Auto-Update: 2024-02-09T03:00:24.960458+00:00

This commit is contained in:
cad-safe-bot 2024-02-09 03:00:28 +00:00
parent 51d6f19d75
commit 2a2f2898fd
123 changed files with 19422 additions and 1234 deletions

View File

@ -2,8 +2,8 @@
"id": "CVE-2001-0830",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-12-06T05:00:00.000",
"lastModified": "2017-10-10T01:29:53.627",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:52:21.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-772"
}
]
}
@ -58,9 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pld:6tunnel:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:6tunnel_project:6tunnel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.08",
"matchCriteriaId": "09817A67-3CC0-4014-9592-4C1592E7C17D"
"matchCriteriaId": "B58776F5-F89E-456E-8BBF-B081DD979C39"
}
]
}
@ -70,19 +92,35 @@
"references": [
{
"url": "ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://marc.info/?l=bugtraq&m=100386451702966&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.securityfocus.com/bid/3467",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7337",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2003-0981",
"sourceIdentifier": "cve@mitre.org",
"published": "2004-01-05T05:00:00.000",
"lastModified": "2016-10-18T02:38:47.473",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:53:22.383",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-346"
}
]
}
@ -62,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*",
"matchCriteriaId": "C05BD42A-A99E-4683-A034-BE7CDBA4F289"
"criteria": "cpe:2.3:a:freescripts:visitorbook_le:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8641B1D-117C-4913-B66D-48D7768F18FE"
}
]
}
@ -73,12 +95,16 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=107107840622493&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]

View File

@ -2,8 +2,8 @@
"id": "CVE-2005-2088",
"sourceIdentifier": "secalert@redhat.com",
"published": "2005-07-05T04:00:00.000",
"lastModified": "2023-02-13T01:16:07.923",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:40:37.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -51,7 +51,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-444"
}
]
}
@ -67,8 +67,8 @@
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.35",
"versionEndIncluding": "2.0.55",
"matchCriteriaId": "514A6F28-6C2B-495E-9816-C06ADCE3539D"
"versionEndExcluding": "2.0.55",
"matchCriteriaId": "7B627099-D2E2-4E43-84B7-0C921FAD4156"
}
]
}
@ -127,6 +127,69 @@
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/14530",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/17319",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/17487",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/17813",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/19072",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/19073",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/19185",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/19317",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/23074",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://securityreason.com/securityalert/604",
"source": "secalert@redhat.com",
@ -176,6 +239,7 @@
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -183,6 +247,7 @@
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -190,6 +255,7 @@
"url": "http://www.apache.org/dist/httpd/CHANGES_1.3",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
@ -197,6 +263,7 @@
"url": "http://www.apache.org/dist/httpd/CHANGES_2.0",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
@ -204,6 +271,7 @@
"url": "http://www.debian.org/security/2005/dsa-803",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
@ -211,6 +279,7 @@
"url": "http://www.debian.org/security/2005/dsa-805",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
@ -218,7 +287,7 @@
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:130",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
"Third Party Advisory"
]
},
{
@ -239,6 +308,7 @@
"url": "http://www.redhat.com/support/errata/RHSA-2005-582.html",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -254,6 +324,7 @@
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -262,6 +333,7 @@
"url": "http://www.securityfocus.com/bid/14106",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -270,6 +342,7 @@
"url": "http://www.securityfocus.com/bid/15647",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -285,6 +358,7 @@
"url": "http://www.vupen.com/english/advisories/2005/2140",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
@ -292,6 +366,7 @@
"url": "http://www.vupen.com/english/advisories/2005/2659",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
@ -299,6 +374,7 @@
"url": "http://www.vupen.com/english/advisories/2006/0789",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
@ -306,6 +382,7 @@
"url": "http://www.vupen.com/english/advisories/2006/1018",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
@ -313,6 +390,7 @@
"url": "http://www.vupen.com/english/advisories/2006/4680",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
@ -332,56 +410,105 @@
},
{
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -389,6 +516,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -396,6 +524,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -403,6 +532,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},
@ -410,6 +540,7 @@
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
},

