admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-07-07T22:00:28.479249+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-07-07 22:00:32 +00:00
parent 0a4cae6807
commit 4c46253886
29 changed files with 2499 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
CVE-2021/CVE-2021-43xx/CVE-2021-4395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4395",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-01T06:15:09.617",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T20:33:31.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
@ -46,42 +66,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:villatheme:abandoned_cart_recovery_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.4",
"matchCriteriaId": "805C1E92-999F-4F6F-BAE7-5E285B403A4D"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2550169%40woo-abandoned-cart-recovery&new=2550169%40woo-abandoned-cart-recovery&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45b627f9-e7c6-4bf6-b1c7-d607f3e083f8?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

89
CVE-2021/CVE-2021-43xx/CVE-2021-4396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4396",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-01T06:15:09.690",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T20:31:07.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,7 +13,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +31,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -46,42 +66,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rucy_project:rucy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "0.4.4",
"matchCriteriaId": "664FD7AA-A9CF-4A31-9415-AF8762FB021F"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/rucy/trunk/inc/class-rucy-editor.php#L237",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/595d0401-55b9-418e-8b99-48b23e9a2662?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2021/CVE-2021-43xx/CVE-2021-4397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4397",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-01T06:15:09.770",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T20:29:50.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -46,42 +46,87 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:goldplugins:staff_directory_plugin:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6",
"matchCriteriaId": "8B2C697A-1BE7-4370-B784-9275A6889C1C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548539%40staff-directory-pro&new=2548539%40staff-directory-pro&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5971447d-0634-49a5-91d0-c4f0c0825a86?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

101
CVE-2021/CVE-2021-43xx/CVE-2021-4398.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4398",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-07-01T06:15:09.843",
"lastModified": "2023-07-03T01:10:10.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T20:29:06.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -13,8 +13,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -36,7 +56,7 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,44 +64,99 @@
"value": "CWE-352"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amministrazione_trasparente_project:amministrazione_trasparente:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "7.1",
"matchCriteriaId": "38DA9E5B-D790-4AE9-AD16-A8FFAF62783C"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/more-wordpress-plugins-and-themes-vulnerable-to-csrf-attacks/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-1/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-2/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-3/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-4/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blog.nintechnet.com/multiple-wordpress-plugins-fixed-csrf-vulnerabilities-part-5/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2548741%40amministrazione-trasparente&new=2548741%40amministrazione-trasparente&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6358fc29-5b09-481a-9040-a7890b61f419?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

400
CVE-2022/CVE-2022-326xx/CVE-2022-32666.json
View File

@ -2,19 +2,411 @@
"id": "CVE-2022-32666",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-07-04T02:15:09.480",
"lastModified": "2023-07-05T13:00:42.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:42:17.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7603_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE7D50BA-4588-406B-9873-EB067B1FADC0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A45CDA9-95E6-4C02-8C3C-3B0CF7272A6F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7613_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B89C8667-CFE2-4C1D-904A-20E63D6CAD63"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4979BA07-DC09-4DF8-BA7F-E4143A0ECFE6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7615_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "188DCE87-D893-4109-B946-5A943723021E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05748BB1-0D48-4097-932E-E8E2E574FD8D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7622_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "556F893B-9EB4-4795-B8F0-BCDCDE7F9981"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55EB4B27-6264-45BE-9A22-BE8418BB0C06"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7628_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1144B15B-0F33-4622-9534-D22741EA6C4A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7628:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7476AF58-342B-4E2A-BEAD-E379097148D2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7629_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "572E4322-E017-4298-B34D-F54CB43E599F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29C210A3-C71E-4010-9DD6-9E36CADC9EED"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7915_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "303A9DA7-2C6C-434A-85E7-EE200AF9E2DA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB22996-9C22-4B6C-9E94-E4C055D16335"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7916_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14734451-2D61-4EB5-8BB2-414E2BEDC534"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5AA441-5381-4179-89EB-1642120F72B4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7981_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81B46566-AE03-4B6B-8B25-13621A060156"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*",
"matchCriteriaId": "490CD97B-021F-4350-AEE7-A2FA866D5889"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt7986_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "72A30F15-0654-4479-8944-6AF67F610AF3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40A9E917-4B34-403F-B512-09EEBEA46811"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mediatek:mt8365_firmware:7.6.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E02EF7EA-38C8-49CA-A78D-692EC93FB5AC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2023",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2022/CVE-2022-436xx/CVE-2022-43684.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-43684",
"sourceIdentifier": "psirt@servicenow.com",
"published": "2023-06-13T19:15:09.243",
"lastModified": "2023-06-23T19:38:37.433",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:09.707",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -454,6 +454,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/11",
"source": "psirt@servicenow.com"
},
{
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
"source": "psirt@servicenow.com",

