mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-02-09T03:00:24.960458+00:00
This commit is contained in:
parent
51d6f19d75
commit
2a2f2898fd
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2001-0830",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2001-12-06T05:00:00.000",
|
||||
"lastModified": "2017-10-10T01:29:53.627",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:52:21.457",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -11,6 +11,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -44,7 +66,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-772"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -58,9 +80,9 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:pld:6tunnel:*:*:*:*:*:*:*:*",
|
||||
"criteria": "cpe:2.3:a:6tunnel_project:6tunnel:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.08",
|
||||
"matchCriteriaId": "09817A67-3CC0-4014-9592-4C1592E7C17D"
|
||||
"matchCriteriaId": "B58776F5-F89E-456E-8BBF-B081DD979C39"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -70,19 +92,35 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://marc.info/?l=bugtraq&m=100386451702966&w=2",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/3467",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7337",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2003-0981",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2004-01-05T05:00:00.000",
|
||||
"lastModified": "2016-10-18T02:38:47.473",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:53:22.383",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -15,6 +15,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -48,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-346"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -62,8 +84,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:freescripts:visitorbook:le:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C05BD42A-A99E-4683-A034-BE7CDBA4F289"
|
||||
"criteria": "cpe:2.3:a:freescripts:visitorbook_le:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A8641B1D-117C-4913-B66D-48D7768F18FE"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -73,12 +95,16 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://marc.info/?l=bugtraq&m=107107840622493&w=2",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.westpoint.ltd.uk/advisories/wp-03-0001.txt",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2005-2088",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2005-07-05T04:00:00.000",
|
||||
"lastModified": "2023-02-13T01:16:07.923",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:40:37.067",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -51,7 +51,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
"value": "CWE-444"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -67,8 +67,8 @@
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "2.0.35",
|
||||
"versionEndIncluding": "2.0.55",
|
||||
"matchCriteriaId": "514A6F28-6C2B-495E-9816-C06ADCE3539D"
|
||||
"versionEndExcluding": "2.0.55",
|
||||
"matchCriteriaId": "7B627099-D2E2-4E43-84B7-0C921FAD4156"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -127,6 +127,69 @@
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/14530",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/17319",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/17487",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/17813",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/19072",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/19073",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/19185",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/19317",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/23074",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Not Applicable"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://securityreason.com/securityalert/604",
|
||||
"source": "secalert@redhat.com",
|
||||
@ -176,6 +239,7 @@
|
||||
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK13959&apar=only",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -183,6 +247,7 @@
|
||||
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -190,6 +255,7 @@
|
||||
"url": "http://www.apache.org/dist/httpd/CHANGES_1.3",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
@ -197,6 +263,7 @@
|
||||
"url": "http://www.apache.org/dist/httpd/CHANGES_2.0",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
@ -204,6 +271,7 @@
|
||||
"url": "http://www.debian.org/security/2005/dsa-803",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -211,6 +279,7 @@
|
||||
"url": "http://www.debian.org/security/2005/dsa-805",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -218,7 +287,7 @@
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:130",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
@ -239,6 +308,7 @@
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2005-582.html",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -254,6 +324,7 @@
|
||||
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
@ -262,6 +333,7 @@
|
||||
"url": "http://www.securityfocus.com/bid/14106",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
@ -270,6 +342,7 @@
|
||||
"url": "http://www.securityfocus.com/bid/15647",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
@ -285,6 +358,7 @@
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2140",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
@ -292,6 +366,7 @@
|
||||
"url": "http://www.vupen.com/english/advisories/2005/2659",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
@ -299,6 +374,7 @@
|
||||
"url": "http://www.vupen.com/english/advisories/2006/0789",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
@ -306,6 +382,7 @@
|
||||
"url": "http://www.vupen.com/english/advisories/2006/1018",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
@ -313,6 +390,7 @@
|
||||
"url": "http://www.vupen.com/english/advisories/2006/4680",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
@ -332,56 +410,105 @@
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r734a07156abf332d5ab27fb91d9d962cacfef4f3681e44056f064fa8%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/rd65d8ba68ba17e7deedafbf5bb4899f2ae4dad781d21b931c2941ac3%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/re895fc1736d25c8cf57e102c871613b8aeec9ea26fd8a44e7942b5ab%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11452",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -389,6 +516,7 @@
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1237",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -396,6 +524,7 @@
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1526",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -403,6 +532,7 @@
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1629",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
@ -410,6 +540,7 @@
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A840",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2005-2089",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2005-07-05T04:00:00.000",
|
||||
"lastModified": "2018-10-30T16:25:10.357",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:29:29.420",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -44,7 +44,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-444"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -58,13 +58,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F7C954A7-FF84-4DEB-8728-5B207F374ECC"
|
||||
"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "413C07EA-139F-4B7D-A58B-835BD2591FA0"
|
||||
"criteria": "cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9B4DF95D-B4B1-4FB6-9D27-A6D359EEACFA"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -74,19 +74,33 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://seclists.org/lists/bugtraq/2005/Jun/0025.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securiteam.com/securityreviews/5GP0220G0U.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.watchfire.com/resources/HTTP-Request-Smuggling.pdf",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42899",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2005-4206",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2005-12-13T11:03:00.000",
|
||||
"lastModified": "2017-07-20T01:29:12.003",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:28:08.810",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -11,6 +11,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -44,7 +66,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-601"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -58,13 +80,19 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_post_systems:6.2.3.23:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3F3D9504-565E-4A64-AEAA-C226FB1B1B86"
|
||||
"criteria": "cpe:2.3:a:blackboard:academic_suite:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "6.0.0.0",
|
||||
"matchCriteriaId": "1E586786-3A7D-4F69-A800-A0D6B280E63A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:blackboard:blackboard_learning_and_community_post_systems:6.3.1.424:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "397937CE-A799-452F-9079-7A026A4BD490"
|
||||
"criteria": "cpe:2.3:a:blackboard:academic_suite:6.2.3.23:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "51932C51-CCCC-419F-9655-C71B01D24336"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:blackboard:academic_suite:6.3.1.424:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "535D86A9-D28E-4356-AE5C-1018C1645942"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -72,20 +100,46 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://secunia.com/advisories/17991",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Exploit",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.ipomonis.com/advisories/Bb_6.zip",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.osvdb.org/21618",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/15814",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit"
|
||||
"Broken Link",
|
||||
"Exploit",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23558",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2006-6276",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2006-12-04T11:28:00.000",
|
||||
"lastModified": "2017-07-29T01:29:26.530",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:34:42.803",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -48,7 +48,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-444"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -67,94 +67,19 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:enterprise:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F40832C-EA2D-4AEF-9C98-36795D36BA06"
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "721D0068-2664-4E92-9D96-9007F2120450"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur1:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "9F076EB9-CE31-456E-B7E9-B9F4C26CB0DC"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:enterprise:*:*:*:*:*",
|
||||
"matchCriteriaId": "7805CF93-C1EC-4698-95A6-CAB9C26EEAB9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur2:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "951B75FF-9190-4AF7-BE9D-23C2114F71DC"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:enterprise:*:*:*:*:*",
|
||||
"matchCriteriaId": "D30859F7-97BE-4D6F-A9A8-EE12E8BC6201"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:7.0:ur3:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "D254F827-8A6C-496F-A6A0-667EF4F1D526"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*",
|
||||
"matchCriteriaId": "D9F68042-8C22-447E-8C6B-F44DEE5BF389"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "7659FD2B-6F83-44F1-B4A1-94D106B4C686"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:*:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "1379A19D-72CF-490C-871E-B67BA40547E6"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_application_server:8.1:ur1:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "E2A9B4B2-B844-411F-B4C7-9AC60C37A5A3"
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9134A420-1A6E-48C0-A6CE-5AE555FC0D94"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D36EE342-0A55-4F2E-9037-14C0975CEA9E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD35DA64-83B8-4EF4-94E8-D692E6FDD0AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BB5D85FB-D4A6-4518-BBD9-8D021446E433"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp3:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A1102A86-8FB6-418E-808E-A6B94016E0B0"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp4:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E6A1EC8B-311D-4D34-A669-FF52B29BB5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp5:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "66EA6738-9134-402C-AA74-68298F45B60F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp6:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4AB54F05-CBE0-4A3B-9941-A5509BF40EA1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:3.6:sp7:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BBA027B0-8996-4CBF-881D-D393C3508944"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_proxy_server:4.0:*:*:*:*:*:*:*",
