From ae6e7f1afb05ae66bffee6251f62c6d1ee84fca1 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 15 May 2023 22:00:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2021/0xxx/CVE-2021-0877.json | 50 +++++++++++++++++++-- 2022/20xxx/CVE-2022-20338.json | 8 ++-- 2023/1xxx/CVE-2023-1729.json | 55 +++++++++++++++++++++-- 2023/20xxx/CVE-2023-20673.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20694.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20695.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20696.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20697.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20698.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20699.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20700.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20701.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20703.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20704.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20705.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20706.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20707.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20708.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20709.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20710.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20711.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20717.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20718.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20719.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20720.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20721.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20722.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20726.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20914.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20930.json | 50 +++++++++++++++++++-- 2023/20xxx/CVE-2023-20993.json | 8 ++-- 2023/21xxx/CVE-2023-21102.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21103.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21104.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21106.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21107.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21109.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21110.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21111.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21112.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21116.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21117.json | 50 +++++++++++++++++++-- 2023/21xxx/CVE-2023-21118.json | 50 +++++++++++++++++++-- 2023/2xxx/CVE-2023-2124.json | 50 +++++++++++++++++++-- 2023/2xxx/CVE-2023-2700.json | 60 +++++++++++++++++++++++-- 2023/2xxx/CVE-2023-2721.json | 18 ++++++++ 2023/2xxx/CVE-2023-2722.json | 18 ++++++++ 2023/2xxx/CVE-2023-2723.json | 18 ++++++++ 2023/2xxx/CVE-2023-2724.json | 18 ++++++++ 2023/2xxx/CVE-2023-2725.json | 18 ++++++++ 2023/2xxx/CVE-2023-2726.json | 18 ++++++++ 2023/31xxx/CVE-2023-31131.json | 81 ++++++++++++++++++++++++++++++++-- 52 files changed, 2229 insertions(+), 141 deletions(-) create mode 100644 2023/2xxx/CVE-2023-2721.json create mode 100644 2023/2xxx/CVE-2023-2722.json create mode 100644 2023/2xxx/CVE-2023-2723.json create mode 100644 2023/2xxx/CVE-2023-2724.json create mode 100644 2023/2xxx/CVE-2023-2725.json create mode 100644 2023/2xxx/CVE-2023-2726.json diff --git a/2021/0xxx/CVE-2021-0877.json b/2021/0xxx/CVE-2021-0877.json index ed69e6bccb7..952ff4e9173 100644 --- a/2021/0xxx/CVE-2021-0877.json +++ b/2021/0xxx/CVE-2021-0877.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-0877", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android SoC" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Product: AndroidVersions: Android SoCAndroid ID: A-273754094" } ] } diff --git a/2022/20xxx/CVE-2022-20338.json b/2022/20xxx/CVE-2022-20338.json index ee5a214fc17..43fefc61e1e 100644 --- a/2022/20xxx/CVE-2022-20338.json +++ b/2022/20xxx/CVE-2022-20338.