diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48613.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48613.json new file mode 100644 index 00000000000..e167fa3b415 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48613.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2022-48613", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:08.400", + "lastModified": "2023-11-08T10:15:08.400", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Race condition vulnerability in the kernel module. Successful exploitation of this vulnerability may cause variable values to be read with the condition evaluation bypassed." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44098.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44098.json new file mode 100644 index 00000000000..0149350e09d --- /dev/null +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44098.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-44098", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T09:15:07.680", + "lastModified": "2023-11-08T09:15:07.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of missing encryption in the card management module. Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46755.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46755.json new file mode 100644 index 00000000000..4d454b0089b --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46755.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46755", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:08.683", + "lastModified": "2023-11-08T10:15:08.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of input parameters being not strictly verified in the input. Successful exploitation of this vulnerability may cause the launcher to restart." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46760.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46760.json new file mode 100644 index 00000000000..1d9ee519a52 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46760.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46760", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:08.790", + "lastModified": "2023-11-08T10:15:08.790", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46761.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46761.json new file mode 100644 index 00000000000..93d0e9c3014 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46761.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46761", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.013", + "lastModified": "2023-11-08T10:15:09.013", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46762.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46762.json new file mode 100644 index 00000000000..ea3b0040302 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46762.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46762", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.207", + "lastModified": "2023-11-08T10:15:09.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46763.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46763.json new file mode 100644 index 00000000000..39c59894292 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46763.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46763", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.463", + "lastModified": "2023-11-08T10:15:09.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of background app permission management in the framework module. Successful exploitation of this vulnerability may cause background apps to start maliciously." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46764.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46764.json new file mode 100644 index 00000000000..98255b49f5c --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46764.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46764", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.527", + "lastModified": "2023-11-08T10:15:09.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46765.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46765.json new file mode 100644 index 00000000000..1fa18f16766 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46765.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46765", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.680", + "lastModified": "2023-11-08T10:15:09.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46766.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46766.json new file mode 100644 index 00000000000..26765587fdd --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46766.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46766", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:09.740", + "lastModified": "2023-11-08T10:15:09.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46767.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46767.json new file mode 100644 index 00000000000..ca0d6867a59 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46767.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46767", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:10.073", + "lastModified": "2023-11-08T10:15:10.073", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation of this vulnerability may cause process exceptions." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46771.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46771.json new file mode 100644 index 00000000000..cd9ce6b682f --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46771.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-46771", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T09:15:07.763", + "lastModified": "2023-11-08T09:15:07.763", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Security vulnerability in the face unlock module. Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46772.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46772.json new file mode 100644 index 00000000000..4f1715e0bfd --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46772.