View File

@ -2,8 +2,8 @@
"id": "CVE-2005-2089",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-07-05T04:00:00.000",
"lastModified": "2018-10-30T16:25:10.357",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:29:29.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -44,7 +44,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-444"
}
]
}
@ -58,13 +58,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C954A7-FF84-4DEB-8728-5B207F374ECC"
"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"
"criteria": "cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA"
}
]
}
@ -74,19 +74,33 @@
"references": [
{
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42899",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2005-4206",
"sourceIdentifier": "cve@mitre.org",
"published": "2005-12-13T11:03:00.000",
"lastModified": "2017-07-20T01:29:12.003",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:28:08.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-601"
}
]
}
@ -58,13 +80,19 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_post_systems:6.2.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3D9504-565E-4A64-AEAA-C226FB1B1B86"
"criteria": "cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.0.0.0",
"matchCriteriaId": "1E586786-3A7D-4F69-A800-A0D6B280E63A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_post_systems:6.3.1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "397937CE-A799-452F-9079-7A026A4BD490"
"criteria": "cpe:2.3:a:blackboard:academic_suite:6.2.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "51932C51-CCCC-419F-9655-C71B01D24336"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blackboard:academic_suite:6.3.1.424:*:*:*:*:*:*:*",
"matchCriteriaId": "535D86A9-D28E-4356-AE5C-1018C1645942"
}
]
}
@ -72,20 +100,46 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/17991",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Vendor Advisory"
]
},
{
"url": "http://www.ipomonis.com/advisories/Bb_6.zip",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.osvdb.org/21618",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/15814",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23558",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2006-6276",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-12-04T11:28:00.000",
"lastModified": "2017-07-29T01:29:26.530",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:34:42.803",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-444"
}
]
}
@ -67,94 +67,19 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*",
"matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06"
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*",
"matchCriteriaId": "7805CF93-C1EC-4698-95A6-CAB9C26EEAB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:enterprise:*:*:*:*:*",
"matchCriteriaId": "D30859F7-97BE-4D6F-A9A8-EE12E8BC6201"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:standard:*:*:*:*:*",
"matchCriteriaId": "D254F827-8A6C-496F-A6A0-667EF4F1D526"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:standard:*:*:*:*:*",
"matchCriteriaId": "1379A19D-72CF-490C-871E-B67BA40547E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3"
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*",
"matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*",
"matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*",
"matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*",
"matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*",
"matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*",
"matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*",
"matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
@ -165,51 +90,6 @@
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
@ -217,78 +97,8 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
"matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "1A460F62-4594-447A-9D0B-9C1DBBDE9852"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:platform:*:*:*:*:*",
"matchCriteriaId": "37553E5D-7B68-40C4-B970-FA0D02B7D3D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:standard:*:*:*:*:*",
"matchCriteriaId": "3D089210-2135-4D41-92AD-51FB97AB343E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:platform:*:*:*:*:*",
"matchCriteriaId": "C2C8EF3B-1A44-4D15-B2BE-FC970281760C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:standard:*:*:*:*:*",
"matchCriteriaId": "E3597345-9D0B-492B-99BC-1C992EBF7CD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:platform:*:*:*:*:*",
"matchCriteriaId": "2E93217B-0307-4E04-BD02-50AD5AD35072"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:standard:*:*:*:*:*",
"matchCriteriaId": "B77E35C5-FF8B-4BB5-A12E-E9B6485E207A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:platform:*:*:*:*:*",
"matchCriteriaId": "3F7BD264-7418-4A48-9B67-BB90A9566E7A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:standard:*:*:*:*:*",
"matchCriteriaId": "11BB061E-ECF0-49F3-A3A8-378284A4F983"
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E"
}
]
}
@ -296,22 +106,45 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/23186",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://securitytracker.com/id?1017322",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://securitytracker.com/id?1017323",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://securitytracker.com/id?1017324",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
]
},
@ -319,16 +152,26 @@
"url": "http://www.securityfocus.com/bid/21371",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2006/4793",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,9 +2,9 @@
"id": "CVE-2007-0897",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-02-16T19:28:00.000",
"lastModified": "2017-07-29T01:30:29.563",
"vulnStatus": "Modified",
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam AntiVirus, ClamAV, 0.90 Stable",
"lastModified": "2024-02-09T02:48:50.797",
"vulnStatus": "Analyzed",
"evaluatorSolution": "This vulnerability is addressed in the following product release:\nClam AntiVirus, ClamAV, 0.90 Stable",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -49,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-772"
}
]
}
@ -63,291 +85,40 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.15",
"matchCriteriaId": "E040C64A-273E-49FC-9B32-E25BE15D357A"
},
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.90",
"matchCriteriaId": "EA546DD9-A29C-4D82-8E21-80619B2FF25B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.20",
"matchCriteriaId": "F4DAF18C-D921-448C-9806-F7161B742E51"
},
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.11",
"matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.21",
"matchCriteriaId": "09A48542-552D-45B6-9989-EBA02C16BAD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.22",
"matchCriteriaId": "7F5E3E9F-9F7F-4366-AF74-5DD79D500ADA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.23",
"matchCriteriaId": "630D6FA9-DF36-4FFF-A894-282DBD3C6931"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.24",
"matchCriteriaId": "C0CC9F29-854C-4B58-93B7-04FB5AFF4AF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.51",
"matchCriteriaId": "75501EBF-B78B-4160-B1FD-B8FF502BC860"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.52",
"matchCriteriaId": "26AEB8E6-B3A9-48F6-AA7D-55FDB2B6DF8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.53",
"matchCriteriaId": "2D6117F8-A05B-42FA-B5CD-4646C0F755D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.54",
"matchCriteriaId": "D40CD000-F4D6-48EA-8785-7C662DD4FB77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.60",