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Android-13" + "version_value": "Android-11 Android-12 Android-12L" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/android-13", - "url": "https://source.android.com/security/bulletin/android-13" + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In Core Utilities, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-171966843" + "value": "In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to a local escalation of privilege, preventing processes from validating URIs correctly, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-171966843" } ] } diff --git a/2023/1xxx/CVE-2023-1729.json b/2023/1xxx/CVE-2023-1729.json index 6339ad064b5..1060daafe34 100644 --- a/2023/1xxx/CVE-2023-1729.json +++ b/2023/1xxx/CVE-2023-1729.json @@ -4,14 +4,63 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-1729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "LibRaw", + "version": { + "version_data": [ + { + "version_value": "LibRaw 0.21.1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119->CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://github.com/LibRaw/LibRaw/issues/557", + "url": "https://github.com/LibRaw/LibRaw/issues/557" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2188240", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2188240" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash." } ] } diff --git a/2023/20xxx/CVE-2023-20673.json b/2023/20xxx/CVE-2023-20673.json index 51203413caa..3e9c6bb13dc 100644 --- a/2023/20xxx/CVE-2023-20673.json +++ b/2023/20xxx/CVE-2023-20673.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20673", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT5696, MT5836, MT5838, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8185, MT8195, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797, MT9000, MT9023, MT9025, MT9618, MT9653, MT9687, MT9689, MT9902, MT9932, MT9952, MT9972, MT9982", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103." } ] } diff --git a/2023/20xxx/CVE-2023-20694.json b/2023/20xxx/CVE-2023-20694.json index 5250dbf119b..96b01394793 100644 --- a/2023/20xxx/CVE-2023-20694.json +++ b/2023/20xxx/CVE-2023-20694.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20694", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6769, MT6771, MT6779, MT6785, MT6789, MT6853, MT6855, MT6873, MT6879, MT6880, MT6885, MT6890, MT6895, MT6983, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0 / OpenWrt 19.07, 21.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only)." } ] } diff --git a/2023/20xxx/CVE-2023-20695.json b/2023/20xxx/CVE-2023-20695.json index 155b37c4742..3c670759f8b 100644 --- a/2023/20xxx/CVE-2023-20695.json +++ b/2023/20xxx/CVE-2023-20695.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20695", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6835, MT6880, MT6886, MT6890, MT6980, MT6985, MT6990, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 13.0 / OpenWrt 19.07, 21.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only)." } ] } diff --git a/2023/20xxx/CVE-2023-20696.json b/2023/20xxx/CVE-2023-20696.json index 40f1e9ab776..b87e2e47f42 100644 --- a/2023/20xxx/CVE-2023-20696.json +++ b/2023/20xxx/CVE-2023-20696.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20696", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6880, MT6890, MT8167, MT8175, MT8185, MT8195, MT8321, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 13.0 / OpenWrt 19.07, 21.02" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only)." } ] } diff --git a/2023/20xxx/CVE-2023-20697.json b/2023/20xxx/CVE-2023-20697.json index caf3520c323..13a66ec9d48 100644 --- a/2023/20xxx/CVE-2023-20697.json +++ b/2023/20xxx/CVE-2023-20697.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20697", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148." } ] } diff --git a/2023/20xxx/CVE-2023-20698.json b/2023/20xxx/CVE-2023-20698.json index a56813ae392..96a38db7b88 100644 --- a/2023/20xxx/CVE-2023-20698.json +++ b/2023/20xxx/CVE-2023-20698.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20698", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144." } ] } diff --git a/2023/20xxx/CVE-2023-20699.json b/2023/20xxx/CVE-2023-20699.json index fbe890e8a5c..784cf8ec97c 100644 --- a/2023/20xxx/CVE-2023-20699.json +++ b/2023/20xxx/CVE-2023-20699.