admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-20T02:00:46.310594+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-20 02:00:49 +00:00
parent a7399acc87
commit 2b32a14b2d
48 changed files with 4129 additions and 210 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
CVE-2020/CVE-2020-200xx/CVE-2020-20021.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2020-20021", "id": "CVE-2020-20021",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T13:15:09.060", "published": "2023-07-12T13:15:09.060",
"lastModified": "2023-07-12T13:56:22.010", "lastModified": "2023-07-20T01:14:20.887",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon." "value": "An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*",
"versionEndIncluding": "6.46.3",
"matchCriteriaId": "0FE16B96-C8E2-414D-949C-693087370840"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://mikrotik.com", "url": "http://mikrotik.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "http://router.com", "url": "http://router.com",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
}, },
{ {
"url": "https://www.exploit-db.com/exploits/48228", "url": "https://www.exploit-db.com/exploits/48228",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

59
CVE-2022/CVE-2022-287xx/CVE-2022-28733.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-28733",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-20T01:15:10.140",
"lastModified": "2023-07-20T01:15:10.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28733",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"source": "security@ubuntu.com"
}
]
}

47
CVE-2022/CVE-2022-287xx/CVE-2022-28734.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-28734",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-20T01:15:10.243",
"lastModified": "2023-07-20T01:15:10.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28734",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"source": "security@ubuntu.com"
}
]
}

47
CVE-2022/CVE-2022-287xx/CVE-2022-28735.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-28735",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-20T01:15:10.320",
"lastModified": "2023-07-20T01:15:10.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28735",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"source": "security@ubuntu.com"
}
]
}

47
CVE-2022/CVE-2022-287xx/CVE-2022-28736.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-28736",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-20T01:15:10.400",
"lastModified": "2023-07-20T01:15:10.400",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28736",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"source": "security@ubuntu.com"
}
]
}

47
CVE-2022/CVE-2022-287xx/CVE-2022-28737.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2022-28737",
"sourceIdentifier": "security@ubuntu.com",
"published": "2023-07-20T01:15:10.473",
"lastModified": "2023-07-20T01:15:10.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28737",
"source": "security@ubuntu.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2022/06/07/5",
"source": "security@ubuntu.com"
}
]
}

49
CVE-2022/CVE-2022-420xx/CVE-2022-42009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42009", "id": "CVE-2022-42009",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-07-12T10:15:09.447", "published": "2023-07-12T10:15:09.447",
"lastModified": "2023-07-12T12:46:11.343", "lastModified": "2023-07-20T01:22:32.963",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,33 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.7",
"matchCriteriaId": "1CBE8084-8AA5-47EA-A0DE-2725AAB7FEC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc", "url": "https://lists.apache.org/thread/6xf477ttz1oxmg0bx0tpdoz2mlqd7sbc",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
} }
] ]
} }

48
CVE-2022/CVE-2022-458xx/CVE-2022-45855.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45855", "id": "CVE-2022-45855",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-07-12T10:15:09.547", "published": "2023-07-12T10:15:09.547",
"lastModified": "2023-07-12T12:46:11.343", "lastModified": "2023-07-20T01:19:07.767",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:ambari:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.7.0",
"versionEndExcluding": "2.7.7",
"matchCriteriaId": "1CBE8084-8AA5-47EA-A0DE-2725AAB7FEC6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1", "url": "https://lists.apache.org/thread/302c4hwfjy9lx63jrbhcdx948pxc54l1",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-244xx/CVE-2023-24492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24492", "id": "CVE-2023-24492",
"sourceIdentifier": "secure@citrix.com", "sourceIdentifier": "secure@citrix.com",
"published": "2023-07-11T22:15:09.817", "published": "2023-07-11T22:15:09.817",
"lastModified": "2023-07-12T12:46:41.413", "lastModified": "2023-07-20T01:49:10.613",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{ {
"source": "secure@citrix.com", "source": "secure@citrix.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{ {
"source": "secure@citrix.com", "source": "secure@citrix.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,43 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "23.5.2",
"matchCriteriaId": "E7BCE71C-4A98-43E1-BCB0-DB92CE369902"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:-:*:*:*:*:*:*:*",
"matchCriteriaId": "019A2188-0877-45DE-8512-F0BF70DD179C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492", "url": "https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492",
"source": "secure@citrix.com" "source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

