From d83437c99154ef209aabffcd8fddc348a4fcc83d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Fri, 5 Aug 2022 16:01:12 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2016/3xxx/CVE-2016-3098.json | 58 +++++++++++++++++++++---- 2018/25xxx/CVE-2018-25009.json | 24 ++++------- 2018/25xxx/CVE-2018-25010.json | 34 ++++----------- 2018/25xxx/CVE-2018-25011.json | 35 +++++----------- 2018/25xxx/CVE-2018-25012.json | 19 ++++----- 2018/25xxx/CVE-2018-25013.json | 24 ++++------- 2018/25xxx/CVE-2018-25014.json | 34 ++++----------- 2020/1xxx/CVE-2020-1691.json | 50 ++++++++++++++++++++-- 2020/1xxx/CVE-2020-1754.json | 50 ++++++++++++++++++++-- 2022/1xxx/CVE-2022-1012.json | 50 ++++++++++++++++++++-- 2022/33xxx/CVE-2022-33719.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33720.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33721.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33722.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33724.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33726.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33730.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33731.json | 77 +++++++++++++++++++++++++++++++--- 2022/33xxx/CVE-2022-33732.json | 77 +++++++++++++++++++++++++++++++--- 2022/36xxx/CVE-2022-36832.json | 77 +++++++++++++++++++++++++++++++--- 2022/36xxx/CVE-2022-36833.json | 77 +++++++++++++++++++++++++++++++--- 2022/36xxx/CVE-2022-36839.json | 77 +++++++++++++++++++++++++++++++--- 22 files changed, 1089 insertions(+), 213 deletions(-) diff --git a/2016/3xxx/CVE-2016-3098.json b/2016/3xxx/CVE-2016-3098.json index c4a0b4c9f4d..7cfa8c7beb2 100644 --- a/2016/3xxx/CVE-2016-3098.json +++ b/2016/3xxx/CVE-2016-3098.json @@ -1,17 +1,61 @@ { - "CVE_data_meta": { - "ASSIGNER": "cve@mitre.org", - "ID": "CVE-2016-3098", - "STATE": "RESERVED" - }, - "data_format": "MITRE", "data_type": "CVE", + "data_format": "MITRE", "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2016-3098", + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "administrate", + "version": { + "version_data": [ + { + "version_value": "0.1.4" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://seclists.org/oss-sec/2016/q2/0", + "url": "https://seclists.org/oss-sec/2016/q2/0" + } + ] + }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user's OAuth autorization code." } ] } diff --git a/2018/25xxx/CVE-2018-25009.json b/2018/25xxx/CVE-2018-25009.json index e2c6fd7f659..8dd47f8a107 100644 --- a/2018/25xxx/CVE-2018-25009.json +++ b/2018/25xxx/CVE-2018-25009.json @@ -50,24 +50,14 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4930", - "url": "https://www.debian.org/security/2021/dsa-4930" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", - "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097", + "url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097" } ] }, @@ -75,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability." + "value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16()." } ] } diff --git a/2018/25xxx/CVE-2018-25010.json b/2018/25xxx/CVE-2018-25010.json index 14e4e7031f2..a6368d35d65 100644 --- a/2018/25xxx/CVE-2018-25010.json +++ b/2018/25xxx/CVE-2018-25010.json @@ -50,34 +50,14 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4930", - "url": "https://www.debian.org/security/2021/dsa-4930" - }, - { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212601", - "url": "https://support.apple.com/kb/HT212601" - }, - { - "refsource": "FULLDISC", - "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", - "url": "http://seclists.org/fulldisclosure/2021/Jul/54" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", - "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63", + "url": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63" } ] }, @@ -85,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability." + "value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter()." } ] } diff --git a/2018/25xxx/CVE-2018-25011.json b/2018/25xxx/CVE-2018-25011.json index 1a46389cf7d..5a6a902be62 100644 --- a/2018/25xxx/CVE-2018-25011.json +++ b/2018/25xxx/CVE-2018-25011.json @@ -50,34 +50,19 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956919" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+/v1.0.1", + "url": "https://chromium.googlesource.com/webm/libwebp/+/v1.0.1" }, { - "refsource": "DEBIAN", - "name": "DSA-4930", - "url": "https://www.debian.org/security/2021/dsa-4930" - }, - { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212601", - "url": "https://support.apple.com/kb/HT212601" - }, - { - "refsource": "FULLDISC", - "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", - "url": "http://seclists.org/fulldisclosure/2021/Jul/54" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", - "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000", + "url": "https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000" } ] }, @@ -85,7 +70,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + "value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16()." } ] } diff --git a/2018/25xxx/CVE-2018-25012.json b/2018/25xxx/CVE-2018-25012.json index 925cf4af1bc..bab0bee0bc1 100644 --- a/2018/25xxx/CVE-2018-25012.json +++ b/2018/25xxx/CVE-2018-25012.json @@ -50,19 +50,14 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097", + "url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", - "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123" } ] }, @@ -70,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability." + "value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24()." } ] } diff --git a/2018/25xxx/CVE-2018-25013.json b/2018/25xxx/CVE-2018-25013.json index 3f321ed7e06..3eb639dba87 100644 --- a/2018/25xxx/CVE-2018-25013.json +++ b/2018/25xxx/CVE-2018-25013.json @@ -50,24 +50,14 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4930", - "url": "https://www.debian.org/security/2021/dsa-4930" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211112-0001/", - "url": "https://security.netapp.com/advisory/ntap-20211112-0001/" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6", + "url": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6" } ] }, @@ -75,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ShiftBytes. The highest threat from this vulnerability is to data confidentiality and to the service availability." + "value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes()." } ] } diff --git a/2018/25xxx/CVE-2018-25014.json b/2018/25xxx/CVE-2018-25014.json index 7f68631019c..f95e19c4f5b 100644 --- a/2018/25xxx/CVE-2018-25014.json +++ b/2018/25xxx/CVE-2018-25014.json @@ -50,34 +50,14 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html" + "refsource": "MISC", + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496" }, { - "refsource": "MLIST", - "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update", - "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html" - }, - { - "refsource": "DEBIAN", - "name": "DSA-4930", - "url": "https://www.debian.org/security/2021/dsa-4930" - }, - { - "refsource": "CONFIRM", - "name": "https://support.apple.com/kb/HT212601", - "url": "https://support.apple.com/kb/HT212601" - }, - { - "refsource": "FULLDISC", - "name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7", - "url": "http://seclists.org/fulldisclosure/2021/Jul/54" - }, - { - "refsource": "CONFIRM", - "name": "https://security.netapp.com/advisory/ntap-20211104-0004/", - "url": "https://security.netapp.com/advisory/ntap-20211104-0004/" + "refsource": "MISC", + "name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52", + "url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52" } ] }, @@ -85,7 +65,7 @@ "description_data": [ { "lang": "eng", - "value": "A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability." + "value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()." } ] } diff --git a/2020/1xxx/CVE-2020-1691.json b/2020/1xxx/CVE-2020-1691.json index 60e820d729f..3000813e221 100644 --- a/2020/1xxx/CVE-2020-1691.json +++ b/2020/1xxx/CVE-2020-1691.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1691", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_value": "3.8" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=395953", + "url": "https://moodle.org/mod/forum/discuss.php?d=395953" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting." } ] } diff --git a/2020/1xxx/CVE-2020-1754.json b/2020/1xxx/CVE-2020-1754.json index aca96573d1b..aa225f9ee2c 100644 --- a/2020/1xxx/CVE-2020-1754.json +++ b/2020/1xxx/CVE-2020-1754.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1754", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Moodle", + "version": { + "version_data": [ + { + "version_value": "3.8.2, 3.7.5, 3.6.9 and 3.5.11" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://moodle.org/mod/forum/discuss.php?d=398350", + "url": "https://moodle.org/mod/forum/discuss.php?d=398350" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the 'access all groups' capability were not restricted to viewing grades of users within their own groups." } ] } diff --git a/2022/1xxx/CVE-2022-1012.json b/2022/1xxx/CVE-2022-1012.json index c23fc4dbbdf..81351ae409b 100644 --- a/2022/1xxx/CVE-2022-1012.json +++ b/2022/1xxx/CVE-2022-1012.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2022-1012", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "secalert@redhat.com", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Kernel", + "version": { + "version_data": [ + { + "version_value": "Linux kernel version prior to 5.18-rc6" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-497" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/net-queue/+/b2d057560b8107c633b39aabe517ff9d93f285e3%5E%21/", + "url": "https://kernel.googlesource.com/pub/scm/linux/kernel/git/jkirsher/net-queue/+/b2d057560b8107c633b39aabe517ff9d93f285e3%5E%21/" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem." } ] } diff --git a/2022/33xxx/CVE-2022-33719.json b/2022/33xxx/CVE-2022-33719.json index 49ca5b972c0..e54ae606184 100644 --- a/2022/33xxx/CVE-2022-33719.json +++ b/2022/33xxx/CVE-2022-33719.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33719", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "10, 11, 12", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20 Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33720.json b/2022/33xxx/CVE-2022-33720.json index e26c975eb15..27b3639d059 100644 --- a/2022/33xxx/CVE-2022-33720.json +++ b/2022/33xxx/CVE-2022-33720.