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20699", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6895, MT6983, MT8781, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073." } ] } diff --git a/2023/20xxx/CVE-2023-20700.json b/2023/20xxx/CVE-2023-20700.json index a8b6c8eccb2..3b622e4ddc1 100644 --- a/2023/20xxx/CVE-2023-20700.json +++ b/2023/20xxx/CVE-2023-20700.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304." } ] } diff --git a/2023/20xxx/CVE-2023-20701.json b/2023/20xxx/CVE-2023-20701.json index c58859e1d55..f900bae8c65 100644 --- a/2023/20xxx/CVE-2023-20701.json +++ b/2023/20xxx/CVE-2023-20701.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20701", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6762, MT6765, MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8195, MT8768, MT8786, MT8788, MT8789, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270." } ] } diff --git a/2023/20xxx/CVE-2023-20703.json b/2023/20xxx/CVE-2023-20703.json index f87cd7f2b4d..cd20fdf64ee 100644 --- a/2023/20xxx/CVE-2023-20703.json +++ b/2023/20xxx/CVE-2023-20703.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20703", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853." } ] } diff --git a/2023/20xxx/CVE-2023-20704.json b/2023/20xxx/CVE-2023-20704.json index 1cdbead6b52..c5761a0149c 100644 --- a/2023/20xxx/CVE-2023-20704.json +++ b/2023/20xxx/CVE-2023-20704.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20704", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826." } ] } diff --git a/2023/20xxx/CVE-2023-20705.json b/2023/20xxx/CVE-2023-20705.json index 625bc819f60..467907f98d2 100644 --- a/2023/20xxx/CVE-2023-20705.json +++ b/2023/20xxx/CVE-2023-20705.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20705", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870." } ] } diff --git a/2023/20xxx/CVE-2023-20706.json b/2023/20xxx/CVE-2023-20706.json index debee6709fe..5f559040a04 100644 --- a/2023/20xxx/CVE-2023-20706.json +++ b/2023/20xxx/CVE-2023-20706.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6853, MT6853T, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT8183, MT8195", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860." } ] } diff --git a/2023/20xxx/CVE-2023-20707.json b/2023/20xxx/CVE-2023-20707.json index 8a434241d0e..874a4e3bcc4 100644 --- a/2023/20xxx/CVE-2023-20707.json +++ b/2023/20xxx/CVE-2023-20707.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT8321, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556." } ] } diff --git a/2023/20xxx/CVE-2023-20708.json b/2023/20xxx/CVE-2023-20708.json index 396642411ca..f7ae5ae5b20 100644 --- a/2023/20xxx/CVE-2023-20708.json +++ b/2023/20xxx/CVE-2023-20708.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655." } ] } diff --git a/2023/20xxx/CVE-2023-20709.json b/2023/20xxx/CVE-2023-20709.json index 5dd5b8d25b3..6b739e0aeba 100644 --- a/2023/20xxx/CVE-2023-20709.json +++ b/2023/20xxx/CVE-2023-20709.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951." } ] } diff --git a/2023/20xxx/CVE-2023-20710.json b/2023/20xxx/CVE-2023-20710.json index ba4d2a2c816..4f311f8a23b 100644 --- a/2023/20xxx/CVE-2023-20710.json +++ b/2023/20xxx/CVE-2023-20710.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6889, MT6891, MT6893, MT6895, MT6983, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935." } ] } diff --git a/2023/20xxx/CVE-2023-20711.json b/2023/20xxx/CVE-2023-20711.json index 2f0c2401c6b..c0163f655bd 100644 --- a/2023/20xxx/CVE-2023-20711.json +++ b/2023/20xxx/CVE-2023-20711.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8667, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668." } ] } diff --git a/2023/20xxx/CVE-2023-20717.json b/2023/20xxx/CVE-2023-20717.json index 29ab15ba35e..fa36beaada5 100644 --- a/2023/20xxx/CVE-2023-20717.json +++ b/2023/20xxx/CVE-2023-20717.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8365, MT8786, MT8789, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185." } ] } diff --git a/2023/20xxx/CVE-2023-20718.json b/2023/20xxx/CVE-2023-20718.json index 163ec8c5fb4..29752a6f9bd 100644 --- a/2023/20xxx/CVE-2023-20718.json +++ b/2023/20xxx/CVE-2023-20718.