|
||||
@ -165,51 +90,6 @@
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6E592549-5C28-4F0A-B407-06A33B3CFFF8"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57DC2FBE-6556-4113-83BF-ABCAC70CBDE6"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3DA512F0-B382-407E-B75D-5D2D15E185BB"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp3:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "16727FF1-3CD7-4667-A2BA-2241A3AFEED3"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp4:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F60E165E-5B62-4D46-941D-E84603516D23"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp5:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FF6BCC24-EADB-4EB8-9142-01D34C307C45"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp6:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "05017BA4-C9FC-4F7D-A5FE-9CE763CFE3E7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp7:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DCC700F7-8675-441A-8AB7-CEFF84639E7F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp8:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7BE04EB1-CDBD-4AA2-9513-826637F14771"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.0:sp9:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBD38B0A-EB9B-4556-B6DE-A7598ACC04AE"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*",
|
||||
@ -217,78 +97,8 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "85A181D1-C261-4C29-BC8C-A7A815A63E2E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3A10F68F-4A2F-44A0-A039-1A34C6E2D083"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "021DC080-18ED-41F4-9FBD-1DD0C332F871"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C878B2FD-88A1-44E2-9234-C40CA1DDC5BC"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "0F6B3BC6-9A4B-40E7-A540-9BCFC3D02E66"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "9760BDBA-E5FD-4AFF-ACB8-4C8B55CC3A61"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:update_3:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1A460F62-4594-447A-9D0B-9C1DBBDE9852"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "37553E5D-7B68-40C4-B970-FA0D02B7D3D9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur1:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "3D089210-2135-4D41-92AD-51FB97AB343E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "C2C8EF3B-1A44-4D15-B2BE-FC970281760C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur2:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "E3597345-9D0B-492B-99BC-1C992EBF7CD5"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "2E93217B-0307-4E04-BD02-50AD5AD35072"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur6:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "B77E35C5-FF8B-4BB5-A12E-E9B6485E207A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:platform:*:*:*:*:*",
|
||||
"matchCriteriaId": "3F7BD264-7418-4A48-9B67-BB90A9566E7A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:ur7:standard:*:*:*:*:*",
|
||||
"matchCriteriaId": "11BB061E-ECF0-49F3-A3A8-378284A4F983"
|
||||
"criteria": "cpe:2.3:a:sun:one_application_server:7.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "56BB3993-C089-421F-987E-D6294E8C909E"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -296,22 +106,45 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://secunia.com/advisories/23186",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://securitytracker.com/id?1017322",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://securitytracker.com/id?1017323",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://securitytracker.com/id?1017324",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
@ -319,16 +152,26 @@
|
||||
"url": "http://www.securityfocus.com/bid/21371",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
"Broken Link",
|
||||
"Patch",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2006/4793",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30662",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,9 +2,9 @@
|
||||
"id": "CVE-2007-0897",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2007-02-16T19:28:00.000",
|
||||
"lastModified": "2017-07-29T01:30:29.563",
|
||||
"vulnStatus": "Modified",
|
||||
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam AntiVirus, ClamAV, 0.90 Stable",
|
||||
"lastModified": "2024-02-09T02:48:50.797",
|
||||
"vulnStatus": "Analyzed",
|
||||
"evaluatorSolution": "This vulnerability is addressed in the following product release:\nClam AntiVirus, ClamAV, 0.90 Stable",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -49,7 +71,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-Other"
|
||||
"value": "CWE-772"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -63,291 +85,40 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.15",
|
||||
"matchCriteriaId": "E040C64A-273E-49FC-9B32-E25BE15D357A"
|
||||
},
|
||||
"criteria": "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.90",
|
||||
"matchCriteriaId": "EA546DD9-A29C-4D82-8E21-80619B2FF25B"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.20",
|
||||
"matchCriteriaId": "F4DAF18C-D921-448C-9806-F7161B742E51"
|
||||
},
|
||||
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "10.4.11",
|
||||
"matchCriteriaId": "B2D0444E-6B76-46EE-95EF-617F8967F6B6"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.21",
|
||||
"matchCriteriaId": "09A48542-552D-45B6-9989-EBA02C16BAD7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.22",
|
||||
"matchCriteriaId": "7F5E3E9F-9F7F-4366-AF74-5DD79D500ADA"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.23",
|
||||
"matchCriteriaId": "630D6FA9-DF36-4FFF-A894-282DBD3C6931"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.24",
|
||||
"matchCriteriaId": "C0CC9F29-854C-4B58-93B7-04FB5AFF4AF7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.51",
|
||||
"matchCriteriaId": "75501EBF-B78B-4160-B1FD-B8FF502BC860"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.52",
|
||||
"matchCriteriaId": "26AEB8E6-B3A9-48F6-AA7D-55FDB2B6DF8C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.53",
|
||||
"matchCriteriaId": "2D6117F8-A05B-42FA-B5CD-4646C0F755D6"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.54",
|
||||
"matchCriteriaId": "D40CD000-F4D6-48EA-8785-7C662DD4FB77"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.60",
|
||||
"matchCriteriaId": "2E370AEE-3D76-4DB3-B2EA-DE2F24A1D2B8"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.60p",
|
||||
"matchCriteriaId": "59FCC7A7-4AC9-4084-9684-E236FAEF4B3F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.65",
|
||||
"matchCriteriaId": "8848DF73-5C8F-4923-B6D5-103D3A4E45BB"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.67",
|
||||
"matchCriteriaId": "AC26FE6A-DA82-4F10-A176-6EF719383232"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.68",
|
||||
"matchCriteriaId": "D9ECDDC6-88C6-42DE-BC4D-F1099957341E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.68.1",
|
||||
"matchCriteriaId": "4014C1FE-9659-4D87-BE25-82A28222CEE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.70",
|
||||
"matchCriteriaId": "054DFC0C-996C-4ECD-8832-9E8C085B7C4D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.71",
|
||||
"matchCriteriaId": "CCEC1516-8A43-4010-903A-07DB582C18C6"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.72",
|
||||
"matchCriteriaId": "8582F6D3-EBD5-485B-8BB5-F91DDFC9C600"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.73",
|
||||
"matchCriteriaId": "09C15660-74FA-4AA0-929E-6291AE2B1297"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.74",
|
||||
"matchCriteriaId": "E68EB72E-EEDE-4231-B309-B6558956BC6C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.75",
|
||||
"matchCriteriaId": "BD05D78B-6F28-4068-88F7-96461D85236C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.75.1",
|
||||
"matchCriteriaId": "8278F2A2-8B1B-4FC2-BC66-C6EC87E9476D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.80",
|
||||
"matchCriteriaId": "F07C275E-16B0-4A2B-89A6-C68C68FCF67D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.80_rc1",
|
||||
"matchCriteriaId": "D0867DF1-4122-4E5C-8F72-FADB042DA14D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.80_rc2",
|
||||
"matchCriteriaId": "3CF31500-C66B-4FEC-90BE-30F7D0956929"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.80_rc3",
|
||||
"matchCriteriaId": "B721C0AE-AB73-4A9A-84CB-BECCD974CA99"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.80_rc4",
|
||||
"matchCriteriaId": "6638002E-716F-476A-9452-4C1B188CF59B"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.81",
|
||||
"matchCriteriaId": "C596E6BB-7060-4BA7-B2BA-8E84FF6BF9A4"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.81_rc1",
|
||||
"matchCriteriaId": "8943D346-7542-4DD4-82D0-B8CF1D0494B2"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.82",
|
||||
"matchCriteriaId": "9E3A3962-54F7-48EC-8ABD-BAE8C8B4727E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.83",
|
||||
"matchCriteriaId": "C745EB7E-367A-4C2B-B206-3FEB4C33A97A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.84",
|
||||
"matchCriteriaId": "8B796948-15AD-4A30-8251-67444175A777"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.84_rc1",
|
||||
"matchCriteriaId": "4C64CF0B-91A9-4EF7-B089-0B3CA26B2EFD"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.84_rc2",
|
||||
"matchCriteriaId": "56ED080B-6E44-4B47-833F-25535FCEDA69"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.85",
|
||||
"matchCriteriaId": "7A0FB401-6282-4687-A8EC-EB3BE02C293D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.85.1",
|
||||
"matchCriteriaId": "2C0E3FE9-0B62-484E-A7CF-1CE0BBDE36AE"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.86",
|
||||
"matchCriteriaId": "9391B98E-80A9-4C12-9EB8-F45A289FD9F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.86.1",
|
||||
"matchCriteriaId": "184FC0BC-25CD-4804-9DFF-9309F991557D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.86.2",
|
||||
"matchCriteriaId": "AFDA61E7-4CE4-4FDD-8B1B-BFF6A934CDA2"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.86_rc1",
|
||||
"matchCriteriaId": "18547613-F1A4-410C-A723-FC7BB8A270CC"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.87",
|
||||
"matchCriteriaId": "A5BF037B-141A-48AB-88A3-555836B160FF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.87.1",
|
||||
"matchCriteriaId": "D1873479-6058-472F-94AB-2601B2936812"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.88",
|
||||
"matchCriteriaId": "B498C911-81FC-4B1A-B9A4-5F266AA2B7CA"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.88.1",
|
||||
"matchCriteriaId": "990BE50A-0B0B-44CC-BE51-CF69C900EE52"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.88.3",
|
||||
"matchCriteriaId": "E9B0DEE6-CA69-4020-AF96-8C6E5872ADF5"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.88.4",
|
||||
"matchCriteriaId": "8D7A91DF-84B4-4E45-8675-E107D8BCD070"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.88.6",
|
||||
"matchCriteriaId": "F8D97900-5AD1-43BF-860F-537D25A54C95"
|
||||
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -357,57 +128,157 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://docs.info.apple.com/article.html?artnum=307562",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=475",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://osvdb.org/32283",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24183",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24187",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24192",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24319",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24332",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/24425",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/29420",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.debian.org/security/2007/dsa-1263",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/22580",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch"
|
||||
"Broken Link",
|
||||
"Patch",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1017659",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2007/0623",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0924/references",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32531",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2008-0166",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2008-05-13T17:20:00.000",
|
||||
"lastModified": "2022-02-02T14:59:01.730",
|
||||
"lastModified": "2024-02-09T02:45:16.693",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -22,6 +22,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -55,14 +77,13 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-310"
|
||||
"value": "CWE-338"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
@ -70,52 +91,53 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c-1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "38238ECD-0581-47A0-B65E-9AA63A6C3148"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908"
|
||||
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "0.9.8c-1",
|
||||
"versionEndIncluding": "0.9.8g",
|
||||
"matchCriteriaId": "8EEFA1C8-85D4-425F-A987-29AC6D10C303"