59
CVE-2022/CVE-2022-43xx/CVE-2022-4361.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2022-4361",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-07T20:15:09.813",
"lastModified": "2023-07-07T20:15:09.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-81"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2151618",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keycloak/keycloak/commit/a1cfe6e24e5b34792699a00b8b4a8016a5929e3a",
"source": "secalert@redhat.com"
}
]
}

43
CVE-2023/CVE-2023-201xx/CVE-2023-20133.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20133",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-07-07T20:15:09.887",
"lastModified": "2023-07-07T20:15:09.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6",
"source": "ykramarz@cisco.com"
}
]
}

43
CVE-2023/CVE-2023-201xx/CVE-2023-20180.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-20180",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-07-07T20:15:09.943",
"lastModified": "2023-07-07T20:15:09.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sxsscsrf-2L24bBx6",
"source": "ykramarz@cisco.com"
}
]
}

115
CVE-2023/CVE-2023-206xx/CVE-2023-20689.json
View File

@ -2,19 +2,126 @@
"id": "CVE-2023-20689",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-07-04T02:15:09.570",
"lastModified": "2023-07-05T13:00:42.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:46:40.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2023",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

350
CVE-2023/CVE-2023-207xx/CVE-2023-20755.json
View File

@ -2,19 +2,361 @@
"id": "CVE-2023-20755",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-07-04T02:15:09.940",
"lastModified": "2023-07-05T13:00:42.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:38:18.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07509605."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2023",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

345
CVE-2023/CVE-2023-207xx/CVE-2023-20756.json
View File

@ -2,19 +2,356 @@
"id": "CVE-2023-20756",
"sourceIdentifier": "security@mediatek.com",
"published": "2023-07-04T02:15:09.983",
"lastModified": "2023-07-05T13:00:42.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:37:26.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07510064; Issue ID: ALPS07549928."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/July-2023",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-284xx/CVE-2023-28489.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28489",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-04-11T10:15:18.280",
"lastModified": "2023-04-19T19:59:14.443",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.007",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/14",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-472454.pdf",
"source": "productcert@siemens.com",

32
CVE-2023/CVE-2023-324xx/CVE-2023-32434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32434",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:13.720",
"lastModified": "2023-06-30T07:36:30.980",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.107",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
@ -123,6 +123,34 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/10",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/4",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/5",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/6",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/7",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/8",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/9",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/HT213808",
"source": "product-security@apple.com",

10
CVE-2023/CVE-2023-324xx/CVE-2023-32435.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-32435",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:13.767",
"lastModified": "2023-06-30T07:32:59.527",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.187",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Apple iOS and iPadOS WebKit Memory Corruption Vulnerability",
"cisaVulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability",
"descriptions": [
{
"lang": "en",
@ -102,6 +102,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/5",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/29/1",
"source": "product-security@apple.com",

18
CVE-2023/CVE-2023-324xx/CVE-2023-32439.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32439",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-06-23T18:15:13.813",
"lastModified": "2023-07-04T04:15:10.230",
"lastModified": "2023-07-07T20:15:10.247",
"vulnStatus": "Modified",
"cisaExploitAdd": "2023-06-23",
"cisaActionDue": "2023-07-14",
@ -102,6 +102,22 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/3",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/4",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/5",
"source": "product-security@apple.com"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/6",
"source": "product-security@apple.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/06/29/1",
"source": "product-security@apple.com",