58
CVE-2023/CVE-2023-27xx/CVE-2023-2762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2762", "id": "CVE-2023-2762",
"sourceIdentifier": "3DS.Information-Security@3ds.com", "sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-07-12T08:15:09.953", "published": "2023-07-12T08:15:09.953",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:49:48.370",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "3DS.Information-Security@3ds.com", "source": "3DS.Information-Security@3ds.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{ {
"source": "3DS.Information-Security@3ds.com", "source": "3DS.Information-Security@3ds.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +76,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2021",
"versionEndIncluding": "2023",
"matchCriteriaId": "DEDAD2EF-39E2-4F55-ADCD-8B7FBFA2E2AA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.3ds.com/vulnerability/advisories", "url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com" "source": "3DS.Information-Security@3ds.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

62
CVE-2023/CVE-2023-27xx/CVE-2023-2763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2763", "id": "CVE-2023-2763",
"sourceIdentifier": "3DS.Information-Security@3ds.com", "sourceIdentifier": "3DS.Information-Security@3ds.com",
"published": "2023-07-12T08:15:10.010", "published": "2023-07-12T08:15:10.010",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:56:00.570",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "3DS.Information-Security@3ds.com", "source": "3DS.Information-Security@3ds.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,20 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-787"
}
]
},
{ {
"source": "3DS.Information-Security@3ds.com", "source": "3DS.Information-Security@3ds.com",
"type": "Secondary", "type": "Secondary",
@ -50,10 +84,32 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:3ds:3dexperience_solidworks:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2021",
"versionEndIncluding": "2023",
"matchCriteriaId": "DEDAD2EF-39E2-4F55-ADCD-8B7FBFA2E2AA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.3ds.com/vulnerability/advisories", "url": "https://www.3ds.com/vulnerability/advisories",
"source": "3DS.Information-Security@3ds.com" "source": "3DS.Information-Security@3ds.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30928.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30928", "id": "CVE-2023-30928",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.417", "published": "2023-07-12T09:15:11.417",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:56:16.403",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges." "value": "In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30932.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30932", "id": "CVE-2023-30932",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.570", "published": "2023-07-12T09:15:11.570",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:29:14.670",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30933.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30933", "id": "CVE-2023-30933",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.610", "published": "2023-07-12T09:15:11.610",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:33:36.287",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30934.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30934", "id": "CVE-2023-30934",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.650", "published": "2023-07-12T09:15:11.650",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:44:03.677",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30935.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30935", "id": "CVE-2023-30935",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.690", "published": "2023-07-12T09:15:11.690",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:47:56.880",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30936.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30936", "id": "CVE-2023-30936",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.730", "published": "2023-07-12T09:15:11.730",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:47:35.127",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30937.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30937", "id": "CVE-2023-30937",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.773", "published": "2023-07-12T09:15:11.773",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:46:05.337",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30938.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30938", "id": "CVE-2023-30938",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.810", "published": "2023-07-12T09:15:11.810",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:55:49.427",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30939.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30939", "id": "CVE-2023-30939",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.860", "published": "2023-07-12T09:15:11.860",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:56:36.267",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30940.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30940", "id": "CVE-2023-30940",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.903", "published": "2023-07-12T09:15:11.903",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:53:12.603",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-309xx/CVE-2023-30941.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-30941", "id": "CVE-2023-30941",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:11.947", "published": "2023-07-12T09:15:11.947",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:50:32.973",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed." "value": "In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-30xx/CVE-2023-3072.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3072",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-07-20T00:15:10.347",
"lastModified": "2023-07-20T00:15:10.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-20-nomad-acl-policies-without-label-are-applied-to-unexpected-resources/56270",
"source": "security@hashicorp.com"
}
]
}

71
CVE-2023/CVE-2023-31xx/CVE-2023-3108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3108", "id": "CVE-2023-3108",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-11T16:15:12.083", "published": "2023-07-11T16:15:12.083",
"lastModified": "2023-07-11T16:16:52.790", "lastModified": "2023-07-20T01:56:37.593",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -34,18 +54,59 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.0",
"matchCriteriaId": "DC9EC537-FFAB-44B8-BED0-01722C0D9A01"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-3108", "url": "https://access.redhat.com/security/cve/CVE-2023-3108",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221472", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221472",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/torvalds/linux/commit/9399f0c51489ae8c16d6559b82a452fdc1895e91", "url": "https://github.com/torvalds/linux/commit/9399f0c51489ae8c16d6559b82a452fdc1895e91",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Patch"
]
} }
] ]
} }