|
||||
}
|
||||
]
|
||||
},
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"
|
||||
},
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
|
||||
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
|
||||
}
|
||||
@ -132,6 +154,54 @@
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30136",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30220",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30221",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30231",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30239",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30249",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel",
|
||||
"source": "cve@mitre.org",
|
||||
@ -143,6 +213,7 @@
|
||||
"url": "http://www.debian.org/security/2008/dsa-1571",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
@ -151,6 +222,7 @@
|
||||
"url": "http://www.debian.org/security/2008/dsa-1576",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
@ -166,6 +238,7 @@
|
||||
"url": "http://www.securityfocus.com/archive/1/492112/100/0/threaded",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
@ -174,6 +247,7 @@
|
||||
"url": "http://www.securityfocus.com/bid/29179",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Exploit",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
@ -183,6 +257,7 @@
|
||||
"url": "http://www.securitytracker.com/id?1020017",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
@ -228,6 +303,7 @@
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-137A.html",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"US Government Resource"
|
||||
]
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2008-2052",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2008-05-02T17:05:00.000",
|
||||
"lastModified": "2017-08-08T01:30:42.963",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:31:16.793",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -15,6 +15,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -48,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-59"
|
||||
"value": "CWE-601"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -62,8 +84,8 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bitrix:bitrix_site_manager:6.5:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "92DAD826-62C2-4880-AADE-F8B3FB0248F2"
|
||||
"criteria": "cpe:2.3:a:bitrix24:bitrix_site_manager:6.5:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "339641BD-BEF4-4A84-B266-41BF09E63225"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -73,11 +95,18 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://holisticinfosec.org/content/view/62/45/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42157",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2008-2122",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2008-05-09T15:20:00.000",
|
||||
"lastModified": "2017-08-08T01:30:47.057",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:54:11.277",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -15,6 +15,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -48,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-399"
|
||||
"value": "CWE-772"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -71,25 +93,53 @@
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://secunia.com/advisories/30081",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21303877",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/29036",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securitytracker.com/id?1019964",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.vupen.com/english/advisories/2008/1427/references",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42173",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2008-2951",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2008-07-27T22:41:00.000",
|
||||
"lastModified": "2017-08-08T01:31:28.247",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:30:37.427",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -15,6 +15,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -48,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-20"
|
||||
"value": "CWE-601"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -62,139 +84,29 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "0.10.4",
|
||||
"matchCriteriaId": "6AB0CAB5-F4B4-44AE-A527-A3A089279943"
|
||||
"criteria": "cpe:2.3:a:edgewall:trac:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.10.5",
|
||||
"matchCriteriaId": "C6C4CEF3-92F7-4344-9833-7CBCEF16E94F"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.5:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F0C99624-9190-42FF-BDE9-A7A5938EDECA"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "04F968D4-9691-4ED1-A412-7DF43898863C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.5.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EE1121C-5E38-4811-A9BA-3122EF00941D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.6:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF9D8496-03C6-4C9E-9511-B32EE1AD6E91"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.6.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FF4AC75E-2EE6-4333-9AA5-B26571CA86AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.7:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A370F182-C0BF-4E53-81B5-57E03974FA00"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.7.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9C37AA14-7184-4FFC-BEDE-B567EE315E9F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.8:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "661C665F-A7F1-4631-B232-1DC9A2635E77"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.8.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9710175D-AB7F-4416-9BD6-DD9BD9D0D322"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.8.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3829D131-F1DB-426E-82C9-C39CBC1D8164"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.8.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9410D67A-6338-4076-AF88-9DFAB701E1FF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.8.4:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9239A5E2-62D4-4100-BA88-B114FE5944F0"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "39206222-52BA-49B3-B2D8-1AFB247AA05F"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9:b1:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BF8C0FF0-98FF-463F-B9F0-B26DC587CE05"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9:b2:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "ED00A360-A4BD-44A9-BF88-A81257CF5E3C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CEEE9CAF-6A17-4B68-988B-2EA0183FC45E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE0E4289-9154-4547-8DAA-51536706EFE7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7836864F-1F39-479A-99D0-A00247711FB4"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.4:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "14D2B12D-3479-435C-BF76-158C4152C548"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.5:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E9AC7C92-2D82-470E-A04A-5C2B5AAA8CFA"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.9.6:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "87EB909D-2F50-456E-9339-31617A9FC64E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.10:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "351C68FA-9A8E-4E65-BD8E-44F5BBDAFE8A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.10.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "76B67191-EBC8-4679-9434-9AF56E9151B7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.10.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA90857B-FA3A-4DD8-A20D-04837CCFFF77"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.10.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3012B1CE-686F-4F0E-BCB2-790D7C30D257"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:trac:trac:0.10.3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F826915A-400C-4DC8-83A3-6EC158ACE0D0"
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -204,27 +116,63 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://holisticinfosec.org/content/view/72/45/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/31314",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://trac.edgewall.org/wiki/ChangeLog",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.osvdb.org/46513",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/30402",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44043",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01261.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01270.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2011-4107",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2011-11-17T19:55:01.517",
|
||||
"lastModified": "2017-08-29T01:30:27.397",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:27:11.997",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -15,6 +15,28 @@
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
@ -48,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-200"
|
||||
"value": "CWE-611"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -62,118 +84,57 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3EE1361B-D70B-45B9-BD2F-7C049D96928A"
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "3.3.0.0",
|
||||
"versionEndExcluding": "3.3.10.5",
|
||||
"matchCriteriaId": "07CC6931-2524-492E-9290-2388CD6435F9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.6:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06EE0CCB-559F-457B-A1EC-79D0680DCDD8"
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "3.4.0.0",
|
||||
"versionEndExcluding": "3.4.7.1",
|
||||
"matchCriteriaId": "A872DC22-5EB5-4348-BEAD-61A59394AA51"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BDE52846-24EC-4068-B788-EC7F915FFF11"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.7:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "00826A60-50A4-4E05-B317-8D0A5FC637BC"
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:15:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9396E005-22D8-4342-9323-C7DEA379191D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7AC1AECC-6521-4D9D-88D5-86DA8BDB1D26"
|
||||
},
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.8.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "79093150-F515-42D9-AEF2-86C0C4B1B8AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1FE65F49-CDED-49B0-89F4-CE52E357069A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4B29D2E6-F327-4B19-B33F-E888F8B81E7B"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.9.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7C579327-8F92-41AF-926A-86442063A83D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8C3F84C4-883B-48DC-9181-E54A87DC973B"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2C10C216-594B-4F08-B86E-A476A452189B"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E3E72232-C7D1-4D3E-97D1-5F3B89D447ED"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3540439C-52FD-45A7-ABF4-E18C4AED89C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.3.10.4:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "31E1CEF6-682E-4580-8A90-864173C4E4A5"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.0.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2C714361-7AE3-4DC2-994C-7C67B41226B0"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.1.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2A3CED16-3ECE-49F6-A52B-0222B14DBC88"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.2.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E4938BCE-1365-469A-B714-A5D9C451FA20"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "35F46942-E054-43E4-9543-E126738845E2"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A1A24EBE-D760-4251-972E-86B71EC8A07D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.3.2:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9AC8F001-B2D6-49AD-94E7-673E8BEC958C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.4.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AE9EFA08-1838-46A9-A851-A0540C60739D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B231B0D4-F971-4D4F-97CE-74951DF2B681"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.6:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "35158ABE-56D7-499D-8268-D5452DE3E139"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.4.7:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD8C3CAC-7CE6-4D13-9640-B924081D628E"
|
||||
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -183,20 +144,40 @@
|
||||
"references": [
|
||||
{
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069625.html",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069635.html",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://osvdb.org/76798",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://packetstormsecurity.org/files/view/106511/phpmyadmin-fileread.txt",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Exploit"
|
||||
]
|
||||
},
|
||||
@ -204,28 +185,53 @@
|
||||
"url": "http://seclists.org/fulldisclosure/2011/Nov/21",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit"