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6768, MT6769, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6883, MT6885, MT6889, MT6891, MT6893, MT8168, MT8175, MT8195, MT8365, MT8395, MT8673, MT8781, MT8786, MT8789, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181." } ] } diff --git a/2023/20xxx/CVE-2023-20719.json b/2023/20xxx/CVE-2023-20719.json index 4a3d26721fe..5c0eef2e873 100644 --- a/2023/20xxx/CVE-2023-20719.json +++ b/2023/20xxx/CVE-2023-20719.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6580, MT6739, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT6985, MT8167, MT8168, MT8195, MT8673", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583." } ] } diff --git a/2023/20xxx/CVE-2023-20720.json b/2023/20xxx/CVE-2023-20720.json index 5150d6cf910..358e2cef3f0 100644 --- a/2023/20xxx/CVE-2023-20720.json +++ b/2023/20xxx/CVE-2023-20720.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6895, MT6983, MT8167, MT8168, MT8195, MT8673", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586." } ] } diff --git a/2023/20xxx/CVE-2023-20721.json b/2023/20xxx/CVE-2023-20721.json index d44c2e14244..888c483b366 100644 --- a/2023/20xxx/CVE-2023-20721.json +++ b/2023/20xxx/CVE-2023-20721.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6879, MT6895, MT6983, MT8195, MT8395, MT8673", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0 / Iot-Yocto 22.2 (Yocto 4.0)" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155." } ] } diff --git a/2023/20xxx/CVE-2023-20722.json b/2023/20xxx/CVE-2023-20722.json index 56a1724977e..bd7bba76304 100644 --- a/2023/20xxx/CVE-2023-20722.json +++ b/2023/20xxx/CVE-2023-20722.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT6765, MT6768, MT8768", + "version": { + "version_data": [ + { + "version_value": "Android 12.0, 13.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084." } ] } diff --git a/2023/20xxx/CVE-2023-20726.json b/2023/20xxx/CVE-2023-20726.json index 9ab36b47309..d8c5c27dc81 100644 --- a/2023/20xxx/CVE-2023-20726.json +++ b/2023/20xxx/CVE-2023-20726.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@mediatek.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "MediaTek, Inc.", + "product": { + "product_data": [ + { + "product_name": "MT2731, MT2735, MT2737, MT6580, MT6739, MT6761, MT6762, MT6765, MT6767, MT6768, MT6769, MT6771, MT6779, MT6781, MT6783, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6990, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", + "version": { + "version_data": [ + { + "version_value": "Android 11.0, 12.0, 13.0 / OpenWrt 19.07, 21.02 / Yocto 2.6, 3.3 / RDKB 2022Q3" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://corp.mediatek.com/product-security-bulletin/May-2023", + "url": "https://corp.mediatek.com/product-security-bulletin/May-2023" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only)." } ] } diff --git a/2023/20xxx/CVE-2023-20914.json b/2023/20xxx/CVE-2023-20914.json index 66c1f6ee096..e5df87b1de1 100644 --- a/2023/20xxx/CVE-2023-20914.json +++ b/2023/20xxx/CVE-2023-20914.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20914", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-189942529" } ] } diff --git a/2023/20xxx/CVE-2023-20930.json b/2023/20xxx/CVE-2023-20930.json index 3f8c961b19f..6c860b81727 100644 --- a/2023/20xxx/CVE-2023-20930.json +++ b/2023/20xxx/CVE-2023-20930.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-20930", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-250576066" } ] } diff --git a/2023/20xxx/CVE-2023-20993.json b/2023/20xxx/CVE-2023-20993.json index fbcfbf085e3..5f68d26cbf1 100644 --- a/2023/20xxx/CVE-2023-20993.json +++ b/2023/20xxx/CVE-2023-20993.json @@ -19,7 +19,7 @@ "version": { "version_data": [ { - "version_value": "Android-13" + "version_value": "Android-11 Android-12 Android-12L Android-13" } ] } @@ -46,8 +46,8 @@ "reference_data": [ { "refsource": "MISC", - "name": "https://source.android.com/security/bulletin/pixel/2023-03-01", - "url": "https://source.android.com/security/bulletin/pixel/2023-03-01" + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" } ] }, @@ -55,7 +55,7 @@ "description_data": [ { "lang": "eng", - "value": "In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261588851" + "value": "In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261588851" } ] } diff --git a/2023/21xxx/CVE-2023-21102.json b/2023/21xxx/CVE-2023-21102.json index c767464ecc0..15c9657d674 100644 --- a/2023/21xxx/CVE-2023-21102.json +++ b/2023/21xxx/CVE-2023-21102.