"matchCriteriaId": "2E370AEE-3D76-4DB3-B2EA-DE2F24A1D2B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.60p",
"matchCriteriaId": "59FCC7A7-4AC9-4084-9684-E236FAEF4B3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.65",
"matchCriteriaId": "8848DF73-5C8F-4923-B6D5-103D3A4E45BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.67",
"matchCriteriaId": "AC26FE6A-DA82-4F10-A176-6EF719383232"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.68",
"matchCriteriaId": "D9ECDDC6-88C6-42DE-BC4D-F1099957341E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.68.1",
"matchCriteriaId": "4014C1FE-9659-4D87-BE25-82A28222CEE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.70",
"matchCriteriaId": "054DFC0C-996C-4ECD-8832-9E8C085B7C4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.71",
"matchCriteriaId": "CCEC1516-8A43-4010-903A-07DB582C18C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.72",
"matchCriteriaId": "8582F6D3-EBD5-485B-8BB5-F91DDFC9C600"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.73",
"matchCriteriaId": "09C15660-74FA-4AA0-929E-6291AE2B1297"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.74",
"matchCriteriaId": "E68EB72E-EEDE-4231-B309-B6558956BC6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.75",
"matchCriteriaId": "BD05D78B-6F28-4068-88F7-96461D85236C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.75.1",
"matchCriteriaId": "8278F2A2-8B1B-4FC2-BC66-C6EC87E9476D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.80",
"matchCriteriaId": "F07C275E-16B0-4A2B-89A6-C68C68FCF67D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.80_rc1",
"matchCriteriaId": "D0867DF1-4122-4E5C-8F72-FADB042DA14D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.80_rc2",
"matchCriteriaId": "3CF31500-C66B-4FEC-90BE-30F7D0956929"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.80_rc3",
"matchCriteriaId": "B721C0AE-AB73-4A9A-84CB-BECCD974CA99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.80_rc4",
"matchCriteriaId": "6638002E-716F-476A-9452-4C1B188CF59B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.81",
"matchCriteriaId": "C596E6BB-7060-4BA7-B2BA-8E84FF6BF9A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.81_rc1",
"matchCriteriaId": "8943D346-7542-4DD4-82D0-B8CF1D0494B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.82",
"matchCriteriaId": "9E3A3962-54F7-48EC-8ABD-BAE8C8B4727E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.83",
"matchCriteriaId": "C745EB7E-367A-4C2B-B206-3FEB4C33A97A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.84",
"matchCriteriaId": "8B796948-15AD-4A30-8251-67444175A777"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.84_rc1",
"matchCriteriaId": "4C64CF0B-91A9-4EF7-B089-0B3CA26B2EFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.84_rc2",
"matchCriteriaId": "56ED080B-6E44-4B47-833F-25535FCEDA69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.85",
"matchCriteriaId": "7A0FB401-6282-4687-A8EC-EB3BE02C293D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.85.1",
"matchCriteriaId": "2C0E3FE9-0B62-484E-A7CF-1CE0BBDE36AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.86",
"matchCriteriaId": "9391B98E-80A9-4C12-9EB8-F45A289FD9F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.86.1",
"matchCriteriaId": "184FC0BC-25CD-4804-9DFF-9309F991557D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.86.2",
"matchCriteriaId": "AFDA61E7-4CE4-4FDD-8B1B-BFF6A934CDA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.86_rc1",
"matchCriteriaId": "18547613-F1A4-410C-A723-FC7BB8A270CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.87",
"matchCriteriaId": "A5BF037B-141A-48AB-88A3-555836B160FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.87.1",
"matchCriteriaId": "D1873479-6058-472F-94AB-2601B2936812"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.88",
"matchCriteriaId": "B498C911-81FC-4B1A-B9A4-5F266AA2B7CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.88.1",
"matchCriteriaId": "990BE50A-0B0B-44CC-BE51-CF69C900EE52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.88.3",
"matchCriteriaId": "E9B0DEE6-CA69-4020-AF96-8C6E5872ADF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.88.4",
"matchCriteriaId": "8D7A91DF-84B4-4E45-8675-E107D8BCD070"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.88.6",
"matchCriteriaId": "F8D97900-5AD1-43BF-860F-537D25A54C95"
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
}
]
}
@ -357,57 +128,157 @@
"references": [
{
"url": "http://docs.info.apple.com/article.html?artnum=307562",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://osvdb.org/32283",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/24183",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/24187",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/24192",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/24319",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/24332",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/24425",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/29420",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2007/dsa-1263",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/22580",
"source": "cve@mitre.org",
"tags": [
"Patch"
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1017659",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2007/0623",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0924/references",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32531",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2008-0166",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-05-13T17:20:00.000",
"lastModified": "2022-02-02T14:59:01.730",
"lastModified": "2024-02-09T02:45:16.693",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -22,6 +22,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -55,14 +77,13 @@
"description": [
{
"lang": "en",
"value": "CWE-310"
"value": "CWE-338"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -70,52 +91,53 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*",
"matchCriteriaId": "38238ECD-0581-47A0-B65E-9AA63A6C3148"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.8c-1",
"versionEndIncluding": "0.9.8g",
"matchCriteriaId": "8EEFA1C8-85D4-425F-A987-29AC6D10C303"
}
]
},
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
},
{
"vulnerable": false,
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"
},
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
}
@ -132,6 +154,54 @@
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/30136",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/30220",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/30221",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/30231",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/30239",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/30249",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel",
"source": "cve@mitre.org",
@ -143,6 +213,7 @@
"url": "http://www.debian.org/security/2008/dsa-1571",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
@ -151,6 +222,7 @@
"url": "http://www.debian.org/security/2008/dsa-1576",
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
]
},
@ -166,6 +238,7 @@
"url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -174,6 +247,7 @@
"url": "http://www.securityfocus.com/bid/29179",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
@ -183,6 +257,7 @@
"url": "http://www.securitytracker.com/id?1020017",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
@ -228,6 +303,7 @@
"url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"US Government Resource"
]