|
||||
"Exploit",
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://secunia.com/advisories/46447",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://securityreason.com/securityalert/8533",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.debian.org/security/2012/dsa-2391",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:198",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2011/11/03/3",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.openwall.com/lists/oss-security/2011/11/03/5",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php",
|
||||
@ -237,12 +243,18 @@
|
||||
},
|
||||
{
|
||||
"url": "http://www.securityfocus.com/bid/50497",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://www.wooyun.org/bugs/wooyun-2010-03185",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Exploit"
|
||||
]
|
||||
},
|
||||
@ -250,12 +262,17 @@
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=751112",
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit"
|
||||
"Exploit",
|
||||
"Issue Tracking"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71108",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2016-10180",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2017-01-30T04:59:00.360",
|
||||
"lastModified": "2021-04-23T18:45:19.730",
|
||||
"lastModified": "2024-02-09T02:41:18.860",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -70,7 +70,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-338"
|
||||
"value": "CWE-335"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -109,6 +109,7 @@
|
||||
"url": "http://www.securityfocus.com/bid/95877",
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Broken Link",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2021-37147",
|
||||
"sourceIdentifier": "security@apache.org",
|
||||
"published": "2021-11-03T16:15:07.987",
|
||||
"lastModified": "2022-10-14T11:56:28.303",
|
||||
"lastModified": "2024-02-09T02:28:42.050",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -71,6 +71,10 @@
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-20"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-444"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2022-2820",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2022-08-15T11:21:31.687",
|
||||
"lastModified": "2023-07-10T16:15:48.020",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:29:58.530",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -103,8 +103,7 @@
|
||||
"url": "https://github.com/namelessmc/nameless/commit/469bebc17855720e43f0c8209c88a57d2b55f6de",
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
@ -112,8 +111,7 @@
|
||||
"source": "security@huntr.dev",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Patch",
|
||||
"Third Party Advisory"
|
||||
"Patch"
|
||||
]
|
||||
}
|
||||
]
|
||||
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-3032",
|
||||
"sourceIdentifier": "security@mozilla.org",
|
||||
"published": "2022-12-22T20:15:37.763",
|
||||
"lastModified": "2023-01-03T20:25:26.860",
|
||||
"lastModified": "2024-02-09T02:47:57.353",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Al recibir un correo electr\u00f3nico HTML que conten\u00eda un elemento <code>iframe</code>, que utilizaba un atributo <code>srcdoc</code> para definir el documento HTML interno, los objetos remotos especificados en el documento anidado, por ejemplo im\u00e1genes o v\u00eddeos , no fueron bloqueados. M\u00e1s bien, se acced\u00eda a la red, se cargaban los objetos y se mostraban. Esta vulnerabilidad afecta a Thunderbird < 102.2.1 y Thunderbird < 91.13.1."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -41,7 +45,7 @@
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-863"
|
||||
"value": "CWE-610"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -76,9 +80,7 @@
|
||||
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783831",
|
||||
"source": "security@mozilla.org",
|
||||
"tags": [
|
||||
"Issue Tracking",
|
||||
"Permissions Required",
|
||||
"Vendor Advisory"
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-45918",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2022-12-07T01:15:11.677",
|
||||
"lastModified": "2023-01-06T20:37:46.383",
|
||||
"lastModified": "2024-02-09T02:38:20.347",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "ILIAS before 7.16 allows External Control of File Name or Path."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "ILIAS anterior a 7.16 permite el control externo del nombre o ruta del archivo."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-25365",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:08.410",
|
||||
"lastModified": "2024-02-08T22:15:08.410",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-27001",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:08.463",
|
||||
"lastModified": "2024-02-08T22:15:08.463",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
59
CVE-2023/CVE-2023-323xx/CVE-2023-32341.json
Normal file
59
CVE-2023/CVE-2023-323xx/CVE-2023-32341.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-32341",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:08.033",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255827",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116081",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-36498",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:08.527",
|
||||
"lastModified": "2024-02-06T18:15:58.383",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:09:17.397",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad del cliente PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para activar esta vulnerabilidad y obtener acceso a un shell sin restricciones."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40262",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T23:15:09.683",
|
||||
"lastModified": "2024-02-08T23:15:09.683",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40263",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T23:15:09.730",
|
||||
"lastModified": "2024-02-08T23:15:09.730",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40264",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T23:15:09.773",
|
||||
"lastModified": "2024-02-08T23:15:09.773",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40265",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:08.770",
|
||||
"lastModified": "2024-02-08T22:15:08.770",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-40266",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:08.840",
|
||||
"lastModified": "2024-02-08T22:15:08.840",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
59
CVE-2023/CVE-2023-420xx/CVE-2023-42016.json
Normal file
59
CVE-2023/CVE-2023-420xx/CVE-2023-42016.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-42016",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:08.260",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-614"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265559",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116083",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-42664",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:08.770",
|
||||
"lastModified": "2024-02-06T18:15:58.670",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:11:08.817",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar la configuraci\u00f3n global PPTP de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-43482",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:08.973",
|
||||
"lastModified": "2024-02-06T18:15:58.757",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:11:03.607",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comandos en la funcionalidad de recursos invitados de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2023/CVE-2023-451xx/CVE-2023-45187.json
Normal file
59
CVE-2023/CVE-2023-451xx/CVE-2023-45187.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-45187",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:08.493",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-613"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268749",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116045",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
47
CVE-2023/CVE-2023-451xx/CVE-2023-45190.json
Normal file
47
CVE-2023/CVE-2023-451xx/CVE-2023-45190.json
Normal file
@ -0,0 +1,47 @@
|
||||
{
|
||||
"id": "CVE-2023-45190",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:08.707",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.5,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116045",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2023/CVE-2023-451xx/CVE-2023-45191.json
Normal file
59
CVE-2023/CVE-2023-451xx/CVE-2023-45191.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2023-45191",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:08.890",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-307"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268755",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116045",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-46683",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:09.180",
|
||||
"lastModified": "2024-02-06T18:15:58.840",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:55.253",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar la funcionalidad VPN de protecci\u00f3n de cables de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-47131",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T23:15:09.827",
|
||||
"lastModified": "2024-02-08T23:15:09.827",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-47132",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T23:15:09.877",
|
||||
"lastModified": "2024-02-08T23:15:09.877",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-47167",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:09.380",
|
||||
"lastModified": "2024-02-06T18:15:58.923",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:50.633",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de pol\u00edtica GRE de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-47209",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:09.593",
|
||||
"lastModified": "2024-02-06T18:15:59.000",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:45.003",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de pol\u00edtica ipsec de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-47617",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:09.797",
|
||||
"lastModified": "2024-02-06T18:15:59.080",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:37.967",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comando posterior a la autenticaci\u00f3n al configurar el miembro del grupo web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede dar lugar a la inyecci\u00f3n de comandos arbitrarios. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-47618",
|
||||
"sourceIdentifier": "talos-cna@cisco.com",
|
||||
"published": "2024-02-06T17:15:10.013",
|
||||
"lastModified": "2024-02-06T18:15:59.160",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:33.477",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de ejecuci\u00f3n de comando posterior a la autenticaci\u00f3n en la funcionalidad de filtrado web de Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. Una solicitud HTTP especialmente manipulada puede provocar la ejecuci\u00f3n de un comando arbitrario. Un atacante puede realizar una solicitud HTTP autenticada para desencadenar esta vulnerabilidad."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -46,10 +50,44 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:tp-link:er7206_firmware:1.3.0:build_20230322_rel_70591:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96429759-A111-4CB6-BB47-C258CFD5C301"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:tp-link:er7206:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB65324D-FD72-4C28-92AF-85BFF1E8A993"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859",
|
||||
"source": "talos-cna@cisco.com"
|
||||
"source": "talos-cna@cisco.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Technical Description",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-49101",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:08.940",
|
||||
"lastModified": "2024-02-08T22:15:08.940",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-50356",
|
||||
"sourceIdentifier": "info@cert.vde.com",
|
||||
"published": "2024-01-31T11:15:07.910",
|
||||
"lastModified": "2024-01-31T14:05:19.990",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:00:50.277",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -17,8 +17,28 @@
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "info@cert.vde.com",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.2,
|
||||
"impactScore": 4.2
|
||||
},
|
||||
{
|
||||
"source": "info@cert.vde.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
|
||||
@ -50,10 +70,31 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:areal-topkapi:vision_server:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "6.2.4719",
|
||||