181
CVE-2023/CVE-2023-31xx/CVE-2023-3127.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3127", "id": "CVE-2023-3127",
"sourceIdentifier": "productsecurity@jci.com", "sourceIdentifier": "productsecurity@jci.com",
"published": "2023-07-11T22:15:09.907", "published": "2023-07-11T22:15:09.907",
"lastModified": "2023-07-12T12:46:41.413", "lastModified": "2023-07-20T01:49:31.853",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "productsecurity@jci.com", "source": "productsecurity@jci.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +55,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{ {
"source": "productsecurity@jci.com", "source": "productsecurity@jci.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +76,157 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.6",
"versionEndExcluding": "6.9.2",
"matchCriteriaId": "C49B542F-166F-4385-B910-705064C5B109"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_firmware:6.9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7AF26AC6-083F-4BB3-86AF-8730E2BFD397"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F89B3465-8274-49E5-8290-1893B4C2AC07"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.6",
"versionEndExcluding": "6.9.2",
"matchCriteriaId": "C9D2D8D5-A67D-45DD-A718-37C29D633931"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_lt_firmware:6.9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "5294AD55-D524-4E5A-ACEC-7685974A9415"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_lt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A759A7FA-5AEA-48D8-B40E-B0DA7223F0F4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"matchCriteriaId": "85B7CE5A-A2A1-4433-B85A-8B6255B3D657"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:istar_ultra_g2_firmware:6.9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "7A3A4BDF-12FE-43C9-8CD4-0CA764E08175"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:istar_ultra_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A148D700-5542-473A-B88F-849180658787"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.2",
"matchCriteriaId": "6D26CC65-9CCF-41A5-BC1B-2AAFAF9393E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:johnsoncontrols:edge_g2_firmware:6.9.2:-:*:*:*:*:*:*",
"matchCriteriaId": "C629C7CF-4372-494D-8B1C-CC4795356E03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:johnsoncontrols:edge_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95BBCCE7-3098-41B0-A388-53E3DA9A29B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-192-02",
"source": "productsecurity@jci.com" "source": "productsecurity@jci.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}, },
{ {
"url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories", "url": "https://www.johnsoncontrols.com/cyber-solutions/security-advisories",
"source": "productsecurity@jci.com" "source": "productsecurity@jci.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

59
CVE-2023/CVE-2023-322xx/CVE-2023-32200.json
View File

@ -2,15 +2,38 @@
"id": "CVE-2023-32200", "id": "CVE-2023-32200",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-07-12T08:15:10.070", "published": "2023-07-12T08:15:10.070",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:05:41.153",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "There is insufficient restrictions of called script functions in Apache Jena\n versions 4.8.0 and earlier. It allows a \nremote user to execute javascript via a SPARQL query.\nThis issue affects Apache Jena: from 3.7.0 through 4.8.0.\n\n" "value": "There is insufficient restrictions of called script functions in Apache Jena\n versions 4.8.0 and earlier. It allows a \nremote user to execute javascript via a SPARQL query.\nThis issue affects Apache Jena: from 3.7.0 through 4.8.0.\n\n"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
@ -23,14 +46,40 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:jena:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.0",
"versionEndIncluding": "4.8.0",
"matchCriteriaId": "16650542-BB5B-4572-862A-B3122A20D882"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z", "url": "https://lists.apache.org/thread/7hg0t2kws3fyr75dl7lll8389xzzc46z",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22665", "url": "https://www.cve.org/CVERecord?id=CVE-2023-22665",
"source": "security@apache.org" "source": "security@apache.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

97
CVE-2023/CVE-2023-32xx/CVE-2023-3269.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3269", "id": "CVE-2023-3269",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-11T12:15:10.047", "published": "2023-07-11T12:15:10.047",
"lastModified": "2023-07-12T03:15:09.210", "lastModified": "2023-07-20T01:56:56.217",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "secalert@redhat.com", "source": "secalert@redhat.com",
"type": "Secondary", "type": "Secondary",
@ -34,22 +54,87 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://access.redhat.com/security/cve/CVE-2023-3269", "url": "https://access.redhat.com/security/cve/CVE-2023-3269",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215268",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6AAA64CUPSMBW6XDTXPQJ3KQWYQ4K7L/",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.openwall.com/lists/oss-security/2023/07/05/1", "url": "https://www.openwall.com/lists/oss-security/2023/07/05/1",
"source": "secalert@redhat.com" "source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-32xx/CVE-2023-3299.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3299",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-07-20T00:15:10.447",
"lastModified": "2023-07-20T00:15:10.447",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nHashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-21-nomad-caller-acl-tokens-secret-id-is-exposed-to-sentinel/56271",
"source": "security@hashicorp.com"
}
]
}