View File

@ -2,8 +2,8 @@
"id": "CVE-2008-2052",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-05-02T17:05:00.000",
"lastModified": "2017-08-08T01:30:42.963",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:31:16.793",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-59"
"value": "CWE-601"
}
]
}
@ -62,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92DAD826-62C2-4880-AADE-F8B3FB0248F2"
"criteria": "cpe:2.3:a:bitrix24:bitrix_site_manager:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "339641BD-BEF4-4A84-B266-41BF09E63225"
}
]
}
@ -73,11 +95,18 @@
"references": [
{
"url": "http://holisticinfosec.org/content/view/62/45/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2008-2122",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-05-09T15:20:00.000",
"lastModified": "2017-08-08T01:30:47.057",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:54:11.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-399"
"value": "CWE-772"
}
]
}
@ -71,25 +93,53 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/30081",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303877",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/29036",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1019964",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/1427/references",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42173",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2008-2951",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-07-27T22:41:00.000",
"lastModified": "2017-08-08T01:31:28.247",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:30:37.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-601"
}
]
}
@ -62,139 +84,29 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:*:*:*:*:*:*:*:*",
"versionEndIncluding": "0.10.4",
"matchCriteriaId": "6AB0CAB5-F4B4-44AE-A527-A3A089279943"
"criteria": "cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.10.5",
"matchCriteriaId": "C6C4CEF3-92F7-4344-9833-7CBCEF16E94F"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C99624-9190-42FF-BDE9-A7A5938EDECA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04F968D4-9691-4ED1-A412-7DF43898863C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE1121C-5E38-4811-A9BA-3122EF00941D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AF9D8496-03C6-4C9E-9511-B32EE1AD6E91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4AC75E-2EE6-4333-9AA5-B26571CA86AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A370F182-C0BF-4E53-81B5-57E03974FA00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9C37AA14-7184-4FFC-BEDE-B567EE315E9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "661C665F-A7F1-4631-B232-1DC9A2635E77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9710175D-AB7F-4416-9BD6-DD9BD9D0D322"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3829D131-F1DB-426E-82C9-C39CBC1D8164"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9410D67A-6338-4076-AF88-9DFAB701E1FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9239A5E2-62D4-4100-BA88-B114FE5944F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "39206222-52BA-49B3-B2D8-1AFB247AA05F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9:b1:*:*:*:*:*:*",
"matchCriteriaId": "BF8C0FF0-98FF-463F-B9F0-B26DC587CE05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9:b2:*:*:*:*:*:*",
"matchCriteriaId": "ED00A360-A4BD-44A9-BF88-A81257CF5E3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEEE9CAF-6A17-4B68-988B-2EA0183FC45E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE0E4289-9154-4547-8DAA-51536706EFE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7836864F-1F39-479A-99D0-A00247711FB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "14D2B12D-3479-435C-BF76-158C4152C548"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AC7C92-2D82-470E-A04A-5C2B5AAA8CFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "87EB909D-2F50-456E-9339-31617A9FC64E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "351C68FA-9A8E-4E65-BD8E-44F5BBDAFE8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76B67191-EBC8-4679-9434-9AF56E9151B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CA90857B-FA3A-4DD8-A20D-04837CCFFF77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3012B1CE-686F-4F0E-BCB2-790D7C30D257"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trac:trac:0.10.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F826915A-400C-4DC8-83A3-6EC158ACE0D0"
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
}
]
}
@ -204,27 +116,63 @@
"references": [
{
"url": "http://holisticinfosec.org/content/view/72/45/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/31314",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://trac.edgewall.org/wiki/ChangeLog",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.osvdb.org/46513",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/30402",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44043",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2011-4107",
"sourceIdentifier": "secalert@redhat.com",
"published": "2011-11-17T19:55:01.517",
"lastModified": "2017-08-29T01:30:27.397",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:27:11.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-611"
}
]
}
@ -62,118 +84,57 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1361B-D70B-45B9-BD2F-7C049D96928A"
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3.0.0",
"versionEndExcluding": "3.3.10.5",
"matchCriteriaId": "07CC6931-2524-492E-9290-2388CD6435F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06EE0CCB-559F-457B-A1EC-79D0680DCDD8"
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4.0.0",
"versionEndExcluding": "3.4.7.1",
"matchCriteriaId": "A872DC22-5EB5-4348-BEAD-61A59394AA51"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "00826A60-50A4-4E05-B317-8D0A5FC637BC"
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC1AECC-6521-4D9D-88D5-86DA8BDB1D26"
},
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79093150-F515-42D9-AEF2-86C0C4B1B8AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE65F49-CDED-49B0-89F4-CE52E357069A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B29D2E6-F327-4B19-B33F-E888F8B81E7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7C579327-8F92-41AF-926A-86442063A83D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C3F84C4-883B-48DC-9181-E54A87DC973B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C10C216-594B-4F08-B86E-A476A452189B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E3E72232-C7D1-4D3E-97D1-5F3B89D447ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3540439C-52FD-45A7-ABF4-E18C4AED89C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "31E1CEF6-682E-4580-8A90-864173C4E4A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A24EBE-D760-4251-972E-86B71EC8A07D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC8F001-B2D6-49AD-94E7-673E8BEC958C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9EFA08-1838-46A9-A851-A0540C60739D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B231B0D4-F971-4D4F-97CE-74951DF2B681"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "35158ABE-56D7-499D-8268-D5452DE3E139"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8C3CAC-7CE6-4D13-9640-B924081D628E"
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
}
]
}
@ -183,20 +144,40 @@
"references": [
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://osvdb.org/76798",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit"
]
},
@ -204,28 +185,53 @@
"url": "http://seclists.org/fulldisclosure/2011/Nov/21",
"source": "secalert@redhat.com",
"tags": [
"Exploit"
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/46447",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://securityreason.com/securityalert/8533",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2012/dsa-2391",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2011/11/03/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2011/11/03/5",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php",
@ -237,12 +243,18 @@
},
{
"url": "http://www.securityfocus.com/bid/50497",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.wooyun.org/bugs/wooyun-2010-03185",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Exploit"
]
},
@ -250,12 +262,17 @@
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=751112",
"source": "secalert@redhat.com",
"tags": [
"Exploit"
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71108",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2016-10180",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-01-30T04:59:00.360",
"lastModified": "2021-04-23T18:45:19.730",
"lastModified": "2024-02-09T02:41:18.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-338"
"value": "CWE-335"
}
]
}
@ -109,6 +109,7 @@
"url": "http://www.securityfocus.com/bid/95877",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]

View File

@ -2,7 +2,7 @@
"id": "CVE-2021-37147",
"sourceIdentifier": "security@apache.org",
"published": "2021-11-03T16:15:07.987",
"lastModified": "2022-10-14T11:56:28.303",
"lastModified": "2024-02-09T02:28:42.050",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -71,6 +71,10 @@
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-444"
}
]
},

View File

@ -2,8 +2,8 @@
"id": "CVE-2022-2820",
"sourceIdentifier": "security@huntr.dev",
"published": "2022-08-15T11:21:31.687",
"lastModified": "2023-07-10T16:15:48.020",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:29:58.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -103,8 +103,7 @@
"url": "https://github.com/namelessmc/nameless/commit/469bebc17855720e43f0c8209c88a57d2b55f6de",
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
"Patch"
]
},
{
@ -112,8 +111,7 @@
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
"Patch"
]
}
]

View File

@ -2,12 +2,16 @@
"id": "CVE-2022-3032",
"sourceIdentifier": "security@mozilla.org",
"published": "2022-12-22T20:15:37.763",
"lastModified": "2023-01-03T20:25:26.860",
"lastModified": "2024-02-09T02:47:57.353",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1."
},
{
"lang": "es",
"value": "Al recibir un correo electr\u00f3nico HTML que conten\u00eda un elemento <code>iframe</code>, que utilizaba un atributo <code>srcdoc</code> para definir el documento HTML interno, los objetos remotos especificados en el documento anidado, por ejemplo im\u00e1genes o v\u00eddeos , no fueron bloqueados. M\u00e1s bien, se acced\u00eda a la red, se cargaban los objetos y se mostraban. Esta vulnerabilidad afecta a Thunderbird &lt; 102.2.1 y Thunderbird &lt; 91.13.1."
}
],
"metrics": {
@ -41,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-863"
"value": "CWE-610"
}
]
}
@ -76,9 +80,7 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783831",
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
"Permissions Required"
]
},
{

View File

@ -2,12 +2,16 @@
"id": "CVE-2022-45918",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-07T01:15:11.677",
"lastModified": "2023-01-06T20:37:46.383",
"lastModified": "2024-02-09T02:38:20.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "ILIAS before 7.16 allows External Control of File Name or Path."
},
{
"lang": "es",
"value": "ILIAS anterior a 7.16 permite el control externo del nombre o ruta del archivo."
}
],
"metrics": {