"matchCriteriaId": "8C7F4AB6-5E01-424E-8B2D-A6E5295231D5"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.areal-topkapi.com/en/services/security-bulletins",
|
||||
"source": "info@cert.vde.com"
|
||||
"source": "info@cert.vde.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-51630",
|
||||
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
|
||||
"published": "2024-02-08T23:15:09.933",
|
||||
"lastModified": "2024-02-08T23:15:09.933",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,19 +2,80 @@
|
||||
"id": "CVE-2023-52425",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-04T20:15:46.063",
|
||||
"lastModified": "2024-02-05T02:09:37.420",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:03:16.300",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "libexpat hasta 2.5.0 permite una denegaci\u00f3n de servicio (consumo de recursos) porque se requieren muchos an\u00e1lisis completos en el caso de un token grande para el cual se necesitan m\u00faltiples rellenos de b\u00fafer."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "2.5.0",
|
||||
"matchCriteriaId": "1C50909D-8A18-484B-A7DB-7EF4CA67C2CB"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/libexpat/libexpat/pull/789",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,27 +2,94 @@
|
||||
"id": "CVE-2023-52426",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-04T20:15:46.120",
|
||||
"lastModified": "2024-02-05T02:09:37.420",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:02:39.800",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "libexpat hasta 2.5.0 permite la expansi\u00f3n recursiva de entidades XML si XML_DTD no est\u00e1 definido en el momento de la compilaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-776"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
|
||||
"versionEndIncluding": "2.5.0",
|
||||
"matchCriteriaId": "1C50909D-8A18-484B-A7DB-7EF4CA67C2CB"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://cwe.mitre.org/data/definitions/776.html",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Technical Description"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/libexpat/libexpat/pull/777",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2023-5992",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-31T14:15:48.147",
|
||||
"lastModified": "2024-01-31T14:28:47.077",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:00:00.933",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se encontr\u00f3 una vulnerabilidad en OpenSC donde la eliminaci\u00f3n del relleno de cifrado PKCS#1 no se implementa como resistente al canal lateral. Este problema puede resultar en una posible filtraci\u00f3n de datos privados."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.2,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -35,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-203"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +80,70 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:opensc_project:opensc:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.24.0",
|
||||
"matchCriteriaId": "A3EB32A5-0147-4801-8E71-C881624EE6B9"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-5992",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2248685",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Issue Tracking"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/OpenSC/OpenSC/wiki/CVE-2023-5992",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2023-6028",
|
||||
"sourceIdentifier": "cybersecurity@ch.abb.com",
|
||||
"published": "2024-02-05T18:15:51.670",
|
||||
"lastModified": "2024-02-05T18:25:55.213",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:07:12.437",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A reflected\ncross-site scripting (XSS) vulnerability exists in the SVG version of System\nDiagnostics Manager of B&R Automation Runtime versions <= G4.93 that\nenables a remote attacker to execute arbitrary JavaScript code in the context\nof the attacked user\u2019s browser session.\n\n\n\n\n\n\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Existe una vulnerabilidad de cross-site scripting (XSS) reflejada en la versi\u00f3n SVG de System Diagnostics Manager de B&R Automation Runtime versiones <= G4.93 que permite a un atacante remoto ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador del usuario atacado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@ch.abb.com",
|
||||
"type": "Secondary",
|
||||
@ -36,7 +60,7 @@
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cybersecurity@ch.abb.com",
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
@ -44,12 +68,43 @@
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@ch.abb.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "i4.93",
|
||||
"matchCriteriaId": "884D020E-3583-4A39-A843-DB5977674E39"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.br-automation.com/fileadmin/SA23P018_SDM_Web_interface_vulnerable_to_XSS-1d75bee8.pdf",
|
||||
"source": "cybersecurity@ch.abb.com"
|
||||
"source": "cybersecurity@ch.abb.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-6395",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-16T15:15:08.657",
|
||||
"lastModified": "2024-01-30T05:15:08.500",
|
||||
"lastModified": "2024-02-09T02:15:08.047",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -180,6 +180,10 @@
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/62SP2BJC2AFLFJJAEHPGZ3ZINTBTI7AN/",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NBFYREAJH4T7GXXQZ4GJEREN4Q3AHS3K/",
|
||||
"source": "secalert@redhat.com"
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6779",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-31T14:15:48.700",
|
||||
"lastModified": "2024-02-04T09:15:10.377",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T00:59:49.720",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -50,38 +80,105 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "2.39",
|
||||
"matchCriteriaId": "9B07E72A-FA10-49C2-BBE3-468AF836A462"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://seclists.org/fulldisclosure/2024/Feb/3",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-6779",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254395",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Issue Tracking"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202402-01",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Mailing List"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-6780",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-31T14:15:48.917",
|
||||
"lastModified": "2024-02-04T09:15:10.487",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T00:59:38.740",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,20 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-131"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-190"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -50,38 +84,105 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "2.37",
|
||||
"matchCriteriaId": "8CFD354C-94B0-4DF2-B943-780F99A0CF07"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Third Party Advisory",
|
||||
"VDB Entry"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "http://seclists.org/fulldisclosure/2024/Feb/3",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Mailing List",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2023-6780",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254396",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Issue Tracking"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MWQ6BZJ6CV5UAW4VZSKJ6TO4KIW2KWAQ/",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202402-01",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.openwall.com/lists/oss-security/2024/01/30/6",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Mailing List"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-6816",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-18T05:15:08.607",
|
||||
"lastModified": "2024-02-04T20:15:46.477",
|
||||
"lastModified": "2024-02-09T02:15:08.207",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -246,6 +246,10 @@
|
||||
"Mailing List"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202401-30",
|
||||
"source": "secalert@redhat.com"
|
||||
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2023-7043",
|
||||
"sourceIdentifier": "security@eset.com",
|
||||
"published": "2024-01-31T13:15:10.147",
|
||||
"lastModified": "2024-01-31T14:05:19.990",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:00:15.637",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Unquoted service path in ESET products allows to \n\ndrop a prepared program to a specific location\u00a0and\u00a0run on boot with the \n\nNT AUTHORITY\\NetworkService\u00a0permissions."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La ruta de servicio sin comillas en los productos ESET permite colocar un programa preparado en una ubicaci\u00f3n espec\u00edfica y ejecutarlo al arrancar con los permisos NT AUTHORITY\\NetworkService."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "security@eset.com",
|
||||
"type": "Secondary",
|
||||
@ -35,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-428"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "security@eset.com",
|
||||
"type": "Secondary",
|
||||
@ -46,10 +80,65 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:endpoint_antivirus:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "10.1.2046.0",
|
||||
"versionEndExcluding": "11.0.2032.0",
|
||||
"matchCriteriaId": "50677A92-50F3-4020-BC55-B3C6FDB4511D"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:endpoint_security:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "10.1.2046.0",
|
||||
"versionEndExcluding": "11.0.2032.0",
|
||||
"matchCriteriaId": "74708E09-04BF-47C1-88A9-B2A0C0FCF3B7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:internet_security:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "16.1.14.0",
|
||||
"versionEndExcluding": "17.0.15.0",
|
||||
"matchCriteriaId": "84EF91DD-15F6-4EF8-8B5F-C4CF4DBCBDF9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:mail_security:10.1.10012.0:*:*:*:*:exchange_server:*:*",
|
||||
"matchCriteriaId": "18A15279-74DB-487D-A585-BB07482505E8"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:nod32_antivirus:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "16.1.14.0",
|
||||
"versionEndExcluding": "17.0.15.0",
|
||||
"matchCriteriaId": "D18A8A98-430B-495B-AAD9-8198E995F77E"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:eset:smart_security_premium:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "16.1.14.0",
|
||||
"versionEndExcluding": "17.0.15.0",
|
||||
"matchCriteriaId": "555830F1-6B12-44F7-B912-9061E0EB6E46"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://support.eset.com/en/ca8602",
|
||||
"source": "security@eset.com"
|
||||
"source": "security@eset.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-0408",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-18T16:15:08.380",
|
||||
"lastModified": "2024-01-31T13:15:10.350",
|
||||
"lastModified": "2024-02-09T02:15:08.383",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -226,6 +226,10 @@
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202401-30",
|
||||
"source": "secalert@redhat.com"
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-0409",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-18T16:15:08.593",
|
||||
"lastModified": "2024-01-31T13:15:10.460",
|
||||
"lastModified": "2024-02-09T02:15:08.533",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -227,6 +227,10 @@
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202401-30",
|
||||
"source": "secalert@redhat.com"
|
||||
|
@ -2,12 +2,12 @@
|
||||
"id": "CVE-2024-0749",
|
||||
"sourceIdentifier": "security@mozilla.org",
|
||||
"published": "2024-01-23T14:15:38.550",
|
||||
"lastModified": "2024-02-02T17:18:54.040",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2024-02-09T02:15:08.690",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
|
||||
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
@ -128,14 +128,6 @@
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
|
||||
"source": "security@mozilla.org",
|
||||
"tags": [
|
||||
"Release Notes",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
|
||||
"source": "security@mozilla.org",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-0914",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-31T05:15:08.137",
|
||||
"lastModified": "2024-01-31T14:05:27.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:01:38.453",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.2,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-203"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
@ -50,18 +80,66 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:opencryptoki_project:opencryptoki:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "3.23.0",
|
||||
"matchCriteriaId": "9AE1F758-E210-415A-9834-97D4F3721348"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2024-0914",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260407",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Issue Tracking",
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://people.redhat.com/~hkario/marvin/",