8
CVE-2023/CVE-2023-339xx/CVE-2023-33919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33919",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.620",
"lastModified": "2023-06-29T20:14:54.990",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.323",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/14",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-339xx/CVE-2023-33920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33920",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.677",
"lastModified": "2023-06-29T20:14:03.950",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.423",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/14",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com",

8
CVE-2023/CVE-2023-339xx/CVE-2023-33921.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33921",
"sourceIdentifier": "productcert@siemens.com",
"published": "2023-06-13T09:15:18.733",
"lastModified": "2023-06-29T20:12:44.373",
"vulnStatus": "Analyzed",
"lastModified": "2023-07-07T20:15:10.523",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -135,6 +135,10 @@
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/14",
"source": "productcert@siemens.com"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-731916.pdf",
"source": "productcert@siemens.com",

180
CVE-2023/CVE-2023-33xx/CVE-2023-3395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3395",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:10.107",
"lastModified": "2023-07-05T13:00:47.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:41:01.043",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -36,8 +56,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +76,152 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7876F5D-AF54-468B-A201-36021E8FEC16"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08D95811-0B73-414E-A643-CF3AFBD1EAA8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_lt2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9BFF572B-11C8-4353-93F5-74D48A055B1A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AACB5343-6982-4BC9-8173-E62160DF4595"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "402F6FF6-C9A7-400F-834E-407147689D07"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35408F1E-B380-4EBD-AF41-1388F1C5999B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

173
CVE-2023/CVE-2023-366xx/CVE-2023-36610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36610",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:09.967",
"lastModified": "2023-07-05T13:00:47.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:39:36.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,157 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "72CE5CAF-635F-4B1E-9440-3F745BA4A8BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "EC6FAD9F-D3BE-4E69-A2EE-D08494FC5866"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "659B7A35-F886-44E9-9E1B-550B50F3C0F5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AACB5343-6982-4BC9-8173-E62160DF4595"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "54A1620A-B664-4D8F-A34F-B6E07CC5BE33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "DD6F3E7D-E5E9-44E1-B066-5D6382C30D2E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

173
CVE-2023/CVE-2023-366xx/CVE-2023-36611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36611",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2023-07-03T21:15:10.037",
"lastModified": "2023-07-05T13:00:47.037",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-07-07T21:40:07.380",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -12,6 +12,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -46,10 +66,157 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "72CE5CAF-635F-4B1E-9440-3F745BA4A8BC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0746C27E-6100-430A-8005-F71C8D24E827"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_ms-cpu32-s2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "EC6FAD9F-D3BE-4E69-A2EE-D08494FC5866"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_ms-cpu32-s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1753583A-93AC-4DBE-8E2C-A4816B8D1D11"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_lt2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "659B7A35-F886-44E9-9E1B-550B50F3C0F5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_lt2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AACB5343-6982-4BC9-8173-E62160DF4595"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_tg2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "54A1620A-B664-4D8F-A34F-B6E07CC5BE33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_tg2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "551340E5-D721-40F1-8D14-CBF87A68BFB3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ovarro:tbox_rm2_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.50.598",
"matchCriteriaId": "DD6F3E7D-E5E9-44E1-B066-5D6382C30D2E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ovarro:tbox_rm2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F73C576F-9BAB-4C8E-9B47-9C930B67C910"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-180-03",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Mitigation",
"Third Party Advisory",
"US Government Resource"
]
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37170.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37170",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-07T20:15:10.613",
"lastModified": "2023-07-07T20:15:10.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37171.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37171",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-07T20:15:10.660",
"lastModified": "2023-07-07T20:15:10.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37172.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37172",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-07T20:15:10.697",
"lastModified": "2023-07-07T20:15:10.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_3",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-371xx/CVE-2023-37173.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-37173",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-07T20:15:10.740",
"lastModified": "2023-07-07T20:15:10.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kafroc/Vuls/tree/main/TOTOLINK/A3300R/cmdi_4",
"source": "cve@mitre.org"
}
]
}