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46772", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:10.293", + "lastModified": "2023-11-08T10:15:10.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of parameters being out of the value range in the QMI service module. Successful exploitation of this vulnerability may cause errors in reading file data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46774.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46774.json new file mode 100644 index 00000000000..016051af3b4 --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46774.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-46774", + "sourceIdentifier": "psirt@huawei.com", + "published": "2023-11-08T10:15:10.350", + "lastModified": "2023-11-08T10:15:10.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of uncaught exceptions in the NFC module. Successful exploitation of this vulnerability can affect NFC availability." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2023/11/", + "source": "psirt@huawei.com" + }, + { + "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5941.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5941.json new file mode 100644 index 00000000000..01ea2ffe6f5 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5941.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-5941", + "sourceIdentifier": "secteam@freebsd.org", + "published": "2023-11-08T09:15:07.847", + "lastModified": "2023-11-08T09:15:07.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space members for write-buffered streams when the write(2) system call returns an error. \u00a0Depending on the nature of an application that calls libc's stdio functions and the presence of errors returned from the write(2) system call (or an overridden stdio write routine) a heap buffer overflow may occur. Such overflows may lead to data corruption or the execution of arbitrary code at the privilege level of the calling program." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secteam@freebsd.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-131" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:15.stdio.asc", + "source": "secteam@freebsd.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5978.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5978.json new file mode 100644 index 00000000000..16af7ecb34f --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5978.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-5978", + "sourceIdentifier": "secteam@freebsd.org", + "published": "2023-11-08T09:15:07.933", + "lastModified": "2023-11-08T09:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In versions of FreeBSD 13-RELEASE before 13-RELEASE-p5, under certain circumstances the cap_net libcasper(3) service incorrectly validates that updated constraints are strictly subsets of the active constraints. \u00a0When only a list\u00a0of resolvable domain names was specified without setting any other limitations, an application could submit a new list of domains including include entries not previously listed. \u00a0This could permit the application to resolve domain names that were previously restricted." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secteam@freebsd.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://security.freebsd.org/advisories/FreeBSD-SA-23:16.cap_net.asc", + "source": "secteam@freebsd.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0283afaf416..0f4898acfdb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-11-08T09:00:20.632143+00:00 +2023-11-08T11:00:19.220672+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-11-08T08:15:09.523000+00:00 +2023-11-08T10:15:10.350000+00:00 ``` ### Last Data Feed Release @@ -29,18 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -230107 +230123 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `16` -* [CVE-2023-41270](CVE-2023/CVE-2023-412xx/CVE-2023-41270.json) (`2023-11-08T07:15:27.367`) -* [CVE-2023-39913](CVE-2023/CVE-2023-399xx/CVE-2023-39913.json) (`2023-11-08T08:15:08.883`) -* [CVE-2023-41111](CVE-2023/CVE-2023-411xx/CVE-2023-41111.json) (`2023-11-08T08:15:09.080`) -* [CVE-2023-41112](CVE-2023/CVE-2023-411xx/CVE-2023-41112.json) (`2023-11-08T08:15:09.327`) -* [CVE-2023-46483](CVE-2023/CVE-2023-464xx/CVE-2023-46483.json) (`2023-11-08T08:15:09.523`) +* [CVE-2022-48613](CVE-2022/CVE-2022-486xx/CVE-2022-48613.json) (`2023-11-08T10:15:08.400`) +* [CVE-2023-44098](CVE-2023/CVE-2023-440xx/CVE-2023-44098.json) (`2023-11-08T09:15:07.680`) +* [CVE-2023-46771](CVE-2023/CVE-2023-467xx/CVE-2023-46771.json) (`2023-11-08T09:15:07.763`) +* [CVE-2023-5941](CVE-2023/CVE-2023-59xx/CVE-2023-5941.json) (`2023-11-08T09:15:07.847`) +* [CVE-2023-5978](CVE-2023/CVE-2023-59xx/CVE-2023-5978.json) (`2023-11-08T09:15:07.933`) +* [CVE-2023-46755](CVE-2023/CVE-2023-467xx/CVE-2023-46755.json) (`2023-11-08T10:15:08.683`) +* [CVE-2023-46760](CVE-2023/CVE-2023-467xx/CVE-2023-46760.json) (`2023-11-08T10:15:08.790`) +* [CVE-2023-46761](CVE-2023/CVE-2023-467xx/CVE-2023-46761.json) (`2023-11-08T10:15:09.013`) +* [CVE-2023-46762](CVE-2023/CVE-2023-467xx/CVE-2023-46762.json) (`2023-11-08T10:15:09.207`) +* [CVE-2023-46763](CVE-2023/CVE-2023-467xx/CVE-2023-46763.json) (`2023-11-08T10:15:09.463`) +* [CVE-2023-46764](CVE-2023/CVE-2023-467xx/CVE-2023-46764.json) (`2023-11-08T10:15:09.527`) +* [CVE-2023-46765](CVE-2023/CVE-2023-467xx/CVE-2023-46765.json) (`2023-11-08T10:15:09.680`) +* [CVE-2023-46766](CVE-2023/CVE-2023-467xx/CVE-2023-46766.json) (`2023-11-08T10:15:09.740`) +* [CVE-2023-46767](CVE-2023/CVE-2023-467xx/CVE-2023-46767.json) (`2023-11-08T10:15:10.073`) +* [CVE-2023-46772](CVE-2023/CVE-2023-467xx/CVE-2023-46772.json) (`2023-11-08T10:15:10.293`) +* [CVE-2023-46774](CVE-2023/CVE-2023-467xx/CVE-2023-46774.json) (`2023-11-08T10:15:10.350`) ### CVEs modified in the last Commit