150
CVE-2023/CVE-2023-339xx/CVE-2023-33903.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-33903", "id": "CVE-2023-33903",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:13.740", "published": "2023-07-12T09:15:13.740",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T01:36:29.007",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed." "value": "In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8001:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C19D81B8-E84D-4385-A4B5-B7914BBAFF33"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

145
CVE-2023/CVE-2023-339xx/CVE-2023-33904.json
View File

@ -2,19 +2,156 @@
"id": "CVE-2023-33904", "id": "CVE-2023-33904",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:14.267", "published": "2023-07-12T09:15:14.267",
"lastModified": "2023-07-12T12:46:11.343", "lastModified": "2023-07-20T01:35:11.450",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." "value": "In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

150
CVE-2023/CVE-2023-339xx/CVE-2023-33905.json
View File

@ -2,19 +2,161 @@
"id": "CVE-2023-33905", "id": "CVE-2023-33905",
"sourceIdentifier": "security@unisoc.com", "sourceIdentifier": "security@unisoc.com",
"published": "2023-07-12T09:15:14.483", "published": "2023-07-12T09:15:14.483",
"lastModified": "2023-07-12T12:46:11.343", "lastModified": "2023-07-20T01:31:40.953",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed." "value": "In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073", "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1676902764208259073",
"source": "security@unisoc.com" "source": "security@unisoc.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

55
CVE-2023/CVE-2023-33xx/CVE-2023-3300.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3300",
"sourceIdentifier": "security@hashicorp.com",
"published": "2023-07-20T00:15:10.527",
"lastModified": "2023-07-20T00:15:10.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272",
"source": "security@hashicorp.com"
}
]
}

78
CVE-2023/CVE-2023-368xx/CVE-2023-36825.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36825", "id": "CVE-2023-36825",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-11T18:15:20.417", "published": "2023-07-11T18:15:20.417",
"lastModified": "2023-07-18T13:15:11.907", "lastModified": "2023-07-20T01:47:19.413",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,64 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0.1",
"versionEndExcluding": "14.5.0",
"matchCriteriaId": "DF882026-A429-4924-B84E-29DD6A1F9990"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:14.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BC8FD5E1-EFAA-4123-A0A3-9EE96719643B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "2D9AF0E5-E01D-4032-AF71-6FC428232D26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "1B2F7B9C-98DC-43A5-8CFF-916CAEB67284"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "36C441C1-F1B6-46F7-96B8-F5BB222BCDB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:orchid:platform:14.0.0:alpha7:*:*:*:*:*:*",
"matchCriteriaId": "BDF364F5-A581-481C-9A21-F0FF2ABE6726"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/orchidsoftware/platform/releases/tag/14.5.0", "url": "https://github.com/orchidsoftware/platform/releases/tag/14.5.0",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p", "url": "https://github.com/orchidsoftware/platform/security/advisories/GHSA-ph6g-p72v-pc3p",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