|
||||
"source": "secalert@redhat.com"
|
||||
"source": "secalert@redhat.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-1283",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-02-07T00:15:56.323",
|
||||
"lastModified": "2024-02-07T01:11:27.753",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:15:08.810",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en Skia en Google Chrome anterior a 121.0.6167.160 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n el almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
@ -19,6 +23,10 @@
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/41494860",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-1284",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-02-07T00:15:56.380",
|
||||
"lastModified": "2024-02-07T01:11:27.753",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:15:08.883",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Use after free en Mojo en Google Chrome anterior a 121.0.6167.160 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del almacenamiento din\u00e1mico a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
@ -19,6 +23,10 @@
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/41494539",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
}
|
||||
]
|
||||
}
|
88
CVE-2024/CVE-2024-13xx/CVE-2024-1353.json
Normal file
88
CVE-2024/CVE-2024-13xx/CVE-2024-1353.json
Normal file
@ -0,0 +1,88 @@
|
||||
{
|
||||
"id": "CVE-2024-1353",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-02-09T01:15:09.140",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"accessVector": "ADJACENT_NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 5.8
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 6.5,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-502"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://note.zhaoj.in/share/nxGzfEB6fFVY",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.253226",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.253226",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20001",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.027",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:02:13.153",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,378 @@
|
||||
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961601; ID del problema: DTV03961601."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5583:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6C394724-3294-4953-85C8-EE3894B5092C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5586:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E684A498-10F3-4BD8-9935-9ED5933F9157"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5691:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96BD96BE-10BC-4C7E-8A48-C7CB08A61765"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5695:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "75A56009-090B-4101-B000-224412058654"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9010:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3EC50C1C-A31D-4EDF-AB6A-FA1E92AE7F2A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9012:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CBFB4E04-7BC0-4B48-ABD7-6971E4725895"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9016:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EE1DD6A9-E503-4A8E-92FF-625CD734DBD6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9020:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EAAF66C-9C81-498B-A0C0-3295CB7324A9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9021:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3E1092AC-60EC-453C-9AA9-8F35A2A6DF92"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9026:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "49437377-6D2F-40FD-8CCF-29179C19D296"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9216:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4B45803F-1AD2-47C8-BB9B-276628A0D605"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9218:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B028E80F-396F-4898-841D-9E99DE54FAC2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9220:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6FB0DB25-6CFF-4688-B423-6CC0252C3B59"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9221:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B9E90123-D7DC-4C68-B2F9-27DCEDED2FC6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9222:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "5B250A0A-BE50-45B6-AD72-8EA876F64DD4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9255:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D9C5A33A-7B04-4E14-A268-A717CD2420DA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FAC84405-17EE-4C25-8477-317F2A6A095F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9266:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "85C42802-293E-448B-A059-DFDEF1D97EC2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9269:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F19E7E64-721E-436B-B879-D1EDE5EFF84C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4CEEB709-8C7B-48AF-B359-9CE9C68790D5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6081A92B-4361-462A-9F7F-570AC7256CDB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9602:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "49ED757E-42DD-4176-B216-915EFD8E2F40"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9603:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "26696662-6232-458A-A1E1-067CBDB62FA9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9610:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6BA3286D-A136-4EB2-A181-6EF8A556EFDF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9611:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A9F24C9-2A69-44D9-A16B-E4187230F984"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9612:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BD04E099-75F4-48F6-BB8C-28A5D6FB8F60"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9613:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E92602E3-1B1B-4683-801D-D151919C63EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9615:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "0AF44498-001B-4A51-AB32-EBC206B14741"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9617:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F2E6E130-9F65-482B-AF8B-97DA81FCE19E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "47E5EE7B-1208-4007-AF87-6DC309FFE312"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9630:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9FE404F4-FFAE-4646-9234-15230F0577F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA834B63-F689-48BA-84E6-500351990BFD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EF1B3B37-22C4-42F4-8264-07512619D706"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9633:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "5CF26725-1701-40F4-83E9-1A4709B60763"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "11B89606-5FD7-4513-984A-16217D37BF4B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "76F4FC23-534B-449A-8344-1F13AE9C8C57"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "392C9A58-EAB1-44B5-B189-98C68CC23199"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2D0EF507-52A0-45D1-AC26-97F765E691FC"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C826242C-440E-4D85-841E-570E9C69777C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9660:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DB80E351-B6E5-4571-A603-04A3A6AFB8CB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9666:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1A4E9A32-6267-4AB3-B9A9-BBC79ED2F343"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9667:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CD7AC916-FF8D-430D-837C-0587056198AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9671:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "94F5F738-459C-4316-80AF-1B9C33E0F36B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "046B7E06-8C40-4D37-8D10-4816E51CA143"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CFD9AD54-9F0F-414B-8936-3A981657D6AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4B429106-36BE-42F2-8D05-FB9EF00BDFBA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F7D78E76-6A3B-4736-B7E7-C9032CDA845B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20002",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.083",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:01:37.090",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,378 @@
|
||||
"value": "En TVAPI, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03961715; ID del problema: DTV03961715."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5583:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6C394724-3294-4953-85C8-EE3894B5092C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5586:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E684A498-10F3-4BD8-9935-9ED5933F9157"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5691:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "96BD96BE-10BC-4C7E-8A48-C7CB08A61765"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5695:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "75A56009-090B-4101-B000-224412058654"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt5696:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A07610A-173B-4DF2-8DAD-D2FF07EB9A17"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9010:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3EC50C1C-A31D-4EDF-AB6A-FA1E92AE7F2A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9012:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CBFB4E04-7BC0-4B48-ABD7-6971E4725895"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9015:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "354492FD-4052-41F8-805E-55F387AF8F17"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9016:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EE1DD6A9-E503-4A8E-92FF-625CD734DBD6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9020:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EAAF66C-9C81-498B-A0C0-3295CB7324A9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9021:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3E1092AC-60EC-453C-9AA9-8F35A2A6DF92"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9025:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A6133E43-E032-4334-88C7-116B27B3090D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9026:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "49437377-6D2F-40FD-8CCF-29179C19D296"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9216:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4B45803F-1AD2-47C8-BB9B-276628A0D605"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9218:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B028E80F-396F-4898-841D-9E99DE54FAC2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9220:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6FB0DB25-6CFF-4688-B423-6CC0252C3B59"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9221:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B9E90123-D7DC-4C68-B2F9-27DCEDED2FC6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9222:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "5B250A0A-BE50-45B6-AD72-8EA876F64DD4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9255:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D9C5A33A-7B04-4E14-A268-A717CD2420DA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FAC84405-17EE-4C25-8477-317F2A6A095F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9266:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "85C42802-293E-448B-A059-DFDEF1D97EC2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9269:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F19E7E64-721E-436B-B879-D1EDE5EFF84C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4CEEB709-8C7B-48AF-B359-9CE9C68790D5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9288:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6081A92B-4361-462A-9F7F-570AC7256CDB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9602:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "49ED757E-42DD-4176-B216-915EFD8E2F40"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9603:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "26696662-6232-458A-A1E1-067CBDB62FA9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9610:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6BA3286D-A136-4EB2-A181-6EF8A556EFDF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9611:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8A9F24C9-2A69-44D9-A16B-E4187230F984"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9612:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BD04E099-75F4-48F6-BB8C-28A5D6FB8F60"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9613:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E92602E3-1B1B-4683-801D-D151919C63EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