admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-17 08:38:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-11T21:55:24.901738+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-11 23:55:28 +02:00
parent f38ab1667b
commit 2abfdd102b
31 changed files with 2710 additions and 202 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
CVE-2019/CVE-2019-01xx/CVE-2019-0160.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2019-0160",
"sourceIdentifier": "secure@intel.com",
"published": "2019-03-27T20:29:03.927",
"lastModified": "2022-04-05T20:36:03.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-05-11T21:15:09.570",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access."
"value": "Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access.\n\n"
},
{
"lang": "es",
@ -35,6 +35,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8
}
],
"cvssMetricV2": [
@ -179,43 +199,8 @@
],
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00048.html",
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:2125",
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2019:3338",
"source": "secure@intel.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://edk2-docs.gitbooks.io/security-advisory/content/partitiondxe-and-udf-buffer-overflow.html",
"source": "secure@intel.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/",
"source": "secure@intel.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
"url": "https://tianocore-docs.github.io/SecurityAdvisory/draft/partitiondxe-and-udf-buffer-overflow.html",
"source": "secure@intel.com"
}
]
}

68
CVE-2020/CVE-2020-181xx/CVE-2020-18131.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2020-18131",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.000",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:38:11.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:clanscripts_project:clanscripts:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97AF85A3-2DB2-4D69-AED7-670DEBB21AED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/bluethrust/clanscripts",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bluethrust/clanscripts/issues/27",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2020/CVE-2020-210xx/CVE-2020-21038.json
View File

@ -2,23 +2,81 @@
"id": "CVE-2020-21038",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-08T14:15:10.283",
"lastModified": "2023-05-08T14:17:28.107",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:38:31.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typecho:typecho:1.1-17.10.30:*:*:*:*:*:*:*",
"matchCriteriaId": "89CD6CB0-3CAB-4AC6-B211-5FD6A42F3F47"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/typecho/typecho",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/typecho/typecho/issues/952",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

150
CVE-2022/CVE-2022-482xx/CVE-2022-48235.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48235",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.317",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:01:36.210",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-482xx/CVE-2022-48236.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48236",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.360",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:01:20.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-482xx/CVE-2022-48238.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48238",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.447",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:34:03.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-482xx/CVE-2022-48239.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48239",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.490",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:34:50.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-482xx/CVE-2022-48240.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48240",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:10.540",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:34:59.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-483xx/CVE-2022-48371.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48371",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.163",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:35:35.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-483xx/CVE-2022-48372.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48372",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.210",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:17:45.393",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-483xx/CVE-2022-48373.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48373",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.253",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:32:59.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

150
CVE-2022/CVE-2022-483xx/CVE-2022-48374.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2022-48374",
"sourceIdentifier": "security@unisoc.com",
"published": "2023-05-09T02:15:11.297",
"lastModified": "2023-05-09T12:46:35.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:33:35.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1654776866982133761",
"source": "security@unisoc.com"
"source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-26xx/CVE-2023-2662.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2662",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2023-05-11T21:15:09.873",
"lastModified": "2023-05-11T21:15:09.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-369"
}
]
}
],
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42505",
"source": "xpdf@xpdfreader.com"
}
]
}

55
CVE-2023/CVE-2023-26xx/CVE-2023-2663.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2663",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2023-05-11T21:15:10.043",
"lastModified": "2023-05-11T21:15:10.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42421",
"source": "xpdf@xpdfreader.com"
}
]
}

55
CVE-2023/CVE-2023-26xx/CVE-2023-2664.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-2664",
"sourceIdentifier": "xpdf@xpdfreader.com",
"published": "2023-05-11T21:15:10.137",
"lastModified": "2023-05-11T21:15:10.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\u00a0In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.4,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "xpdf@xpdfreader.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "https://forum.xpdfreader.com/viewtopic.php?t=42422",
"source": "xpdf@xpdfreader.com"
}
]
}