54
CVE-2023/CVE-2023-36xx/CVE-2023-3641.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3641", "id": "CVE-2023-3641",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2023-07-12T17:15:08.960", "published": "2023-07-12T17:15:08.960",
"lastModified": "2023-07-12T17:58:08.637", "lastModified": "2023-07-20T01:59:35.997",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
@ -71,14 +93,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nodcms:nodcms:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F19C24DC-3C38-4ACB-9070-5BB865175D78"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://vuldb.com/?ctiid.233887", "url": "https://vuldb.com/?ctiid.233887",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?id.233887", "url": "https://vuldb.com/?id.233887",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-371xx/CVE-2023-37199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37199", "id": "CVE-2023-37199",
"sourceIdentifier": "cybersecurity@se.com", "sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T08:15:10.133", "published": "2023-07-12T08:15:10.133",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:40:11.960",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{ {
"source": "cybersecurity@se.com", "source": "cybersecurity@se.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:schneider-electric:struxureware_data_center_expert:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.9.3",
"matchCriteriaId": "DA0F4FA6-8C57-494B-B6AB-5CF125AFBAEE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf",
"source": "cybersecurity@se.com" "source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2023/CVE-2023-372xx/CVE-2023-37200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37200", "id": "CVE-2023-37200",
"sourceIdentifier": "cybersecurity@se.com", "sourceIdentifier": "cybersecurity@se.com",
"published": "2023-07-12T08:15:10.203", "published": "2023-07-12T08:15:10.203",
"lastModified": "2023-07-12T12:46:30.047", "lastModified": "2023-07-20T00:35:09.917",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{ {
"source": "cybersecurity@se.com", "source": "cybersecurity@se.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,36 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.01",
"matchCriteriaId": "89F38F9E-3BD3-4964-A940-89A54C2445BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:se:ecostruxure_opc_ua_server_expert:2.01:-:*:*:*:*:*:*",
"matchCriteriaId": "57255D20-34C7-45D8-9139-B61444E7AAD4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf", "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf",
"source": "cybersecurity@se.com" "source": "cybersecurity@se.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-376xx/CVE-2023-37630.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-37630", "id": "CVE-2023-37630",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-12T17:15:08.827", "published": "2023-07-12T17:15:08.827",
"lastModified": "2023-07-12T17:58:08.637", "lastModified": "2023-07-20T01:57:57.420",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to \"manage-breed.php\" resulting in Persistent XSS." "value": "Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to \"manage-breed.php\" resulting in Persistent XSS."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:simple_online_piggery_management_system_project:simple_online_piggery_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A096010-5E04-46F9-ADCA-8EE8C47B12E5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37630", "url": "https://github.com/1337kid/Piggery_CMS_multiple_vulns_PoC/tree/main/CVE-2023-37630",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html", "url": "https://www.sourcecodester.com/php/11814/online-pig-management-system-basic-free-version.html",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37942.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37942", "id": "CVE-2023-37942",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.007", "published": "2023-07-12T16:15:13.007",
"lastModified": "2023-07-13T23:15:11.263", "lastModified": "2023-07-20T01:47:00.227",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks." "value": "Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:external_monitor_job_type:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "206.v9a_94ff0b_4a_10",
"matchCriteriaId": "2D437D2D-FBA0-4E38-A17C-5957F68E80B2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3133", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3133",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37943.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37943", "id": "CVE-2023-37943",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.063", "published": "2023-07-12T16:15:13.063",
"lastModified": "2023-07-13T23:15:11.313", "lastModified": "2023-07-20T01:46:27.617",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins Active Directory Plugin 2.30 and earlier ignores the \"Require TLS\" and \"StartTls\" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials." "value": "Jenkins Active Directory Plugin 2.30 and earlier ignores the \"Require TLS\" and \"StartTls\" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:active_directory:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.30",
"matchCriteriaId": "FDD3FB1A-224D-4829-A9E0-B2944179F1FD"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3059",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37944.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37944", "id": "CVE-2023-37944",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.117", "published": "2023-07-12T16:15:13.117",
"lastModified": "2023-07-13T23:15:11.360", "lastModified": "2023-07-20T01:45:57.860",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." "value": "A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:datadog:*:*:*:*:*:jenkins:*:*",
"versionEndExcluding": "5.4.2",
"matchCriteriaId": "4DBDF1D1-EC9B-41C8-B865-E0F5627C68F4"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3130", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3130",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

71
CVE-2023/CVE-2023-379xx/CVE-2023-37945.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2023-37945", "id": "CVE-2023-37945",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.173", "published": "2023-07-12T16:15:13.173",
"lastModified": "2023-07-13T23:15:11.407", "lastModified": "2023-07-20T01:45:33.523",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm." "value": "A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:saml_single_sign_on:*:*:*:*:*:jenkins:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.3.1",
"matchCriteriaId": "E3FE8A76-84F1-4175-82AD-DA194A55B9E6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3164",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37951.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37951", "id": "CVE-2023-37951",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.473", "published": "2023-07-12T16:15:13.473",
"lastModified": "2023-07-13T23:15:11.687", "lastModified": "2023-07-20T01:45:11.257",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to." "value": "Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.0.46",
"matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3137%20(2)", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3137%20(2)",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37952.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37952", "id": "CVE-2023-37952",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.520", "published": "2023-07-12T16:15:13.520",
"lastModified": "2023-07-13T23:15:11.750", "lastModified": "2023-07-20T01:44:51.670",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.0.46",
"matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37953.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37953", "id": "CVE-2023-37953",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.573", "published": "2023-07-12T16:15:13.573",
"lastModified": "2023-07-13T23:15:11.793", "lastModified": "2023-07-20T01:44:38.133",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins." "value": "A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:mabl:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "0.0.46",
"matchCriteriaId": "B3FBDD36-B8F3-41BD-A956-FE096CA0CD01"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3127",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37954.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37954", "id": "CVE-2023-37954",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.620", "published": "2023-07-12T16:15:13.620",
"lastModified": "2023-07-13T23:15:11.840", "lastModified": "2023-07-20T01:43:50.643",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build." "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:rebuilder:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "320.v5a_0933a_e7d61",
"matchCriteriaId": "F446C1F1-A291-47B6-932D-65D96AD9B2AB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3033", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3033",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