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-25365",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.410",
"lastModified": "2024-02-08T22:15:08.410",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.463",
"lastModified": "2024-02-08T22:15:08.463",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32341",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.033",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255827",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116081",
"source": "psirt@us.ibm.com"
}
]
}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-36498",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.527",
"lastModified": "2024-02-06T18:15:58.383",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:09:17.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad del cliente PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad y obtener acceso a un shell sin restricciones."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40262",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.683",
"lastModified": "2024-02-08T23:15:09.683",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40263",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.730",
"lastModified": "2024-02-08T23:15:09.730",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40264",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.773",
"lastModified": "2024-02-08T23:15:09.773",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40265",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.770",
"lastModified": "2024-02-08T22:15:08.770",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40266",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.840",
"lastModified": "2024-02-08T22:15:08.840",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-42016",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.260",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-614"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265559",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116083",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42664",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.770",
"lastModified": "2024-02-06T18:15:58.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:11:08.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar la configuraci\u00f3n global PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43482",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:08.973",
"lastModified": "2024-02-06T18:15:58.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:11:03.607",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45187",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.493",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268749",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-45190",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.707",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45191",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.890",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268755",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-46683",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.180",
"lastModified": "2024-02-06T18:15:58.840",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:55.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar la funcionalidad VPN de protecci\u00f3n de cables de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47131",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.827",
"lastModified": "2024-02-08T23:15:09.827",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47132",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.877",
"lastModified": "2024-02-08T23:15:09.877",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47167",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.380",
"lastModified": "2024-02-06T18:15:58.923",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:50.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de pol\u00edtica GRE de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47209",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.593",
"lastModified": "2024-02-06T18:15:59.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:45.003",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de pol\u00edtica ipsec de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47617",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:09.797",
"lastModified": "2024-02-06T18:15:59.080",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:37.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar el miembro del grupo web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47618",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-06T17:15:10.013",
"lastModified": "2024-02-06T18:15:59.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:33.477",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de filtrado web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -46,10 +50,44 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49101",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:08.940",
"lastModified": "2024-02-08T22:15:08.940",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50356",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-01-31T11:15:07.910",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:00:50.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,8 +17,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
},
{
"source": "info@cert.vde.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:areal-topkapi:vision_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.2.4719",
"matchCriteriaId": "8C7F4AB6-5E01-424E-8B2D-A6E5295231D5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.areal-topkapi.com/en/services/security-bulletins",
"source": "info@cert.vde.com"
"source": "info@cert.vde.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51630",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-02-08T23:15:09.933",
"lastModified": "2024-02-08T23:15:09.933",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,19 +2,80 @@
"id": "CVE-2023-52425",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T20:15:46.063",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:03:16.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed."
},
{
"lang": "es",
"value": "libexpat hasta 2.5.0 permite una denegaci\u00f3n de servicio (consumo de recursos) porque se requieren muchos an\u00e1lisis completos en el caso de un token grande para el cual se necesitan m\u00faltiples rellenos de b\u00fafer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "1C50909D-8A18-484B-A7DB-7EF4CA67C2CB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/789",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

View File

@ -2,27 +2,94 @@
"id": "CVE-2023-52426",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T20:15:46.120",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:02:39.800",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time."
},
{
"lang": "es",
"value": "libexpat hasta 2.5.0 permite la expansi\u00f3n recursiva de entidades XML si XML_DTD no est\u00e1 definido en el momento de la compilaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-776"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.5.0",
"matchCriteriaId": "1C50909D-8A18-484B-A7DB-7EF4CA67C2CB"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://cwe.mitre.org/data/definitions/776.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Technical Description"
]
},
{
"url": "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/libexpat/libexpat/pull/777",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2023-5992",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.147",
"lastModified": "2024-01-31T14:28:47.077",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:00:00.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en OpenSC donde la eliminaci\u00f3n del relleno de cifrado PKCS#1 no se implementa como resistente al canal lateral. Este problema puede resultar en una posible filtraci\u00f3n de datos privados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,70 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.24.0",
"matchCriteriaId": "A3EB32A5-0147-4801-8E71-C881624EE6B9"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5992",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248685",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6028",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-05T18:15:51.670",
"lastModified": "2024-02-05T18:25:55.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:07:12.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) reflejada en la versi\u00f3n SVG de System Diagnostics Manager de B&amp;R Automation Runtime versiones &lt;= G4.93 que permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador del usuario atacado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
"versionEndExcluding": "i4.93",
"matchCriteriaId": "884D020E-3583-4A39-A843-DB5977674E39"
}
]
}
]
}
],
"references": [
{
"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf",
"source": "cybersecurity@ch.abb.com"
"source": "cybersecurity@ch.abb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6395",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T15:15:08.657",
"lastModified": "2024-01-30T05:15:08.500",
"lastModified": "2024-02-09T02:15:08.047",
"vulnStatus": "Modified",
"descriptions": [
{
@ -180,6 +180,10 @@
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/",
"source": "secalert@redhat.com"

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6779",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.700",
"lastModified": "2024-02-04T09:15:10.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T00:59:49.720",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,38 +80,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.39",
"matchCriteriaId": "9B07E72A-FA10-49C2-BBE3-468AF836A462"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6779",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202402-01",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6780",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.917",
"lastModified": "2024-02-04T09:15:10.487",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T00:59:38.740",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-131"
},
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,38 +84,105 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.37",
"matchCriteriaId": "8CFD354C-94B0-4DF2-B943-780F99A0CF07"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6780",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202402-01",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-02-04T20:15:46.477",
"lastModified": "2024-02-09T02:15:08.207",
"vulnStatus": "Modified",
"descriptions": [
{
@ -246,6 +246,10 @@
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-30",
"source": "secalert@redhat.com"

View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7043",
"sourceIdentifier": "security@eset.com",
"published": "2024-01-31T13:15:10.147",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:00:15.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."
},
{
"lang": "es",
"value": "La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicaci\u00f3n espec\u00edfica y ejecutarlo al arrancar con los permisos NT AUTHORITY\\NetworkService."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@eset.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-428"
}
]
},
{
"source": "security@eset.com",
"type": "Secondary",
@ -46,10 +80,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.2046.0",
"versionEndExcluding": "11.0.2032.0",
"matchCriteriaId": "50677A92-50F3-4020-BC55-B3C6FDB4511D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1.2046.0",
"versionEndExcluding": "11.0.2032.0",
"matchCriteriaId": "74708E09-04BF-47C1-88A9-B2A0C0FCF3B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.14.0",
"versionEndExcluding": "17.0.15.0",
"matchCriteriaId": "84EF91DD-15F6-4EF8-8B5F-C4CF4DBCBDF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:*",
"matchCriteriaId": "18A15279-74DB-487D-A585-BB07482505E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.14.0",
"versionEndExcluding": "17.0.15.0",
"matchCriteriaId": "D18A8A98-430B-495B-AAD9-8198E995F77E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.14.0",
"versionEndExcluding": "17.0.15.0",
"matchCriteriaId": "555830F1-6B12-44F7-B912-9061E0EB6E46"
}
]
}
]
}
],
"references": [
{
"url": "https://support.eset.com/en/ca8602",
"source": "security@eset.com"
"source": "security@eset.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0408",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.380",
"lastModified": "2024-01-31T13:15:10.350",
"lastModified": "2024-02-09T02:15:08.383",
"vulnStatus": "Modified",
"descriptions": [
{
@ -226,6 +226,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-30",
"source": "secalert@redhat.com"

