admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-08-05 16:01:12 +00:00
parent aa8f593dfb
commit d83437c991
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
22 changed files with 1089 additions and 213 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2016/3xxx/CVE-2016-3098.json
View File

@ -1,17 +1,61 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-3098",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2016-3098",
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "administrate",
"version": {
"version_data": [
{
"version_value": "0.1.4"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://seclists.org/oss-sec/2016/q2/0",
"url": "https://seclists.org/oss-sec/2016/q2/0"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code."
}
]
}

24
2018/25xxx/CVE-2018-25009.json
View File

@ -50,24 +50,14 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097",
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
}
]
},
@ -75,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability."
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16()."
}
]
}

34
2018/25xxx/CVE-2018-25010.json
View File

@ -50,34 +50,14 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212601",
"url": "https://support.apple.com/kb/HT212601"
},
{
"refsource": "FULLDISC",
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63",
"url": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63"
}
]
},
@ -85,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability."
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter()."
}
]
}

35
2018/25xxx/CVE-2018-25011.json
View File

@ -50,34 +50,19 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+/v1.0.1",
"url": "https://chromium.googlesource.com/webm/libwebp/+/v1.0.1"
},
{
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212601",
"url": "https://support.apple.com/kb/HT212601"
},
{
"refsource": "FULLDISC",
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000"
}
]
},
@ -85,7 +70,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16()."
}
]
}

19
2018/25xxx/CVE-2018-25012.json
View File

@ -50,19 +50,14 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097",
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123"
}
]
},
@ -70,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability."
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24()."
}
]
}

24
2018/25xxx/CVE-2018-25013.json
View File

@ -50,24 +50,14 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6",
"url": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6"
}
]
},
@ -75,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability."
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes()."
}
]
}

34
2018/25xxx/CVE-2018-25014.json
View File

@ -50,34 +50,14 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
"refsource": "MISC",
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4930",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT212601",
"url": "https://support.apple.com/kb/HT212601"
},
{
"refsource": "FULLDISC",
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
"refsource": "MISC",
"name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
]
},
@ -85,7 +65,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
}

50
2020/1xxx/CVE-2020-1691.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1691",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.8"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=395953",
"url": "https://moodle.org/mod/forum/discuss.php?d=395953"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting."
}
]
}

50
2020/1xxx/CVE-2020-1754.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-1754",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Moodle",
"version": {
"version_data": [
{
"version_value": "3.8.2, 3.7.5, 3.6.9 and 3.5.11"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://moodle.org/mod/forum/discuss.php?d=398350",
"url": "https://moodle.org/mod/forum/discuss.php?d=398350"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups."
}
]
}

50
2022/1xxx/CVE-2022-1012.json
View File

@ -4,14 +4,58 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2022-1012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "secalert@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "n/a",
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "Linux kernel version prior to 5.18-rc6"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-497"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/net-queue/+/b2d057560b8107c633b39aabe517ff9d93f285e3%5E%21/",
"url": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/net-queue/+/b2d057560b8107c633b39aabe517ff9d93f285e3%5E%21/"
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem."
}
]
}

77
2022/33xxx/CVE-2022-33719.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33719",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "10, 11, 12",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33720.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33720",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10), R(11)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33721.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33721",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (&#39;Code Injection&#39;)"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33722.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33722",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10), R(11), S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33724.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33724",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10), R(11), S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33726.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33726",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Q(10), R(11), S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-561: Dead Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33730.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33730",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33731.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33731",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "R(11), S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/33xxx/CVE-2022-33732.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-33732",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Mobile Devices",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "S(12)",
"version_value": "SMR Aug-2022 Release 1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08",
"name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/36xxx/CVE-2022-36832.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36832",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cameralyzer",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "3.2.22, 3.3.22, 3.4.22 and 3.5.51"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/36xxx/CVE-2022-36833.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36833",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Game Optimizing Service",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "3.3.04.0 in Android 10, 3.5.04.8 in Android 11 and above"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

77
2022/36xxx/CVE-2022-36839.json
View File

@ -1,18 +1,83 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "mobile.security@samsung.com",
"ID": "CVE-2022-36839",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung Checkout",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "",
"version_value": "5.0.53.1"
}
]
}
}
]
},
"vendor_name": "Samsung Mobile"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08",
"name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}