59
CVE-2023/CVE-2023-275xx/CVE-2023-27554.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-27554",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-11T20:15:09.227",
"lastModified": "2023-05-11T20:15:09.227",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/249185",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6989451",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-278xx/CVE-2023-27870.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-27870",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-05-11T20:15:09.327",
"lastModified": "2023-05-11T20:15:09.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nIBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://https://exchange.xforce.ibmcloud.com/vulnerabilities/249518",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/6985697",
"source": "psirt@us.ibm.com"
}
]
}

65
CVE-2023/CVE-2023-279xx/CVE-2023-27934.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-27934",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.367",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:35:24.627",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

91
CVE-2023/CVE-2023-279xx/CVE-2023-27935.json
View File

@ -2,27 +2,106 @@
"id": "CVE-2023-27935",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.423",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:35:40.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

109
CVE-2023/CVE-2023-279xx/CVE-2023-27936.json
View File

@ -2,31 +2,126 @@
"id": "CVE-2023-27936",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.493",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:36:01.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

133
CVE-2023/CVE-2023-279xx/CVE-2023-27937.json
View File

@ -2,39 +2,154 @@
"id": "CVE-2023-27937",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.550",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:36:18.677",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "4895F6FE-9045-4243-BECA-D63037F63516"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "3C93428C-C9B4-464F-8A4A-0CE8D7BB2BAA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213675",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-279xx/CVE-2023-27938.json
View File

@ -2,19 +2,76 @@
"id": "CVE-2023-27938",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.610",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:36:36.733",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.4.8",
"matchCriteriaId": "2987DF50-8922-494F-A10B-D41224B412F3"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213650",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

83
CVE-2023/CVE-2023-279xx/CVE-2023-27941.json
View File

@ -2,23 +2,96 @@
"id": "CVE-2023-27941",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.670",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:36:55.917",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "6342B4CB-4D7D-4FBD-8A5E-E3DABDC7770E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.7.4",
"matchCriteriaId": "C75E4307-6CF3-4835-8E5F-96BF060658C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.3",
"matchCriteriaId": "F58DAF22-8807-445A-AD05-8510829526CB"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213673",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

120
CVE-2023/CVE-2023-279xx/CVE-2023-27942.json
View File

@ -2,35 +2,139 @@
"id": "CVE-2023-27942",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-05-08T20:15:17.733",
"lastModified": "2023-05-09T12:47:05.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-11T20:37:09.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "EE68C5EC-5829-481D-BFF7-0A501018A3CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "F02C0CA5-8ABA-48C7-BCAE-5CF25435DF87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.6.4",
"matchCriteriaId": "108A5DD5-4943-4F53-A193-780841B56344"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.3",
"matchCriteriaId": "A6D636F7-278A-491B-8960-91A4D5A86A96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.4",
"matchCriteriaId": "B55C90FB-21A2-4066-9FFD-04ABA57E68F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.4",
"matchCriteriaId": "B5DA93B3-CA76-4932-84EE-40445A6505EA"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/HT213670",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213674",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213676",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213677",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT213678",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-291xx/CVE-2023-29195.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2023-29195",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-11T20:15:09.403",
"lastModified": "2023-05-11T20:15:09.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://github.com/vitessio/vitess/commit/9dcbd7de3180f47e94f54989fb5c66daea00c920",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vitessio/vitess/issues/12842",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vitessio/vitess/pull/12843",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vitessio/vitess/releases/tag/v16.0.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vitessio/vitess/security/advisories/GHSA-pqj7-jx24-wj7w",
"source": "security-advisories@github.com"
},
{
"url": "https://pkg.go.dev/vitess.io/vitess@v0.16.2",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-297xx/CVE-2023-29791.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-29791",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T21:15:09.807",
"lastModified": "2023-05-11T21:15:09.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.mo60.cn/index.php/archives/kodbox-xss.html",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-311xx/CVE-2023-31146.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-31146",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-11T21:15:10.240",
"lastModified": "2023-05-11T21:15:10.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/commit/4f8289a81206f767df1900ac48f485d90fc87edb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-3p37-3636-q8wv",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2023/CVE-2023-314xx/CVE-2023-31497.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-31497",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-11T21:15:10.340",
"lastModified": "2023-05-11T21:15:10.340",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/0xInfection/EPScalate",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-320xx/CVE-2023-32058.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32058",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-11T21:15:10.397",
"lastModified": "2023-05-11T21:15:10.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/commit/3de1415ee77a9244eb04bdb695e249d3ec9ed868",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6r8q-pfpv-7cgj",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2023/CVE-2023-320xx/CVE-2023-32082.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2023-32082",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-11T20:15:09.500",
"lastModified": "2023-05-11T20:15:09.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.4.md",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/etcd-io/etcd/blob/main/CHANGELOG/CHANGELOG-3.5.md",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/etcd-io/etcd/pull/15656",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/etcd-io/etcd/security/advisories/GHSA-3p4g-rcw5-8298",
"source": "security-advisories@github.com"
}
]
}