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0409",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T16:15:08.593",
"lastModified": "2024-01-31T13:15:10.460",
"lastModified": "2024-02-09T02:15:08.533",
"vulnStatus": "Modified",
"descriptions": [
{
@ -227,6 +227,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.gentoo.org/glsa/202401-30",
"source": "secalert@redhat.com"

View File

@ -2,12 +2,12 @@
"id": "CVE-2024-0749",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.550",
"lastModified": "2024-02-02T17:18:54.040",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-09T02:15:08.690",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7."
},
{
"lang": "es",
@ -128,14 +128,6 @@
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org",

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0914",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T05:15:08.137",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:01:38.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.23.0",
"matchCriteriaId": "9AE1F758-E210-415A-9834-97D4F3721348"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0914",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260407",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://people.redhat.com/~hkario/marvin/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1283",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-07T00:15:56.323",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:15:08.810",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en Skia en Google Chrome anterior a 121.0.6167.160 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n el almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://issues.chromium.org/issues/41494860",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/",
"source": "chrome-cve-admin@google.com"
}
]
}

View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1284",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-07T00:15:56.380",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:15:08.883",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Mojo en Google Chrome anterior a 121.0.6167.160 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},
@ -19,6 +23,10 @@
{
"url": "https://issues.chromium.org/issues/41494539",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/",
"source": "chrome-cve-admin@google.com"
}
]
}