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33720", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284: Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33721.json b/2022/33xxx/CVE-2022-33721.json index 8fa02a2f8a3..0a9a601683c 100644 --- a/2022/33xxx/CVE-2022-33721.json +++ b/2022/33xxx/CVE-2022-33721.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33721", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-94: Improper Control of Generation of Code ('Code Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33722.json b/2022/33xxx/CVE-2022-33722.json index 2808eeade2a..c46553e893c 100644 --- a/2022/33xxx/CVE-2022-33722.json +++ b/2022/33xxx/CVE-2022-33722.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33722", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33724.json b/2022/33xxx/CVE-2022-33724.json index 6cc8b463ffe..099356b3297 100644 --- a/2022/33xxx/CVE-2022-33724.json +++ b/2022/33xxx/CVE-2022-33724.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33724", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "LOW", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33726.json b/2022/33xxx/CVE-2022-33726.json index 24eadea8383..acfe6c2fb09 100644 --- a/2022/33xxx/CVE-2022-33726.json +++ b/2022/33xxx/CVE-2022-33726.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33726", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "Q(10), R(11), S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-561: Dead Code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33730.json b/2022/33xxx/CVE-2022-33730.json index 830869ebea3..8b5bb61886b 100644 --- a/2022/33xxx/CVE-2022-33730.json +++ b/2022/33xxx/CVE-2022-33730.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33730", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "PHYSICAL", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-787: Out-of-bounds Write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33731.json b/2022/33xxx/CVE-2022-33731.json index 5155a5357fb..3ca76527c20 100644 --- a/2022/33xxx/CVE-2022-33731.json +++ b/2022/33xxx/CVE-2022-33731.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33731", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "R(11), S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/33xxx/CVE-2022-33732.json b/2022/33xxx/CVE-2022-33732.json index d7aa4a42f20..bc56591ba34 100644 --- a/2022/33xxx/CVE-2022-33732.json +++ b/2022/33xxx/CVE-2022-33732.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-33732", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Mobile Devices", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "S(12)", + "version_value": "SMR Aug-2022 Release 1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-287: Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08", + "name": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36832.json b/2022/36xxx/CVE-2022-36832.json index 4fc47af85ff..de1121d3589 100644 --- a/2022/36xxx/CVE-2022-36832.json +++ b/2022/36xxx/CVE-2022-36832.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-36832", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cameralyzer", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "3.2.22, 3.3.22, 3.4.22 and 3.5.51" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "NONE", + "baseScore": 4, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284 Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36833.json b/2022/36xxx/CVE-2022-36833.json index 0d6620f5c64..05837553071 100644 --- a/2022/36xxx/CVE-2022-36833.json +++ b/2022/36xxx/CVE-2022-36833.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-36833", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Game Optimizing Service", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "3.3.04.0 in Android 10, 3.5.04.8 in Android 11 and above" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-269: Improper Privilege Management" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file diff --git a/2022/36xxx/CVE-2022-36839.json b/2022/36xxx/CVE-2022-36839.json index 2497c607785..b11603a74ea 100644 --- a/2022/36xxx/CVE-2022-36839.json +++ b/2022/36xxx/CVE-2022-36839.json @@ -1,18 +1,83 @@ { - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", "CVE_data_meta": { + "ASSIGNER": "mobile.security@samsung.com", "ID": "CVE-2022-36839", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "STATE": "PUBLIC" }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Checkout", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_name": "", + "version_value": "5.0.53.1" + } + ] + } + } + ] + }, + "vendor_name": "Samsung Mobile" + } + ] + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information." } ] + }, + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "LOCAL", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.1" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-89 SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08", + "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022&month=08" + } + ] + }, + "source": { + "discovery": "UNKNOWN" } } \ No newline at end of file