108
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-05-11T20:00:24.538776+00:00
2023-05-11T21:55:24.901738+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-05-11T19:20:28.837000+00:00
2023-05-11T21:15:10.397000+00:00
```
### Last Data Feed Release
@ -29,87 +29,49 @@ Download and Changelog: [Click](releases/latest)
### Total Number of included CVEs
```plain
214932
214943
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `11`
* [CVE-2023-1834](CVE-2023/CVE-2023-18xx/CVE-2023-1834.json) (`2023-05-11T19:15:09.283`)
* [CVE-2023-2443](CVE-2023/CVE-2023-24xx/CVE-2023-2443.json) (`2023-05-11T19:15:09.377`)
* [CVE-2023-2444](CVE-2023/CVE-2023-24xx/CVE-2023-2444.json) (`2023-05-11T19:15:09.437`)
* [CVE-2023-25309](CVE-2023/CVE-2023-253xx/CVE-2023-25309.json) (`2023-05-11T18:15:12.360`)
* [CVE-2023-29022](CVE-2023/CVE-2023-290xx/CVE-2023-29022.json) (`2023-05-11T18:15:13.023`)
* [CVE-2023-29023](CVE-2023/CVE-2023-290xx/CVE-2023-29023.json) (`2023-05-11T18:15:13.163`)
* [CVE-2023-29024](CVE-2023/CVE-2023-290xx/CVE-2023-29024.json) (`2023-05-11T18:15:13.240`)
* [CVE-2023-29025](CVE-2023/CVE-2023-290xx/CVE-2023-29025.json) (`2023-05-11T18:15:13.323`)
* [CVE-2023-29026](CVE-2023/CVE-2023-290xx/CVE-2023-29026.json) (`2023-05-11T18:15:13.420`)
* [CVE-2023-29027](CVE-2023/CVE-2023-290xx/CVE-2023-29027.json) (`2023-05-11T18:15:13.517`)
* [CVE-2023-29028](CVE-2023/CVE-2023-290xx/CVE-2023-29028.json) (`2023-05-11T18:15:13.610`)
* [CVE-2023-29029](CVE-2023/CVE-2023-290xx/CVE-2023-29029.json) (`2023-05-11T18:15:13.677`)
* [CVE-2023-29030](CVE-2023/CVE-2023-290xx/CVE-2023-29030.json) (`2023-05-11T18:15:13.770`)
* [CVE-2023-29031](CVE-2023/CVE-2023-290xx/CVE-2023-29031.json) (`2023-05-11T18:15:13.843`)
* [CVE-2023-30394](CVE-2023/CVE-2023-303xx/CVE-2023-30394.json) (`2023-05-11T19:15:09.497`)
* [CVE-2023-2662](CVE-2023/CVE-2023-26xx/CVE-2023-2662.json) (`2023-05-11T21:15:09.873`)
* [CVE-2023-2663](CVE-2023/CVE-2023-26xx/CVE-2023-2663.json) (`2023-05-11T21:15:10.043`)
* [CVE-2023-2664](CVE-2023/CVE-2023-26xx/CVE-2023-2664.json) (`2023-05-11T21:15:10.137`)
* [CVE-2023-27554](CVE-2023/CVE-2023-275xx/CVE-2023-27554.json) (`2023-05-11T20:15:09.227`)
* [CVE-2023-27870](CVE-2023/CVE-2023-278xx/CVE-2023-27870.json) (`2023-05-11T20:15:09.327`)
* [CVE-2023-29195](CVE-2023/CVE-2023-291xx/CVE-2023-29195.json) (`2023-05-11T20:15:09.403`)