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21102", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel" } ] } diff --git a/2023/21xxx/CVE-2023-21103.json b/2023/21xxx/CVE-2023-21103.json index fa90649b32b..66a565b6f38 100644 --- a/2023/21xxx/CVE-2023-21103.json +++ b/2023/21xxx/CVE-2023-21103.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21103", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259064622" } ] } diff --git a/2023/21xxx/CVE-2023-21104.json b/2023/21xxx/CVE-2023-21104.json index ce8f680bedd..00ae5aeb35c 100644 --- a/2023/21xxx/CVE-2023-21104.json +++ b/2023/21xxx/CVE-2023-21104.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21104", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-259938771" } ] } diff --git a/2023/21xxx/CVE-2023-21106.json b/2023/21xxx/CVE-2023-21106.json index 96bf7683cce..902b844f677 100644 --- a/2023/21xxx/CVE-2023-21106.json +++ b/2023/21xxx/CVE-2023-21106.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21106", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel" } ] } diff --git a/2023/21xxx/CVE-2023-21107.json b/2023/21xxx/CVE-2023-21107.json index 5c2aceb4d34..8c9aaab01d4 100644 --- a/2023/21xxx/CVE-2023-21107.json +++ b/2023/21xxx/CVE-2023-21107.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21107", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-259385017" } ] } diff --git a/2023/21xxx/CVE-2023-21109.json b/2023/21xxx/CVE-2023-21109.json index 03e3712fc56..8ab19c9aa86 100644 --- a/2023/21xxx/CVE-2023-21109.json +++ b/2023/21xxx/CVE-2023-21109.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21109", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261589597" } ] } diff --git a/2023/21xxx/CVE-2023-21110.json b/2023/21xxx/CVE-2023-21110.json index 123774c901a..2ea73f7622c 100644 --- a/2023/21xxx/CVE-2023-21110.json +++ b/2023/21xxx/CVE-2023-21110.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21110", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258422365" } ] } diff --git a/2023/21xxx/CVE-2023-21111.json b/2023/21xxx/CVE-2023-21111.json index 39f8795ac5c..a9e9aee3039 100644 --- a/2023/21xxx/CVE-2023-21111.json +++ b/2023/21xxx/CVE-2023-21111.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21111", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256819769" } ] } diff --git a/2023/21xxx/CVE-2023-21112.json b/2023/21xxx/CVE-2023-21112.json index ad8d568dd92..6cf3b4f93a3 100644 --- a/2023/21xxx/CVE-2023-21112.json +++ b/2023/21xxx/CVE-2023-21112.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21112", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-252763983" } ] } diff --git a/2023/21xxx/CVE-2023-21116.json b/2023/21xxx/CVE-2023-21116.json index 57896b837cf..b16ef089bf9 100644 --- a/2023/21xxx/CVE-2023-21116.json +++ b/2023/21xxx/CVE-2023-21116.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21116", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-256202273" } ] } diff --git a/2023/21xxx/CVE-2023-21117.json b/2023/21xxx/CVE-2023-21117.json index 0586479a584..4226151bb9f 100644 --- a/2023/21xxx/CVE-2023-21117.json +++ b/2023/21xxx/CVE-2023-21117.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21117", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-263358101" } ] } diff --git a/2023/21xxx/CVE-2023-21118.json b/2023/21xxx/CVE-2023-21118.json index f5ca30b8b5b..97f3824e1b9 100644 --- a/2023/21xxx/CVE-2023-21118.json +++ b/2023/21xxx/CVE-2023-21118.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-21118", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@android.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-11 Android-12 Android-12L Android-13" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://source.android.com/security/bulletin/2023-05-01", + "url": "https://source.android.com/security/bulletin/2023-05-01" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004" } ] } diff --git a/2023/2xxx/CVE-2023-2124.json b/2023/2xxx/CVE-2023-2124.json index ef6674858a6..b6b0e19823a 100644 --- a/2023/2xxx/CVE-2023-2124.json +++ b/2023/2xxx/CVE-2023-2124.