9615:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "0AF44498-001B-4A51-AB32-EBC206B14741"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9617:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F2E6E130-9F65-482B-AF8B-97DA81FCE19E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9618:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "311AFBA9-A0AD-4638-ACFF-0D4AC12FA127"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "47E5EE7B-1208-4007-AF87-6DC309FFE312"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9630:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9FE404F4-FFAE-4646-9234-15230F0577F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA834B63-F689-48BA-84E6-500351990BFD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EF1B3B37-22C4-42F4-8264-07512619D706"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9633:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "5CF26725-1701-40F4-83E9-1A4709B60763"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "11B89606-5FD7-4513-984A-16217D37BF4B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "76F4FC23-534B-449A-8344-1F13AE9C8C57"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "392C9A58-EAB1-44B5-B189-98C68CC23199"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2D0EF507-52A0-45D1-AC26-97F765E691FC"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C826242C-440E-4D85-841E-570E9C69777C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9660:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DB80E351-B6E5-4571-A603-04A3A6AFB8CB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9666:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1A4E9A32-6267-4AB3-B9A9-BBC79ED2F343"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9667:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CD7AC916-FF8D-430D-837C-0587056198AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9671:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "94F5F738-459C-4316-80AF-1B9C33E0F36B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "046B7E06-8C40-4D37-8D10-4816E51CA143"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CFD9AD54-9F0F-414B-8936-3A981657D6AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4B429106-36BE-42F2-8D05-FB9EF00BDFBA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F7D78E76-6A3B-4736-B7E7-C9032CDA845B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt9689:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B84CEB95-BF9E-42E3-90F4-70B1C7EE41A6"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20003",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.130",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:01:04.183",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,173 @@
|
||||
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01191612 (MSV-981)."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99B87E31-AC92-445B-94B8-33DBF72EC11C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F883C6D3-1724-4553-9EFC-3D204FF3CAA3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20004",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.190",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:04:19.843",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,173 @@
|
||||
"value": "En Modem NL1, existe una posible falla del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio, si NW env\u00eda un mensaje de configuraci\u00f3n de conexi\u00f3n NR RRC no v\u00e1lido, sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01191612; ID del problema: MOLY01195812 (MSV-985)."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6297:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "99B87E31-AC92-445B-94B8-33DBF72EC11C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F883C6D3-1724-4553-9EFC-3D204FF3CAA3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20006",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.233",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:04:52.490",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,113 @@
|
||||
"value": "En da, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477148; ID del problema: ALPS08477148."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20007",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.283",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:05:10.947",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,252 @@
|
||||
"value": "En el decodificador de mp3, existe una posible escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441369; ID del problema: ALPS08441369."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.6,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-362"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20009",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.330",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:05:28.177",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,248 @@
|
||||
"value": "En el decodificador alac, existe una posible escritura fuera de los l\u00edmites debido a un manejo incorrecto de errores. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS08441150; ID del problema: ALPS08441150."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8163:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1D2ED140-C41B-418B-9DC7-8C486304E769"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1E5B22E8-3536-4DBC-8E71-3E14FE45A887"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20010",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.387",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:05:47.917",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,368 @@
|
||||
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358560; ID del problema: ALPS08358560."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20011",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.447",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:06:03.160",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,168 @@
|
||||
"value": "En el decodificador alac, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441146; ID del problema: ALPS08441146."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-119"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8127:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BD7BDC63-3963-4C4D-B547-2936006926E9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8135:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "182A995C-2453-4DF2-ABCC-A885D8C334C0"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8176:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1E5B22E8-3536-4DBC-8E71-3E14FE45A887"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8312c:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "39915BEC-73D4-46B7-B52C-CED910AF3CA9"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8312d:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3EF828C6-4B05-4E12-9B78-782F1F062F39"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20012",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.490",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:06:22.713",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,328 @@
|
||||
"value": "En keyInstall, existe una posible escalada de privilegios debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08358566; ID del problema: ALPS08358566."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20013",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.530",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:06:40.570",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,373 @@
|
||||
"value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08471742; ID del problema: ALPS08308608."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20015",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.580",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:06:59.953",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,278 @@
|
||||
"value": "En telephony, existe una posible escalada de privilegios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08441419; ID del problema: ALPS08441419."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20016",
|
||||
"sourceIdentifier": "security@mediatek.com",
|
||||
"published": "2024-02-05T06:15:47.627",
|
||||
"lastModified": "2024-02-05T13:54:33.663",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:07:50.523",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,258 @@
|
||||
"value": "En ged, existe una posible escritura fuera de los l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con los privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS07835901; ID del problema: ALPS07835901."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 4.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-190"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
|
||||
},
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://corp.mediatek.com/product-security-bulletin/February-2024",
|
||||
"source": "security@mediatek.com"
|
||||
"source": "security@mediatek.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-20955",
|
||||
"sourceIdentifier": "secalert_us@oracle.com",
|
||||
"published": "2024-01-16T22:15:42.647",
|
||||
"lastModified": "2024-01-26T22:15:11.647",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-02-09T02:26:25.517",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -57,6 +57,11 @@
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:oracle:graalvm:20.3.12:*:*:*:enterprise:*:*:*",
|
||||
"matchCriteriaId": "D17D1EA4-A45F-4D8D-BA3E-4898EC6D48B7"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:oracle:graalvm:21.3.8:*:*:*:enterprise:*:*:*",
|
||||
@ -69,13 +74,13 @@
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:oracle:jdk:17.0.9:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "EF6AA431-8965-4B53-AF0F-DB3AB7A9A3F3"
|
||||
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:oracle:jre:17.0.9:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "BF274813-F650-447C-A1A6-61D5F8FF71BA"
|
||||
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-22236",
|
||||
"sourceIdentifier": "security@vmware.com",
|
||||
"published": "2024-01-31T07:15:07.697",
|
||||
"lastModified": "2024-01-31T14:05:27.507",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:01:27.447",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
},
|
||||
{
|
||||
"source": "security@vmware.com",
|
||||
"type": "Secondary",
|
||||
@ -38,10 +58,56 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-732"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "3.1.0",
|
||||
"versionEndExcluding": "3.1.10",
|
||||
"matchCriteriaId": "36CB4DBB-F5DB-4E5C-9D59-6499710BE4B4"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "4.0.0",
|
||||
"versionEndExcluding": "4.0.5",
|
||||
"matchCriteriaId": "7634805F-40C1-4BCA-A83F-AED0D141CAD9"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:vmware:spring_cloud_contract:4.1.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2B852868-633D-4A85-A5A0-503C354F5D4A"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://spring.io/security/cve-2024-22236",
|
||||
"source": "security@vmware.com"
|
||||
"source": "security@vmware.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2024/CVE-2024-223xx/CVE-2024-22318.json
Normal file
59
CVE-2024/CVE-2024-223xx/CVE-2024-22318.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-22318",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:09.440",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.4,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279091",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7116091",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2024/CVE-2024-223xx/CVE-2024-22332.json
Normal file
59
CVE-2024/CVE-2024-223xx/CVE-2024-22332.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-22332",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-02-09T01:15:09.650",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279972",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://https://www.ibm.com/support/pages/node/7116046",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-23170",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-31T08:15:42.220",
|
||||
"lastModified": "2024-01-31T14:05:19.990",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:01:16.947",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,75 @@
|
||||
"value": "Se descubri\u00f3 un problema en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2. Hab\u00eda un canal lateral de sincronizaci\u00f3n en las operaciones privadas de RSA. Este canal lateral podr\u00eda ser suficiente para que un atacante local recupere el texto plano. Requiere que el atacante env\u00ede una gran cantidad de mensajes para descifrarlos, como se describe en \"Everlasting ROBOT: the Marvin Attack\" de Hubert Kario."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-203"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "2.0.0",
|
||||
"versionEndExcluding": "2.28.7",
|
||||
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "3.0.0",
|
||||
"versionEndExcluding": "3.5.2",
|
||||
