No newline at end of file