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2124", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel 6.4-rc1" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/fs/xfs/xfs_buf_item_recover.c?h=v6.4-rc1&id=22ed903eee23a5b174e240f1cdfa9acf393a5210" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "An out-of-bounds memory access flaw was found in the Linux kernel\u2019s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system." } ] } diff --git a/2023/2xxx/CVE-2023-2700.json b/2023/2xxx/CVE-2023-2700.json index 7bdb7cce3bb..b0636438164 100644 --- a/2023/2xxx/CVE-2023-2700.json +++ b/2023/2xxx/CVE-2023-2700.json @@ -4,14 +4,68 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-2700", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "libvirt", + "version": { + "version_data": [ + { + "version_value": "libvirt-4.5.0" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory leak" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://access.redhat.com/security/cve/CVE-2023-2700", + "url": "https://access.redhat.com/security/cve/CVE-2023-2700" + }, + { + "refsource": "MISC", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203653" + }, + { + "refsource": "MISC", + "name": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306", + "url": "https://gitlab.com/libvirt/libvirt/-/commit/6425a311b8ad19d6f9c0b315bf1d722551ea3585#874a1e768ade6ceb4538931cbc06248e73223306" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup." } ] } diff --git a/2023/2xxx/CVE-2023-2721.json b/2023/2xxx/CVE-2023-2721.json new file mode 100644 index 00000000000..475e54bb7ba --- /dev/null +++ b/2023/2xxx/CVE-2023-2721.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2721", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2722.json b/2023/2xxx/CVE-2023-2722.json new file mode 100644 index 00000000000..1ca9ad13c1d --- /dev/null +++ b/2023/2xxx/CVE-2023-2722.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2722", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2723.json b/2023/2xxx/CVE-2023-2723.json new file mode 100644 index 00000000000..69dd64b3638 --- /dev/null +++ b/2023/2xxx/CVE-2023-2723.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2723", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2724.json b/2023/2xxx/CVE-2023-2724.json new file mode 100644 index 00000000000..c2fff0cd0ba --- /dev/null +++ b/2023/2xxx/CVE-2023-2724.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2724", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2725.json b/2023/2xxx/CVE-2023-2725.json new file mode 100644 index 00000000000..d41db349f32 --- /dev/null +++ b/2023/2xxx/CVE-2023-2725.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2725", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/2xxx/CVE-2023-2726.json b/2023/2xxx/CVE-2023-2726.json new file mode 100644 index 00000000000..c4a82fdbf96 --- /dev/null +++ b/2023/2xxx/CVE-2023-2726.json @@ -0,0 +1,18 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2023-2726", + "ASSIGNER": "cve@mitre.org", + "STATE": "RESERVED" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2023/31xxx/CVE-2023-31131.json b/2023/31xxx/CVE-2023-31131.json index ae260062d22..72796a60fb7 100644 --- a/2023/31xxx/CVE-2023-31131.json +++ b/2023/31xxx/CVE-2023-31131.json @@ -1,17 +1,90 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-31131", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security-advisories@github.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", + "cweId": "CWE-22" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "greenplum-db", + "product": { + "product_data": [ + { + "product_name": "gpdb", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "< 6.22.3" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3", + "refsource": "MISC", + "name": "https://github.com/greenplum-db/gpdb/security/advisories/GHSA-hgm9-2q42-c7f3" + }, + { + "url": "https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471", + "refsource": "MISC", + "name": "https://github.com/greenplum-db/gpdb/commit/1ec4affbba7c9745f64edbd80a6680ad29b09471" + } + ] + }, + "source": { + "advisory": "GHSA-hgm9-2q42-c7f3", + "discovery": "UNKNOWN" + }, + "impact": { + "cvss": [ + { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H", + "version": "3.1" } ] }