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-23206",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-23T01:15:10.840",
|
||||
"lastModified": "2024-02-06T02:15:08.810",
|
||||
"lastModified": "2024-02-09T02:15:08.950",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -161,6 +161,10 @@
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://support.apple.com/en-us/HT214055",
|
||||
"source": "product-security@apple.com",
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-23213",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-23T01:15:11.183",
|
||||
"lastModified": "2024-02-06T02:15:08.903",
|
||||
"lastModified": "2024-02-09T02:15:09.080",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -162,6 +162,10 @@
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://support.apple.com/en-us/HT214055",
|
||||
"source": "product-security@apple.com",
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-23222",
|
||||
"sourceIdentifier": "product-security@apple.com",
|
||||
"published": "2024-01-23T01:15:11.500",
|
||||
"lastModified": "2024-02-06T02:15:09.010",
|
||||
"lastModified": "2024-02-09T02:15:09.197",
|
||||
"vulnStatus": "Modified",
|
||||
"cisaExploitAdd": "2024-01-23",
|
||||
"cisaActionDue": "2024-02-13",
|
||||
@ -185,6 +185,10 @@
|
||||
"url": "http://www.openwall.com/lists/oss-security/2024/02/05/8",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/",
|
||||
"source": "product-security@apple.com"
|
||||
},
|
||||
{
|
||||
"url": "https://support.apple.com/en-us/HT214055",
|
||||
"source": "product-security@apple.com",
|
||||
|
67
CVE-2024/CVE-2024-236xx/CVE-2024-23639.json
Normal file
67
CVE-2024/CVE-2024-236xx/CVE-2024-23639.json
Normal file
@ -0,0 +1,67 @@
|
||||
{
|
||||
"id": "CVE-2024-23639",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-02-09T01:15:09.867",
|
||||
"lastModified": "2024-02-09T01:37:53.353",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are \"simple\" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.5,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-15"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-610"
|
||||
},
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-664"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2024-23650",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-31T22:15:53.990",
|
||||
"lastModified": "2024-02-01T03:18:21.737",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:38:44.823",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Un cliente o interfaz de BuildKit malicioso podr\u00eda crear una solicitud que podr\u00eda provocar que el daemon BuildKit se bloquee en p\u00e1nico. El problema se solucion\u00f3 en v0.12.5. Como workaround, evite utilizar interfaces BuildKit de fuentes que no sean de confianza."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 1.4
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +70,47 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.12.5",
|
||||
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/pull/4601",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2024-23651",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-31T22:15:54.183",
|
||||
"lastModified": "2024-02-01T03:18:21.737",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:43:51.767",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Dos pasos de compilaci\u00f3n maliciosos que se ejecutan en paralelo y comparten los mismos montajes de cach\u00e9 con subrutas podr\u00edan causar una condici\u00f3n de ejecuci\u00f3n que puede hacer que los archivos del sistema host sean accesibles al contenedor de compilaci\u00f3n. El problema se solucion\u00f3 en v0.12.5. Los workarounds incluyen evitar el uso de la interfaz de BuildKit desde una fuente que no es de confianza o crear un Dockerfile que no sea de confianza que contenga montajes de cach\u00e9 con las opciones --mount=type=cache,source=...."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.4,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.2,
|
||||
"impactScore": 5.2
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +70,47 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.12.5",
|
||||
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/pull/4604",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2024-23652",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-31T22:15:54.377",
|
||||
"lastModified": "2024-02-01T03:18:21.737",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:44:27.827",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Una interfaz de BuildKit maliciosa o un Dockerfile que use RUN --mount podr\u00eda enga\u00f1ar a la funci\u00f3n que elimina archivos vac\u00edos creados para los puntos de montaje para que elimine un archivo fuera del contenedor, del sistema host. El problema se solucion\u00f3 en v0.12.5. Los workarounds incluyen evitar el uso de interfaces de BuildKit desde una fuente que no sea de confianza o crear un Dockerfile que no sea de confianza que contenga la funci\u00f3n RUN --mount."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.1,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.2
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +70,47 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.12.5",
|
||||
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/pull/4603",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,16 +2,40 @@
|
||||
"id": "CVE-2024-23653",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-01-31T22:15:54.600",
|
||||
"lastModified": "2024-02-01T03:18:21.737",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:44:46.710",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "BuildKit es un conjunto de herramientas para convertir c\u00f3digo fuente para crear artefactos de manera eficiente, expresiva y repetible. Adem\u00e1s de ejecutar contenedores como pasos de compilaci\u00f3n, BuildKit tambi\u00e9n proporciona API para ejecutar contenedores interactivos basados en im\u00e1genes creadas. Era posible utilizar estas API para pedirle a BuildKit que ejecutara un contenedor con privilegios elevados. Normalmente, la ejecuci\u00f3n de dichos contenedores solo se permite si el derecho especial `security.insecure` est\u00e1 habilitado tanto por la configuraci\u00f3n de buildkitd como por el usuario que inicializa la solicitud de compilaci\u00f3n. El problema se solucion\u00f3 en v0.12.5. Evite el uso de interfaces BuildKit de fuentes no confiables."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
@ -46,18 +70,47 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:mobyproject:buildkit:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "0.12.5",
|
||||
"matchCriteriaId": "0AAE2F08-4E4D-4B85-8230-8D5BA7788D3D"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/pull/4602",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Patch",
|
||||
"Release Notes"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g",
|
||||
"source": "security-advisories@github.com"
|
||||
"source": "security-advisories@github.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-23756",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T21:15:08.380",
|
||||
"lastModified": "2024-02-08T21:15:08.380",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-23775",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-01-31T08:15:42.267",
|
||||
"lastModified": "2024-01-31T14:05:19.990",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:00:58.837",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,11 +14,75 @@
|
||||
"value": "Vulnerabilidad de desbordamiento de enteros en Mbed TLS 2.x anterior a 2.28.7 y 3.x anterior a 3.5.2 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de mbedtls_x509_set_extension()."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-190"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "2.0.0",
|
||||
"versionEndExcluding": "2.28.7",
|
||||
"matchCriteriaId": "E5465284-4EA3-4126-9130-374140F24FB5"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:arm:mbed_tls:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "3.0.0",
|
||||
"versionEndExcluding": "3.5.2",
|
||||
"matchCriteriaId": "7B335AD2-884E-4C89-8366-6BF91036BB1B"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-23917",
|
||||
"sourceIdentifier": "cve@jetbrains.com",
|
||||
"published": "2024-02-06T10:15:09.280",
|
||||
"lastModified": "2024-02-06T13:53:38.513",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:05:22.180",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
},
|
||||
{
|
||||
"source": "cve@jetbrains.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-306"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "cve@jetbrains.com",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +80,31 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "2023.11.3",
|
||||
"matchCriteriaId": "8A42DE00-46DF-4A6D-A913-539C6054945B"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
|
||||
"source": "cve@jetbrains.com"
|
||||
"source": "cve@jetbrains.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,87 @@
|
||||
"id": "CVE-2024-24001",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-07T00:15:56.443",
|
||||
"lastModified": "2024-02-07T01:11:27.753",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:25.807",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. a trav\u00e9s de la funci\u00f3n com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() de jshERP que permite a un atacante construir un payload malicioso para evitar el mecanismo de protecci\u00f3n de jshERP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/jishenghua/jshERP/issues/99",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,86 @@
|
||||
"id": "CVE-2024-24002",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-07T00:15:56.503",
|
||||
"lastModified": "2024-02-07T01:11:27.753",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:13.973",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. La funci\u00f3n com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() de jshERP no filtra los par\u00e1metros de `columna` y `orden` lo suficientemente bien, y un atacante puede construir un payload malicioso para eludir los de jshERP. Mecanismo de protecci\u00f3n en el m\u00e9todo `safeSqlParse` para inyecci\u00f3n SQL."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24002.txt",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/jishenghua/jshERP/issues/99",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,23 +2,87 @@
|
||||
"id": "CVE-2024-24004",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-07T00:15:56.550",
|
||||
"lastModified": "2024-02-07T01:11:27.753",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T02:10:07.263",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "jshERP v3.3 es vulnerable a la inyecci\u00f3n SQL. La funci\u00f3n com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() de jshERP no filtra los par\u00e1metros de `columna` y `orden` lo suficientemente bien, y un atacante puede construir un payload malicioso para eludir los par\u00e1metros de jshERP Mecanismo de protecci\u00f3n en el m\u00e9todo `safeSqlParse` para inyecci\u00f3n SQL."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:jishenghua:jsherp:3.3:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "A549663F-7809-4723-9F1F-251DB15E31CA"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24004.txt",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/jishenghua/jshERP/issues/99",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit",
|
||||
"Issue Tracking",
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-24393",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T22:15:09.130",
|
||||
"lastModified": "2024-02-08T22:15:09.130",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,27 +2,93 @@
|
||||
"id": "CVE-2024-24397",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-05T16:15:55.493",
|
||||
"lastModified": "2024-02-05T18:25:55.213",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2024-02-09T01:06:54.700",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross Site Scripting en Stimulsoft GmbH Stimulsoft Dashboard.JS anterior a v.2024.1.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo ReportName."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:stimulsoft:dashboards:*:*:*:*:*:node.js:*:*",
|
||||
"versionEndExcluding": "2024.1.2",
|
||||
"matchCriteriaId": "D5824CDC-F493-4CC0-A3C4-C21B21F8527B"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "http://stimulsoft.com",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Product"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://cves.at/posts/cve-2024-24397/writeup/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Exploit"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-24494",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T21:15:08.437",
|
||||
"lastModified": "2024-02-08T21:15:08.437",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-24495",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-08T21:15:08.490",
|
||||
"lastModified": "2024-02-08T21:15:08.490",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2024-02-09T01:37:59.330",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user