View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1353",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-09T01:15:09.140",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/nxGzfEB6fFVY",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.253226",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.253226",
"source": "cna@vuldb.com"
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20001",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.027",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:02:13.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,378 @@
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961601; ID del problema: DTV03961601."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5583:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C394724-3294-4953-85C8-EE3894B5092C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5586:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E684A498-10F3-4BD8-9935-9ED5933F9157"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5691:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96BD96BE-10BC-4C7E-8A48-C7CB08A61765"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5695:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75A56009-090B-4101-B000-224412058654"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC50C1C-A31D-4EDF-AB6A-FA1E92AE7F2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFB4E04-7BC0-4B48-ABD7-6971E4725895"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1DD6A9-E503-4A8E-92FF-625CD734DBD6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAAF66C-9C81-498B-A0C0-3295CB7324A9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1092AC-60EC-453C-9AA9-8F35A2A6DF92"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49437377-6D2F-40FD-8CCF-29179C19D296"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B45803F-1AD2-47C8-BB9B-276628A0D605"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9218:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B028E80F-396F-4898-841D-9E99DE54FAC2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB0DB25-6CFF-4688-B423-6CC0252C3B59"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E90123-D7DC-4C68-B2F9-27DCEDED2FC6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B250A0A-BE50-45B6-AD72-8EA876F64DD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9255:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A33A-7B04-4E14-A268-A717CD2420DA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC84405-17EE-4C25-8477-317F2A6A095F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85C42802-293E-448B-A059-DFDEF1D97EC2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9269:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19E7E64-721E-436B-B879-D1EDE5EFF84C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEEB709-8C7B-48AF-B359-9CE9C68790D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6081A92B-4361-462A-9F7F-570AC7256CDB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49ED757E-42DD-4176-B216-915EFD8E2F40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26696662-6232-458A-A1E1-067CBDB62FA9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA3286D-A136-4EB2-A181-6EF8A556EFDF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9611:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9F24C9-2A69-44D9-A16B-E4187230F984"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD04E099-75F4-48F6-BB8C-28A5D6FB8F60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92602E3-1B1B-4683-801D-D151919C63EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF44498-001B-4A51-AB32-EBC206B14741"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9617:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E6E130-9F65-482B-AF8B-97DA81FCE19E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E5EE7B-1208-4007-AF87-6DC309FFE312"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE404F4-FFAE-4646-9234-15230F0577F1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA834B63-F689-48BA-84E6-500351990BFD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1B3B37-22C4-42F4-8264-07512619D706"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9633:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF26725-1701-40F4-83E9-1A4709B60763"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B89606-5FD7-4513-984A-16217D37BF4B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76F4FC23-534B-449A-8344-1F13AE9C8C57"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392C9A58-EAB1-44B5-B189-98C68CC23199"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EF507-52A0-45D1-AC26-97F765E691FC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C826242C-440E-4D85-841E-570E9C69777C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB80E351-B6E5-4571-A603-04A3A6AFB8CB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4E9A32-6267-4AB3-B9A9-BBC79ED2F343"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7AC916-FF8D-430D-837C-0587056198AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9671:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94F5F738-459C-4316-80AF-1B9C33E0F36B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046B7E06-8C40-4D37-8D10-4816E51CA143"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD9AD54-9F0F-414B-8936-3A981657D6AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B429106-36BE-42F2-8D05-FB9EF00BDFBA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D78E76-6A3B-4736-B7E7-C9032CDA845B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20002",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.083",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:01:37.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,378 @@
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961715; ID del problema: DTV03961715."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5583:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C394724-3294-4953-85C8-EE3894B5092C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5586:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E684A498-10F3-4BD8-9935-9ED5933F9157"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5691:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96BD96BE-10BC-4C7E-8A48-C7CB08A61765"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5695:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75A56009-090B-4101-B000-224412058654"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9010:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC50C1C-A31D-4EDF-AB6A-FA1E92AE7F2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFB4E04-7BC0-4B48-ABD7-6971E4725895"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1DD6A9-E503-4A8E-92FF-625CD734DBD6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9020:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EAAF66C-9C81-498B-A0C0-3295CB7324A9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E1092AC-60EC-453C-9AA9-8F35A2A6DF92"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9026:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49437377-6D2F-40FD-8CCF-29179C19D296"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B45803F-1AD2-47C8-BB9B-276628A0D605"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9218:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B028E80F-396F-4898-841D-9E99DE54FAC2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9220:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FB0DB25-6CFF-4688-B423-6CC0252C3B59"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9E90123-D7DC-4C68-B2F9-27DCEDED2FC6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9222:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5B250A0A-BE50-45B6-AD72-8EA876F64DD4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9255:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C5A33A-7B04-4E14-A268-A717CD2420DA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC84405-17EE-4C25-8477-317F2A6A095F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9266:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85C42802-293E-448B-A059-DFDEF1D97EC2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9269:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F19E7E64-721E-436B-B879-D1EDE5EFF84C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4CEEB709-8C7B-48AF-B359-9CE9C68790D5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6081A92B-4361-462A-9F7F-570AC7256CDB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9602:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49ED757E-42DD-4176-B216-915EFD8E2F40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26696662-6232-458A-A1E1-067CBDB62FA9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BA3286D-A136-4EB2-A181-6EF8A556EFDF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9611:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A9F24C9-2A69-44D9-A16B-E4187230F984"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD04E099-75F4-48F6-BB8C-28A5D6FB8F60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E92602E3-1B1B-4683-801D-D151919C63EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF44498-001B-4A51-AB32-EBC206B14741"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9617:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E6E130-9F65-482B-AF8B-97DA81FCE19E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47E5EE7B-1208-4007-AF87-6DC309FFE312"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE404F4-FFAE-4646-9234-15230F0577F1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA834B63-F689-48BA-84E6-500351990BFD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1B3B37-22C4-42F4-8264-07512619D706"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9633:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF26725-1701-40F4-83E9-1A4709B60763"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11B89606-5FD7-4513-984A-16217D37BF4B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*",
"matchCriteriaId": "76F4FC23-534B-449A-8344-1F13AE9C8C57"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*",
"matchCriteriaId": "392C9A58-EAB1-44B5-B189-98C68CC23199"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D0EF507-52A0-45D1-AC26-97F765E691FC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C826242C-440E-4D85-841E-570E9C69777C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
"matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB80E351-B6E5-4571-A603-04A3A6AFB8CB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A4E9A32-6267-4AB3-B9A9-BBC79ED2F343"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD7AC916-FF8D-430D-837C-0587056198AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9671:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94F5F738-459C-4316-80AF-1B9C33E0F36B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "046B7E06-8C40-4D37-8D10-4816E51CA143"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
"matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD9AD54-9F0F-414B-8936-3A981657D6AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B429106-36BE-42F2-8D05-FB9EF00BDFBA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D78E76-6A3B-4736-B7E7-C9032CDA845B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20003",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.130",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:01:04.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,173 @@
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01191612 (MSV-981)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B87E31-AC92-445B-94B8-33DBF72EC11C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F883C6D3-1724-4553-9EFC-3D204FF3CAA3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20004",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.190",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:04:19.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,173 @@
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01195812 (MSV-985)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99B87E31-AC92-445B-94B8-33DBF72EC11C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F883C6D3-1724-4553-9EFC-3D204FF3CAA3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20006",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.233",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:04:52.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,113 @@
"value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477148; ID del problema: ALPS08477148."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20007",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.283",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:05:10.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,252 @@
"value": "En el decodificador de mp3, existe una posible escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441369; ID del problema: ALPS08441369."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20009",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.330",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:05:28.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,248 @@
"value": "En el decodificador alac, existe una posible escritura fuera de los l\u00edmites debido a un manejo incorrecto de errores. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441150; ID del problema: ALPS08441150."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2ED140-C41B-418B-9DC7-8C486304E769"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5B22E8-3536-4DBC-8E71-3E14FE45A887"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20010",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.387",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:05:47.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,368 @@
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358560; ID del problema: ALPS08358560."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20011",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.447",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:06:03.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,168 @@
"value": "En el decodificador alac, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441146; ID del problema: ALPS08441146."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD7BDC63-3963-4C4D-B547-2936006926E9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*",
"matchCriteriaId": "182A995C-2453-4DF2-ABCC-A885D8C334C0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E5B22E8-3536-4DBC-8E71-3E14FE45A887"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39915BEC-73D4-46B7-B52C-CED910AF3CA9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF828C6-4B05-4E12-9B78-782F1F062F39"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20012",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.490",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:06:22.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,328 @@
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358566; ID del problema: ALPS08358566."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20013",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.530",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:06:40.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,373 @@
"value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08471742; ID del problema: ALPS08308608."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20015",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.580",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:06:59.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,278 @@
"value": "En telephony, existe una posible escalada de privilegios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441419; ID del problema: ALPS08441419."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20016",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-02-05T06:15:47.627",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:07:50.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,258 @@
"value": "En ged, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con los privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07835901; ID del problema: ALPS07835901."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20955",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.647",
"lastModified": "2024-01-26T22:15:11.647",
"vulnStatus": "Modified",
"lastModified": "2024-02-09T02:26:25.517",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -57,6 +57,11 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
@ -69,13 +74,13 @@
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC"
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22236",
"sourceIdentifier": "security@vmware.com",
"published": "2024-01-31T07:15:07.697",
"lastModified": "2024-01-31T14:05:27.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:01:27.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security@vmware.com",
"type": "Secondary",
@ -38,10 +58,56 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndExcluding": "3.1.10",
"matchCriteriaId": "36CB4DBB-F5DB-4E5C-9D59-6499710BE4B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.0.5",
"matchCriteriaId": "7634805F-40C1-4BCA-A83F-AED0D141CAD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B852868-633D-4A85-A5A0-503C354F5D4A"
}
]
}
]
}
],
"references": [
{
"url": "https://spring.io/security/cve-2024-22236",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22318",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:09.440",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279091",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7116091",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22332",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:09.650",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279972",
"source": "psirt@us.ibm.com"
},
{
"url": "https://https://www.ibm.com/support/pages/node/7116046",
"source": "psirt@us.ibm.com"
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23170",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T08:15:42.220",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:01:16.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,75 @@
"value": "Se descubri\u00f3 un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Hab\u00eda un canal lateral de sincronizaci\u00f3n en las operaciones privadas de RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.28.7",
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.2",
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B"
}
]
}
]
}
],
"references": [
{
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23206",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.840",
"lastModified": "2024-02-06T02:15:08.810",
"lastModified": "2024-02-09T02:15:08.950",
"vulnStatus": "Modified",
"descriptions": [
{
@ -161,6 +161,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23213",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.183",
"lastModified": "2024-02-06T02:15:08.903",
"lastModified": "2024-02-09T02:15:09.080",
"vulnStatus": "Modified",
"descriptions": [
{
@ -162,6 +162,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com",