70
CVE-2023/CVE-2023-379xx/CVE-2023-37955.json
View File

@ -2,23 +2,83 @@
"id": "CVE-2023-37955", "id": "CVE-2023-37955",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com", "sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2023-07-12T16:15:13.677", "published": "2023-07-12T16:15:13.677",
"lastModified": "2023-07-13T23:15:11.890", "lastModified": "2023-07-20T01:43:38.530",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials." "value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:test_results_aggregator:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.2.13",
"matchCriteriaId": "44A86C07-24C7-4842-9AB2-B9E94AB79B5F"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2023/07/12/2", "url": "http://www.openwall.com/lists/oss-security/2023/07/12/2",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3122", "url": "https://www.jenkins.io/security/advisory/2023-07-12/#SECURITY-3122",
"source": "jenkinsci-cert@googlegroups.com" "source": "jenkinsci-cert@googlegroups.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

47
CVE-2023/CVE-2023-380xx/CVE-2023-38061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38061", "id": "CVE-2023-38061",
"sourceIdentifier": "security@jetbrains.com", "sourceIdentifier": "security@jetbrains.com",
"published": "2023-07-12T13:15:09.237", "published": "2023-07-12T13:15:09.237",
"lastModified": "2023-07-12T13:56:22.010", "lastModified": "2023-07-20T01:09:12.387",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{ {
"source": "security@jetbrains.com", "source": "security@jetbrains.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +66,31 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:teamcity:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.05.1",
"matchCriteriaId": "46175D6A-9392-4ABE-983F-50501F7876A1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/", "url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "security@jetbrains.com" "source": "security@jetbrains.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