79
CVE-2023/CVE-2023-372xx/CVE-2023-37261.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2023-37261",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-07T21:15:09.303",
"lastModified": "2023-07-07T21:15:09.303",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is installed as part of a Minecraft server hosted on a popular cloud hosting provider, such as AWS, GCP and Azure, those metadata services' API endpoints are not forbidden (aka \"blacklisted\") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. In addition, IPv6 addresses are not correctly filtered at all, allowing broader access into the local IPv6 network. This can allow a player on a server using an OpenComputers computer to access parts of the private IPv4 address space, as well as the whole IPv6 address space, in order to retrieve sensitive information.\n\nOpenComputers v1.8.3 for Minecraft 1.7.10 and 1.12.2 contains a patch for this issue. Some workarounds are also available. One may disable the Internet Card feature completely. If using OpenComputers 1.3.0 or above, using the allow list (`opencomputers.internet.whitelist` option) will prohibit connections to any IP addresses and/or domains not listed; or one may add entries to the block list (`opencomputers.internet.blacklist` option). More information about mitigations is available in the GitHub Security Advisory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/MightyPirates/OpenComputers/blob/5b2ba76a4c242b369b9b6ac6196fd04d96580ad0/src/main/resources/application.conf#L966-L986",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MightyPirates/OpenComputers/blob/5b2ba76a4c242b369b9b6ac6196fd04d96580ad0/src/main/scala/li/cil/oc/Settings.scala#L614-L637",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MightyPirates/OpenComputers/commit/d13c015357fd6c42e0a1bdd6e1ef9462f0450a15",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MightyPirates/OpenComputers/issues/2365",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MightyPirates/OpenComputers/releases/tag/1.12.2-forge%2F1.8.3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2023/CVE-2023-372xx/CVE-2023-37262.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-37262",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-07-07T21:15:09.393",
"lastModified": "2023-07-07T21:15:09.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka \"blacklisted\") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/MightyPirates/OpenComputers/security/advisories/GHSA-vvfj-xh7c-j2cm",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cc-tweaked/CC-Tweaked/blob/96847bb8c28df51e5e49f2dd2978ff6cc4e2821b/projects/core/src/main/java/dan200/computercraft/core/apis/http/options/AddressPredicate.java#L116-L126",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cc-tweaked/CC-Tweaked/commit/4bbde8c50c00bc572578ab2cff609b3443d10ddf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cc-tweaked/CC-Tweaked/security/advisories/GHSA-7p4w-mv69-2wm2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dan200/ComputerCraft/issues/170",
"source": "security-advisories@github.com"
}
]
}