View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-02-06T02:15:09.010",
"lastModified": "2024-02-09T02:15:09.197",
"vulnStatus": "Modified",
"cisaExploitAdd": "2024-01-23",
"cisaActionDue": "2024-02-13",
@ -185,6 +185,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
"source": "product-security@apple.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com",

View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-23639",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T01:15:09.867",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-15"
},
{
"lang": "en",
"value": "CWE-610"
},
{
"lang": "en",
"value": "CWE-664"
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
"source": "security-advisories@github.com"
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23650",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:53.990",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:38:44.823",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n"
},
{
"lang": "es",
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Un cliente o interfaz de BuildKit malicioso podr\u00eda crear una solicitud que podr\u00eda provocar que el daemon BuildKit se bloquee en p\u00e1nico. El problema se solucion\u00f3 en v0.12.5. Como workaround, evite utilizar interfaces BuildKit de fuentes que no sean de confianza."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4601",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23651",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.183",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:43:51.767",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n"
},
{
"lang": "es",
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Dos pasos de compilaci\u00f3n maliciosos que se ejecutan en paralelo y comparten los mismos montajes de cach\u00e9 con subrutas podr\u00edan causar una condici\u00f3n de ejecuci\u00f3n que puede hacer que los archivos del sistema host sean accesibles al contenedor de compilaci\u00f3n. El problema se solucion\u00f3 en v0.12.5. Los workarounds incluyen evitar el uso de la interfaz de BuildKit desde una fuente que no es de confianza o crear un Dockerfile que no sea de confianza que contenga montajes de cach\u00e9 con las opciones --mount=type=cache,source=...."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4604",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.377",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:44:27.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature."
},
{
"lang": "es",
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Una interfaz de BuildKit maliciosa o un Dockerfile que use RUN --mount podr\u00eda enga\u00f1ar a la funci\u00f3n que elimina archivos vac\u00edos creados para los puntos de montaje para que elimine un archivo fuera del contenedor, del sistema host. El problema se solucion\u00f3 en v0.12.5. Los workarounds incluyen evitar el uso de interfaces de BuildKit desde una fuente que no sea de confianza o crear un Dockerfile que no sea de confianza que contenga la funci\u00f3n RUN --mount."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4603",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.600",
"lastModified": "2024-02-01T03:18:21.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:44:46.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n"
},
{
"lang": "es",
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Adem\u00e1s de ejecutar contenedores como pasos de compilaci\u00f3n, BuildKit tambi\u00e9n proporciona API para ejecutar contenedores interactivos basados en im\u00e1genes creadas. Era posible utilizar estas API para pedirle a BuildKit que ejecutara un contenedor con privilegios elevados. Normalmente, la ejecuci\u00f3n de dichos contenedores solo se permite si el derecho especial `security.insecure` est\u00e1 habilitado tanto por la configuraci\u00f3n de buildkitd como por el usuario que inicializa la solicitud de compilaci\u00f3n. El problema se solucion\u00f3 en v0.12.5. Evite el uso de interfaces BuildKit de fuentes no confiables."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +70,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.12.5",
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4602",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
]
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23756",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T21:15:08.380",
"lastModified": "2024-02-08T21:15:08.380",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23775",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T08:15:42.267",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:00:58.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,75 @@
"value": "Vulnerabilidad de desbordamiento de enteros en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de mbedtls_x509_set_extension()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.28.7",
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.5.2",
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B"
}
]
}
]
}
],
"references": [
{
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23917",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-02-06T10:15:09.280",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:05:22.180",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.11.3",
"matchCriteriaId": "8A42DE00-46DF-4A6D-A913-539C6054945B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

View File

@ -2,23 +2,87 @@
"id": "CVE-2024-24001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T00:15:56.443",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:25.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism."
},
{
"lang": "es",
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. a trav\u00e9s de la funci\u00f3n com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() de jshERP que permite a un atacante construir un payload malicioso para evitar el mecanismo de protecci\u00f3n de jshERP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/jishenghua/jshERP/issues/99",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

View File

@ -2,23 +2,86 @@
"id": "CVE-2024-24002",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T00:15:56.503",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:13.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection."
},
{
"lang": "es",
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. La funci\u00f3n com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() de jshERP no filtra los par\u00e1metros de `columna` y `orden` lo suficientemente bien, y un atacante puede construir un payload malicioso para eludir los de jshERP. Mecanismo de protecci\u00f3n en el m\u00e9todo `safeSqlParse` para inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24002.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/jishenghua/jshERP/issues/99",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

View File

@ -2,23 +2,87 @@
"id": "CVE-2024-24004",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-07T00:15:56.550",
"lastModified": "2024-02-07T01:11:27.753",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T02:10:07.263",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection."
},
{
"lang": "es",
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. La funci\u00f3n com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() de jshERP no filtra los par\u00e1metros de `columna` y `orden` lo suficientemente bien, y un atacante puede construir un payload malicioso para eludir los par\u00e1metros de jshERP Mecanismo de protecci\u00f3n en el m\u00e9todo `safeSqlParse` para inyecci\u00f3n SQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24004.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/jishenghua/jshERP/issues/99",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24393",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T22:15:09.130",
"lastModified": "2024-02-08T22:15:09.130",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,27 +2,93 @@
"id": "CVE-2024-24397",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:55.493",
"lastModified": "2024-02-05T18:25:55.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-09T01:06:54.700",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en Stimulsoft GmbH Stimulsoft Dashboard.JS anterior a v.2024.1.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo ReportName."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:stimulsoft:dashboards:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2024.1.2",
"matchCriteriaId": "D5824CDC-F493-4CC0-A3C4-C21B21F8527B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://stimulsoft.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://cves.at/posts/cve-2024-24397/writeup/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24494",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T21:15:08.437",
"lastModified": "2024-02-08T21:15:08.437",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24495",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T21:15:08.490",
"lastModified": "2024-02-08T21:15:08.490",
"vulnStatus": "Received",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

Some files were not shown because too many files have changed in this diff Show More