84
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-07-19T23:55:37.409361+00:00 2023-07-20T02:00:46.310594+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-07-19T22:15:11.380000+00:00 2023-07-20T01:59:35.997000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,60 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
220705 220713
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `16` Recently added CVEs: `8`
* [CVE-2023-37733](CVE-2023/CVE-2023-377xx/CVE-2023-37733.json) (`2023-07-19T19:15:11.947`) * [CVE-2022-28733](CVE-2022/CVE-2022-287xx/CVE-2022-28733.json) (`2023-07-20T01:15:10.140`)
* [CVE-2023-3466](CVE-2023/CVE-2023-34xx/CVE-2023-3466.json) (`2023-07-19T19:15:12.017`) * [CVE-2022-28734](CVE-2022/CVE-2022-287xx/CVE-2022-28734.json) (`2023-07-20T01:15:10.243`)
* [CVE-2023-3467](CVE-2023/CVE-2023-34xx/CVE-2023-3467.json) (`2023-07-19T19:15:12.110`) * [CVE-2022-28735](CVE-2022/CVE-2022-287xx/CVE-2022-28735.json) (`2023-07-20T01:15:10.320`)
* [CVE-2023-3674](CVE-2023/CVE-2023-36xx/CVE-2023-3674.json) (`2023-07-19T19:15:12.213`) * [CVE-2022-28736](CVE-2022/CVE-2022-287xx/CVE-2022-28736.json) (`2023-07-20T01:15:10.400`)
* [CVE-2023-37276](CVE-2023/CVE-2023-372xx/CVE-2023-37276.json) (`2023-07-19T20:15:10.603`) * [CVE-2022-28737](CVE-2022/CVE-2022-287xx/CVE-2022-28737.json) (`2023-07-20T01:15:10.473`)
* [CVE-2023-37899](CVE-2023/CVE-2023-378xx/CVE-2023-37899.json) (`2023-07-19T20:15:10.807`) * [CVE-2023-3072](CVE-2023/CVE-2023-30xx/CVE-2023-3072.json) (`2023-07-20T00:15:10.347`)
* [CVE-2023-3722](CVE-2023/CVE-2023-37xx/CVE-2023-3722.json) (`2023-07-19T20:15:11.020`) * [CVE-2023-3299](CVE-2023/CVE-2023-32xx/CVE-2023-3299.json) (`2023-07-20T00:15:10.447`)
* [CVE-2023-3519](CVE-2023/CVE-2023-35xx/CVE-2023-3519.json) (`2023-07-19T18:15:11.513`) * [CVE-2023-3300](CVE-2023/CVE-2023-33xx/CVE-2023-3300.json) (`2023-07-20T00:15:10.527`)
* [CVE-2023-26217](CVE-2023/CVE-2023-262xx/CVE-2023-26217.json) (`2023-07-19T21:15:09.783`)
* [CVE-2023-3782](CVE-2023/CVE-2023-37xx/CVE-2023-3782.json) (`2023-07-19T21:15:10.093`)
* [CVE-2023-32657](CVE-2023/CVE-2023-326xx/CVE-2023-32657.json) (`2023-07-19T22:15:10.743`)
* [CVE-2023-34394](CVE-2023/CVE-2023-343xx/CVE-2023-34394.json) (`2023-07-19T22:15:10.983`)
* [CVE-2023-34429](CVE-2023/CVE-2023-344xx/CVE-2023-34429.json) (`2023-07-19T22:15:11.073`)
* [CVE-2023-35134](CVE-2023/CVE-2023-351xx/CVE-2023-35134.json) (`2023-07-19T22:15:11.170`)
* [CVE-2023-36853](CVE-2023/CVE-2023-368xx/CVE-2023-36853.json) (`2023-07-19T22:15:11.267`)
* [CVE-2023-37362](CVE-2023/CVE-2023-373xx/CVE-2023-37362.json) (`2023-07-19T22:15:11.380`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `40` Recently modified CVEs: `39`
* [CVE-2023-32315](CVE-2023/CVE-2023-323xx/CVE-2023-32315.json) (`2023-07-19T18:15:11.090`) * [CVE-2023-37955](CVE-2023/CVE-2023-379xx/CVE-2023-37955.json) (`2023-07-20T01:43:38.530`)
* [CVE-2023-32664](CVE-2023/CVE-2023-326xx/CVE-2023-32664.json) (`2023-07-19T18:15:11.197`) * [CVE-2023-37954](CVE-2023/CVE-2023-379xx/CVE-2023-37954.json) (`2023-07-20T01:43:50.643`)
* [CVE-2023-33148](CVE-2023/CVE-2023-331xx/CVE-2023-33148.json) (`2023-07-19T18:15:11.273`) * [CVE-2023-37953](CVE-2023/CVE-2023-379xx/CVE-2023-37953.json) (`2023-07-20T01:44:38.133`)
* [CVE-2023-33866](CVE-2023/CVE-2023-338xx/CVE-2023-33866.json) (`2023-07-19T18:15:11.360`) * [CVE-2023-37952](CVE-2023/CVE-2023-379xx/CVE-2023-37952.json) (`2023-07-20T01:44:51.670`)
* [CVE-2023-3446](CVE-2023/CVE-2023-34xx/CVE-2023-3446.json) (`2023-07-19T18:15:11.453`) * [CVE-2023-37951](CVE-2023/CVE-2023-379xx/CVE-2023-37951.json) (`2023-07-20T01:45:11.257`)