* [CVE-2023-29791](CVE-2023/CVE-2023-297xx/CVE-2023-29791.json) (`2023-05-11T21:15:09.807`)
* [CVE-2023-31146](CVE-2023/CVE-2023-311xx/CVE-2023-31146.json) (`2023-05-11T21:15:10.240`)
* [CVE-2023-31497](CVE-2023/CVE-2023-314xx/CVE-2023-31497.json) (`2023-05-11T21:15:10.340`)
* [CVE-2023-32058](CVE-2023/CVE-2023-320xx/CVE-2023-32058.json) (`2023-05-11T21:15:10.397`)
* [CVE-2023-32082](CVE-2023/CVE-2023-320xx/CVE-2023-32082.json) (`2023-05-11T20:15:09.500`)
### CVEs modified in the last Commit
Recently modified CVEs: `53`
Recently modified CVEs: `19`
* [CVE-2022-22313](CVE-2022/CVE-2022-223xx/CVE-2022-22313.json) (`2023-05-11T18:24:20.833`)
* [CVE-2022-34670](CVE-2022/CVE-2022-346xx/CVE-2022-34670.json) (`2023-05-11T18:15:09.800`)
* [CVE-2022-34674](CVE-2022/CVE-2022-346xx/CVE-2022-34674.json) (`2023-05-11T18:15:09.957`)
* [CVE-2022-34675](CVE-2022/CVE-2022-346xx/CVE-2022-34675.json) (`2023-05-11T18:15:10.070`)
* [CVE-2022-34677](CVE-2022/CVE-2022-346xx/CVE-2022-34677.json) (`2023-05-11T18:15:10.167`)
* [CVE-2022-34680](CVE-2022/CVE-2022-346xx/CVE-2022-34680.json) (`2023-05-11T18:15:10.287`)
* [CVE-2022-4118](CVE-2022/CVE-2022-41xx/CVE-2022-4118.json) (`2023-05-11T18:20:40.990`)
* [CVE-2022-42257](CVE-2022/CVE-2022-422xx/CVE-2022-42257.json) (`2023-05-11T18:15:10.413`)
* [CVE-2022-42258](CVE-2022/CVE-2022-422xx/CVE-2022-42258.json) (`2023-05-11T18:15:10.540`)
* [CVE-2022-42259](CVE-2022/CVE-2022-422xx/CVE-2022-42259.json) (`2023-05-11T18:15:10.693`)
* [CVE-2022-43769](CVE-2022/CVE-2022-437xx/CVE-2022-43769.json) (`2023-05-11T18:15:10.847`)
* [CVE-2022-43877](CVE-2022/CVE-2022-438xx/CVE-2022-43877.json) (`2023-05-11T18:22:32.347`)
* [CVE-2022-43939](CVE-2022/CVE-2022-439xx/CVE-2022-43939.json) (`2023-05-11T18:15:11.000`)
* [CVE-2022-45065](CVE-2022/CVE-2022-450xx/CVE-2022-45065.json) (`2023-05-11T18:29:25.107`)
* [CVE-2022-46081](CVE-2022/CVE-2022-460xx/CVE-2022-46081.json) (`2023-05-11T19:15:09.200`)
* [CVE-2022-47437](CVE-2022/CVE-2022-474xx/CVE-2022-47437.json) (`2023-05-11T18:29:03.820`)
* [CVE-2022-47439](CVE-2022/CVE-2022-474xx/CVE-2022-47439.json) (`2023-05-11T18:28:50.673`)
* [CVE-2022-48237](CVE-2022/CVE-2022-482xx/CVE-2022-48237.json) (`2023-05-11T19:20:28.837`)
* [CVE-2023-0008](CVE-2023/CVE-2023-00xx/CVE-2023-0008.json) (`2023-05-11T18:15:11.093`)
* [CVE-2023-0267](CVE-2023/CVE-2023-02xx/CVE-2023-0267.json) (`2023-05-11T18:15:16.573`)
