diff --git a/2023/30xxx/CVE-2023-30706.json b/2023/30xxx/CVE-2023-30706.json index 7ec45ffae52..35244c292d0 100644 --- a/2023/30xxx/CVE-2023-30706.json +++ b/2023/30xxx/CVE-2023-30706.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30706", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 12" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30707.json b/2023/30xxx/CVE-2023-30707.json index 30fd506297b..62169def431 100644 --- a/2023/30xxx/CVE-2023-30707.json +++ b/2023/30xxx/CVE-2023-30707.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30707", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 12" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30708.json b/2023/30xxx/CVE-2023-30708.json index c2ef7fad5fa..d1465e629db 100644 --- a/2023/30xxx/CVE-2023-30708.json +++ b/2023/30xxx/CVE-2023-30708.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30708", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseSeverity": "MEDIUM", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] } diff --git a/2023/30xxx/CVE-2023-30709.json b/2023/30xxx/CVE-2023-30709.json index 47bb4173e39..d433d97684d 100644 --- a/2023/30xxx/CVE-2023-30709.json +++ b/2023/30xxx/CVE-2023-30709.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30709", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "HIGH", + "baseScore": 7.9, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30710.json b/2023/30xxx/CVE-2023-30710.json index fdb44416ca2..bd157b17b52 100644 --- a/2023/30xxx/CVE-2023-30710.json +++ b/2023/30xxx/CVE-2023-30710.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30710", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseSeverity": "HIGH", + "baseScore": 8.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L" } ] } diff --git a/2023/30xxx/CVE-2023-30711.json b/2023/30xxx/CVE-2023-30711.json index 206eaccc4d6..636d8cdb031 100644 --- a/2023/30xxx/CVE-2023-30711.json +++ b/2023/30xxx/CVE-2023-30711.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30711", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30712.json b/2023/30xxx/CVE-2023-30712.json index f3a1154ddb5..e26804f30e3 100644 --- a/2023/30xxx/CVE-2023-30712.json +++ b/2023/30xxx/CVE-2023-30712.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30712", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 6.8, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30713.json b/2023/30xxx/CVE-2023-30713.json index 2e9a84ba82a..4fbf7ad1a7f 100644 --- a/2023/30xxx/CVE-2023-30713.json +++ b/2023/30xxx/CVE-2023-30713.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30713", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 6.2, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30714.json b/2023/30xxx/CVE-2023-30714.json index 5b7a12f8930..cb9fa08a3c2 100644 --- a/2023/30xxx/CVE-2023-30714.json +++ b/2023/30xxx/CVE-2023-30714.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30714", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4.6, + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30715.json b/2023/30xxx/CVE-2023-30715.json index 15de3eadd30..0f3c1a10e4a 100644 --- a/2023/30xxx/CVE-2023-30715.json +++ b/2023/30xxx/CVE-2023-30715.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30715", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30716.json b/2023/30xxx/CVE-2023-30716.json index 7ba643de5be..8727aa4bd89 100644 --- a/2023/30xxx/CVE-2023-30716.json +++ b/2023/30xxx/CVE-2023-30716.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30716", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30717.json b/2023/30xxx/CVE-2023-30717.json index 5c725bb72ca..3e26512ca44 100644 --- a/2023/30xxx/CVE-2023-30717.json +++ b/2023/30xxx/CVE-2023-30717.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30717", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269 Improper Privilege Management" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30718.json b/2023/30xxx/CVE-2023-30718.json index d0ba26be0bb..4ceaf167807 100644 --- a/2023/30xxx/CVE-2023-30718.json +++ b/2023/30xxx/CVE-2023-30718.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30718", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-926: Improper Export of Android Application Components" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30719.json b/2023/30xxx/CVE-2023-30719.json index b1445fd0c08..43299a14159 100644 --- a/2023/30xxx/CVE-2023-30719.json +++ b/2023/30xxx/CVE-2023-30719.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30720.json b/2023/30xxx/CVE-2023-30720.json index ca6a778b52d..6eab1eb4c6b 100644 --- a/2023/30xxx/CVE-2023-30720.json +++ b/2023/30xxx/CVE-2023-30720.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30721.json b/2023/30xxx/CVE-2023-30721.json index 647e07d2424..48b821dd5f3 100644 --- a/2023/30xxx/CVE-2023-30721.json +++ b/2023/30xxx/CVE-2023-30721.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532 Insertion of Sensitive Information into Log File" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "SMR Sep-2023 Release in Android 11, 12, 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30722.json b/2023/30xxx/CVE-2023-30722.json index 3024f1a7b33..44a11562177 100644 --- a/2023/30xxx/CVE-2023-30722.json +++ b/2023/30xxx/CVE-2023-30722.