* [CVE-2023-3525](CVE-2023/CVE-2023-35xx/CVE-2023-3525.json) (`2023-07-19T18:25:12.327`) * [CVE-2023-37945](CVE-2023/CVE-2023-379xx/CVE-2023-37945.json) (`2023-07-20T01:45:33.523`)
* [CVE-2023-31213](CVE-2023/CVE-2023-312xx/CVE-2023-31213.json) (`2023-07-19T18:25:45.263`) * [CVE-2023-37944](CVE-2023/CVE-2023-379xx/CVE-2023-37944.json) (`2023-07-20T01:45:57.860`)
* [CVE-2023-36924](CVE-2023/CVE-2023-369xx/CVE-2023-36924.json) (`2023-07-19T18:29:41.167`) * [CVE-2023-30937](CVE-2023/CVE-2023-309xx/CVE-2023-30937.json) (`2023-07-20T01:46:05.337`)
* [CVE-2023-32627](CVE-2023/CVE-2023-326xx/CVE-2023-32627.json) (`2023-07-19T18:30:20.557`) * [CVE-2023-37943](CVE-2023/CVE-2023-379xx/CVE-2023-37943.json) (`2023-07-20T01:46:27.617`)
* [CVE-2023-26590](CVE-2023/CVE-2023-265xx/CVE-2023-26590.json) (`2023-07-19T18:30:31.940`) * [CVE-2023-37942](CVE-2023/CVE-2023-379xx/CVE-2023-37942.json) (`2023-07-20T01:47:00.227`)
* [CVE-2023-29406](CVE-2023/CVE-2023-294xx/CVE-2023-29406.json) (`2023-07-19T18:31:04.573`) * [CVE-2023-36825](CVE-2023/CVE-2023-368xx/CVE-2023-36825.json) (`2023-07-20T01:47:19.413`)
* [CVE-2023-37280](CVE-2023/CVE-2023-372xx/CVE-2023-37280.json) (`2023-07-19T18:31:42.580`) * [CVE-2023-30936](CVE-2023/CVE-2023-309xx/CVE-2023-30936.json) (`2023-07-20T01:47:35.127`)
* [CVE-2023-20575](CVE-2023/CVE-2023-205xx/CVE-2023-20575.json) (`2023-07-19T18:32:04.807`) * [CVE-2023-24492](CVE-2023/CVE-2023-244xx/CVE-2023-24492.json) (`2023-07-20T01:49:10.613`)
* [CVE-2023-37271](CVE-2023/CVE-2023-372xx/CVE-2023-37271.json) (`2023-07-19T18:32:26.387`) * [CVE-2023-3127](CVE-2023/CVE-2023-31xx/CVE-2023-3127.json) (`2023-07-20T01:49:31.853`)
* [CVE-2023-3369](CVE-2023/CVE-2023-33xx/CVE-2023-3369.json) (`2023-07-19T18:37:17.500`) * [CVE-2023-2762](CVE-2023/CVE-2023-27xx/CVE-2023-2762.json) (`2023-07-20T01:49:48.370`)
* [CVE-2023-3624](CVE-2023/CVE-2023-36xx/CVE-2023-3624.json) (`2023-07-19T18:46:49.327`) * [CVE-2023-30941](CVE-2023/CVE-2023-309xx/CVE-2023-30941.json) (`2023-07-20T01:50:32.973`)
* [CVE-2023-3623](CVE-2023/CVE-2023-36xx/CVE-2023-3623.json) (`2023-07-19T18:48:01.020`) * [CVE-2023-30940](CVE-2023/CVE-2023-309xx/CVE-2023-30940.json) (`2023-07-20T01:53:12.603`)
* [CVE-2023-30929](CVE-2023/CVE-2023-309xx/CVE-2023-30929.json) (`2023-07-19T18:49:37.593`) * [CVE-2023-30938](CVE-2023/CVE-2023-309xx/CVE-2023-30938.json) (`2023-07-20T01:55:49.427`)
* [CVE-2023-30930](CVE-2023/CVE-2023-309xx/CVE-2023-30930.json) (`2023-07-19T18:51:48.567`) * [CVE-2023-2763](CVE-2023/CVE-2023-27xx/CVE-2023-2763.json) (`2023-07-20T01:56:00.570`)
* [CVE-2023-30931](CVE-2023/CVE-2023-309xx/CVE-2023-30931.json) (`2023-07-19T18:55:47.867`) * [CVE-2023-30928](CVE-2023/CVE-2023-309xx/CVE-2023-30928.json) (`2023-07-20T01:56:16.403`)
* [CVE-2023-33231](CVE-2023/CVE-2023-332xx/CVE-2023-33231.json) (`2023-07-19T19:15:11.807`) * [CVE-2023-30939](CVE-2023/CVE-2023-309xx/CVE-2023-30939.json) (`2023-07-20T01:56:36.267`)
* [CVE-2023-32693](CVE-2023/CVE-2023-326xx/CVE-2023-32693.json) (`2023-07-19T20:15:10.367`) * [CVE-2023-3108](CVE-2023/CVE-2023-31xx/CVE-2023-3108.json) (`2023-07-20T01:56:37.593`)
* [CVE-2023-34089](CVE-2023/CVE-2023-340xx/CVE-2023-34089.json) (`2023-07-19T21:15:09.887`) * [CVE-2023-3269](CVE-2023/CVE-2023-32xx/CVE-2023-3269.json) (`2023-07-20T01:56:56.217`)
* [CVE-2023-34329](CVE-2023/CVE-2023-343xx/CVE-2023-34329.json) (`2023-07-19T21:15:09.983`) * [CVE-2023-37630](CVE-2023/CVE-2023-376xx/CVE-2023-37630.json) (`2023-07-20T01:57:57.420`)
* [CVE-2023-34330](CVE-2023/CVE-2023-343xx/CVE-2023-34330.json) (`2023-07-19T22:15:10.897`) * [CVE-2023-3641](CVE-2023/CVE-2023-36xx/CVE-2023-3641.json) (`2023-07-20T01:59:35.997`)
## Download and Usage ## Download and Usage