* [CVE-2023-0268](CVE-2023/CVE-2023-02xx/CVE-2023-0268.json) (`2023-05-11T18:12:06.047`)
* [CVE-2023-1649](CVE-2023/CVE-2023-16xx/CVE-2023-1649.json) (`2023-05-11T18:53:04.560`)
* [CVE-2023-1651](CVE-2023/CVE-2023-16xx/CVE-2023-1651.json) (`2023-05-11T18:52:54.370`)
* [CVE-2023-1660](CVE-2023/CVE-2023-16xx/CVE-2023-1660.json) (`2023-05-11T18:50:04.077`)
* [CVE-2023-1806](CVE-2023/CVE-2023-18xx/CVE-2023-1806.json) (`2023-05-11T18:56:50.760`)
* [CVE-2023-21776](CVE-2023/CVE-2023-217xx/CVE-2023-21776.json) (`2023-05-11T18:15:12.250`)
* [CVE-2023-22710](CVE-2023/CVE-2023-227xx/CVE-2023-22710.json) (`2023-05-11T19:06:29.917`)
* [CVE-2023-23894](CVE-2023/CVE-2023-238xx/CVE-2023-23894.json) (`2023-05-11T19:08:44.543`)
* [CVE-2023-24376](CVE-2023/CVE-2023-243xx/CVE-2023-24376.json) (`2023-05-11T19:08:28.000`)
* [CVE-2023-24408](CVE-2023/CVE-2023-244xx/CVE-2023-24408.json) (`2023-05-11T19:01:08.147`)
* [CVE-2023-2560](CVE-2023/CVE-2023-25xx/CVE-2023-2560.json) (`2023-05-11T18:27:40.423`)
* [CVE-2023-28248](CVE-2023/CVE-2023-282xx/CVE-2023-28248.json) (`2023-05-11T18:15:12.443`)
* [CVE-2023-28271](CVE-2023/CVE-2023-282xx/CVE-2023-28271.json) (`2023-05-11T18:15:12.650`)
* [CVE-2023-28293](CVE-2023/CVE-2023-282xx/CVE-2023-28293.json) (`2023-05-11T18:15:12.817`)
* [CVE-2023-28493](CVE-2023/CVE-2023-284xx/CVE-2023-28493.json) (`2023-05-11T18:59:41.717`)
* [CVE-2023-29085](CVE-2023/CVE-2023-290xx/CVE-2023-29085.json) (`2023-05-11T18:15:13.953`)
* [CVE-2023-29086](CVE-2023/CVE-2023-290xx/CVE-2023-29086.json) (`2023-05-11T18:15:14.200`)
* [CVE-2023-29087](CVE-2023/CVE-2023-290xx/CVE-2023-29087.json) (`2023-05-11T18:15:14.300`)
* [CVE-2023-29088](CVE-2023/CVE-2023-290xx/CVE-2023-29088.json) (`2023-05-11T18:15:14.563`)
* [CVE-2023-29089](CVE-2023/CVE-2023-290xx/CVE-2023-29089.json) (`2023-05-11T18:15:14.927`)
* [CVE-2023-29090](CVE-2023/CVE-2023-290xx/CVE-2023-29090.json) (`2023-05-11T18:15:15.277`)
* [CVE-2023-29091](CVE-2023/CVE-2023-290xx/CVE-2023-29091.json) (`2023-05-11T18:15:15.443`)
* [CVE-2023-29932](CVE-2023/CVE-2023-299xx/CVE-2023-29932.json) (`2023-05-11T18:02:30.523`)
* [CVE-2023-29933](CVE-2023/CVE-2023-299xx/CVE-2023-29933.json) (`2023-05-11T18:06:22.817`)
* [CVE-2023-29934](CVE-2023/CVE-2023-299xx/CVE-2023-29934.json) (`2023-05-11T18:13:33.977`)
* [CVE-2023-29935](CVE-2023/CVE-2023-299xx/CVE-2023-29935.json) (`2023-05-11T18:17:06.773`)