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693 Protection Mechanism Failure" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Blockchain Keystore", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "1.3.13.5" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30723.json b/2023/30xxx/CVE-2023-30723.json index cc542ee44d2..ebb6ae69d28 100644 --- a/2023/30xxx/CVE-2023-30723.json +++ b/2023/30xxx/CVE-2023-30723.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30723", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Health", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "6.24.2.011" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.5, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30724.json b/2023/30xxx/CVE-2023-30724.json index 6d61716ef74..192ea80b24e 100644 --- a/2023/30xxx/CVE-2023-30724.json +++ b/2023/30xxx/CVE-2023-30724.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Gallery", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "14.5.01.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30725.json b/2023/30xxx/CVE-2023-30725.json index e03f5201687..ddf404182e9 100644 --- a/2023/30xxx/CVE-2023-30725.json +++ b/2023/30xxx/CVE-2023-30725.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30725", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Gallery", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "14.5.01.2" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 5.1, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30726.json b/2023/30xxx/CVE-2023-30726.json index fdb8da804de..d93898fe969 100644 --- a/2023/30xxx/CVE-2023-30726.json +++ b/2023/30xxx/CVE-2023-30726.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "GameLauncher ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": " 4.2.59.5" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4.7, + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30728.json b/2023/30xxx/CVE-2023-30728.json index e8b1ab54c34..ea1df404cd9 100644 --- a/2023/30xxx/CVE-2023-30728.json +++ b/2023/30xxx/CVE-2023-30728.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30728", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "PackageInstallerCHN ", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": " 13.1.03.00" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseSeverity": "MEDIUM", + "baseScore": 4.4, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ] } diff --git a/2023/30xxx/CVE-2023-30729.json b/2023/30xxx/CVE-2023-30729.json index 8fed2f8b8aa..af70b62cb06 100644 --- a/2023/30xxx/CVE-2023-30729.json +++ b/2023/30xxx/CVE-2023-30729.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30729", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-295: Improper Certificate Validation" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Samsung Email", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "6.1.82.0" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "HIGH", + "baseScore": 8.1, + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ] } diff --git a/2023/30xxx/CVE-2023-30730.json b/2023/30xxx/CVE-2023-30730.json index 2a2252720e0..1544b768496 100644 --- a/2023/30xxx/CVE-2023-30730.json +++ b/2023/30xxx/CVE-2023-30730.json @@ -1,17 +1,88 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-30730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "mobile.security@samsung.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Samsung Mobile", + "product": { + "product_data": [ + { + "product_name": "Camera", + "version": { + "version_data": [ + { + "version_value": "not down converted", + "x_cve_json_5_version_data": { + "versions": [ + { + "status": "unaffected", + "version": "11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13" + } + ], + "defaultStatus": "affected" + } + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09", + "refsource": "MISC", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09" + } + ] + }, + "impact": { + "cvss": [ + { + "version": "3.1", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseSeverity": "LOW", + "baseScore": 3.3, + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ] } diff --git a/2023/4xxx/CVE-2023-4773.json b/2023/4xxx/CVE-2023-4773.json index 040e41103af..a76a52a6eee 100644 --- a/2023/4xxx/CVE-2023-4773.json +++ b/2023/4xxx/CVE-2023-4773.json @@ -1,17 +1,84 @@ { + "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2023-4773", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@wordfence.com", + "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" + } + ] + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "miled", + "product": { + "product_data": [ + { + "product_name": "WordPress Social Login", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_name": "*", + "version_value": "3.0.4" + } + ] + } + } + ] + } + } + ] + } + }, + "references": { + "reference_data": [ + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve", + "refsource": "MISC", + "name": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413", + "refsource": "MISC", + "name": "https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413" + } + ] + }, + "credits": [ + { + "lang": "en", + "value": "Lana Codes" + } + ], + "impact": { + "cvss": [ + { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" } ] }