* [CVE-2023-29939](CVE-2023/CVE-2023-299xx/CVE-2023-29939.json) (`2023-05-11T18:19:39.167`)
* [CVE-2023-29941](CVE-2023/CVE-2023-299xx/CVE-2023-29941.json) (`2023-05-11T18:23:11.180`)
* [CVE-2023-29942](CVE-2023/CVE-2023-299xx/CVE-2023-29942.json) (`2023-05-11T18:23:44.497`)
* [CVE-2023-30053](CVE-2023/CVE-2023-300xx/CVE-2023-30053.json) (`2023-05-11T18:31:11.017`)
* [CVE-2023-30054](CVE-2023/CVE-2023-300xx/CVE-2023-30054.json) (`2023-05-11T18:38:32.380`)
* [CVE-2023-30434](CVE-2023/CVE-2023-304xx/CVE-2023-30434.json) (`2023-05-11T18:45:43.990`)
* [CVE-2023-31183](CVE-2023/CVE-2023-311xx/CVE-2023-31183.json) (`2023-05-11T19:09:15.927`)
* [CVE-2019-0160](CVE-2019/CVE-2019-01xx/CVE-2019-0160.json) (`2023-05-11T21:15:09.570`)
* [CVE-2020-18131](CVE-2020/CVE-2020-181xx/CVE-2020-18131.json) (`2023-05-11T20:38:11.717`)
* [CVE-2020-21038](CVE-2020/CVE-2020-210xx/CVE-2020-21038.json) (`2023-05-11T20:38:31.283`)
* [CVE-2022-48235](CVE-2022/CVE-2022-482xx/CVE-2022-48235.json) (`2023-05-11T20:01:36.210`)
* [CVE-2022-48236](CVE-2022/CVE-2022-482xx/CVE-2022-48236.json) (`2023-05-11T20:01:20.830`)
* [CVE-2022-48238](CVE-2022/CVE-2022-482xx/CVE-2022-48238.json) (`2023-05-11T20:34:03.250`)
* [CVE-2022-48239](CVE-2022/CVE-2022-482xx/CVE-2022-48239.json) (`2023-05-11T20:34:50.593`)
* [CVE-2022-48240](CVE-2022/CVE-2022-482xx/CVE-2022-48240.json) (`2023-05-11T20:34:59.237`)
* [CVE-2022-48371](CVE-2022/CVE-2022-483xx/CVE-2022-48371.json) (`2023-05-11T20:35:35.713`)
* [CVE-2022-48372](CVE-2022/CVE-2022-483xx/CVE-2022-48372.json) (`2023-05-11T20:17:45.393`)
* [CVE-2022-48373](CVE-2022/CVE-2022-483xx/CVE-2022-48373.json) (`2023-05-11T20:32:59.337`)
* [CVE-2022-48374](CVE-2022/CVE-2022-483xx/CVE-2022-48374.json) (`2023-05-11T20:33:35.387`)
* [CVE-2023-27934](CVE-2023/CVE-2023-279xx/CVE-2023-27934.json) (`2023-05-11T20:35:24.627`)
* [CVE-2023-27935](CVE-2023/CVE-2023-279xx/CVE-2023-27935.json) (`2023-05-11T20:35:40.257`)
* [CVE-2023-27936](CVE-2023/CVE-2023-279xx/CVE-2023-27936.json) (`2023-05-11T20:36:01.177`)
* [CVE-2023-27937](CVE-2023/CVE-2023-279xx/CVE-2023-27937.json) (`2023-05-11T20:36:18.677`)
* [CVE-2023-27938](CVE-2023/CVE-2023-279xx/CVE-2023-27938.json) (`2023-05-11T20:36:36.733`)
* [CVE-2023-27941](CVE-2023/CVE-2023-279xx/CVE-2023-27941.json) (`2023-05-11T20:36:55.917`)
* [CVE-2023-27942](CVE-2023/CVE-2023-279xx/CVE-2023-27942.json) (`2023-05-11T20:37:09.790`)
## Download and Usage