70
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-07-07T20:00:32.715969+00:00
2023-07-07T22:00:28.479249+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-07-07T19:46:53.497000+00:00
2023-07-07T21:46:40.247000+00:00
```
### Last Data Feed Release
@ -29,53 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
219481
219490
```
### CVEs added in the last Commit
Recently added CVEs: `9`
* [CVE-2021-33796](CVE-2021/CVE-2021-337xx/CVE-2021-33796.json) (`2023-07-07T18:15:09.430`)
* [CVE-2021-33798](CVE-2021/CVE-2021-337xx/CVE-2021-33798.json) (`2023-07-07T18:15:09.507`)
* [CVE-2021-32494](CVE-2021/CVE-2021-324xx/CVE-2021-32494.json) (`2023-07-07T19:15:09.507`)
* [CVE-2021-32495](CVE-2021/CVE-2021-324xx/CVE-2021-32495.json) (`2023-07-07T19:15:09.600`)
* [CVE-2021-39014](CVE-2021/CVE-2021-390xx/CVE-2021-39014.json) (`2023-07-07T19:15:09.667`)
* [CVE-2023-36256](CVE-2023/CVE-2023-362xx/CVE-2023-36256.json) (`2023-07-07T18:15:09.693`)
* [CVE-2023-36992](CVE-2023/CVE-2023-369xx/CVE-2023-36992.json) (`2023-07-07T19:15:09.770`)
* [CVE-2023-36993](CVE-2023/CVE-2023-369xx/CVE-2023-36993.json) (`2023-07-07T19:15:09.827`)
* [CVE-2023-36994](CVE-2023/CVE-2023-369xx/CVE-2023-36994.json) (`2023-07-07T19:15:09.897`)
* [CVE-2022-4361](CVE-2022/CVE-2022-43xx/CVE-2022-4361.json) (`2023-07-07T20:15:09.813`)
* [CVE-2023-20133](CVE-2023/CVE-2023-201xx/CVE-2023-20133.json) (`2023-07-07T20:15:09.887`)
* [CVE-2023-20180](CVE-2023/CVE-2023-201xx/CVE-2023-20180.json) (`2023-07-07T20:15:09.943`)
* [CVE-2023-37170](CVE-2023/CVE-2023-371xx/CVE-2023-37170.json) (`2023-07-07T20:15:10.613`)
* [CVE-2023-37171](CVE-2023/CVE-2023-371xx/CVE-2023-37171.json) (`2023-07-07T20:15:10.660`)
* [CVE-2023-37172](CVE-2023/CVE-2023-371xx/CVE-2023-37172.json) (`2023-07-07T20:15:10.697`)
* [CVE-2023-37173](CVE-2023/CVE-2023-371xx/CVE-2023-37173.json) (`2023-07-07T20:15:10.740`)
* [CVE-2023-37261](CVE-2023/CVE-2023-372xx/CVE-2023-37261.json) (`2023-07-07T21:15:09.303`)
* [CVE-2023-37262](CVE-2023/CVE-2023-372xx/CVE-2023-37262.json) (`2023-07-07T21:15:09.393`)
### CVEs modified in the last Commit
Recently modified CVEs: `64`
Recently modified CVEs: `19`
* [CVE-2023-1298](CVE-2023/CVE-2023-12xx/CVE-2023-1298.json) (`2023-07-07T18:15:09.607`)
* [CVE-2023-26135](CVE-2023/CVE-2023-261xx/CVE-2023-26135.json) (`2023-07-07T18:21:34.797`)
* [CVE-2023-28387](CVE-2023/CVE-2023-283xx/CVE-2023-28387.json) (`2023-07-07T18:24:25.427`)
* [CVE-2023-37305](CVE-2023/CVE-2023-373xx/CVE-2023-37305.json) (`2023-07-07T18:24:43.897`)
* [CVE-2023-37303](CVE-2023/CVE-2023-373xx/CVE-2023-37303.json) (`2023-07-07T18:25:58.080`)
* [CVE-2023-37301](CVE-2023/CVE-2023-373xx/CVE-2023-37301.json) (`2023-07-07T18:26:42.243`)
* [CVE-2023-26428](CVE-2023/CVE-2023-264xx/CVE-2023-26428.json) (`2023-07-07T18:27:11.337`)
* [CVE-2023-34648](CVE-2023/CVE-2023-346xx/CVE-2023-34648.json) (`2023-07-07T18:36:09.547`)
* [CVE-2023-35178](CVE-2023/CVE-2023-351xx/CVE-2023-35178.json) (`2023-07-07T18:37:18.853`)
* [CVE-2023-35177](CVE-2023/CVE-2023-351xx/CVE-2023-35177.json) (`2023-07-07T18:37:42.030`)
* [CVE-2023-35176](CVE-2023/CVE-2023-351xx/CVE-2023-35176.json) (`2023-07-07T18:38:36.187`)
* [CVE-2023-35175](CVE-2023/CVE-2023-351xx/CVE-2023-35175.json) (`2023-07-07T18:38:58.350`)
* [CVE-2023-26429](CVE-2023/CVE-2023-264xx/CVE-2023-26429.json) (`2023-07-07T18:39:40.127`)
* [CVE-2023-33276](CVE-2023/CVE-2023-332xx/CVE-2023-33276.json) (`2023-07-07T18:39:53.007`)
* [CVE-2023-26431](CVE-2023/CVE-2023-264xx/CVE-2023-26431.json) (`2023-07-07T18:40:28.863`)
* [CVE-2023-36607](CVE-2023/CVE-2023-366xx/CVE-2023-36607.json) (`2023-07-07T18:43:19.817`)
* [CVE-2023-3465](CVE-2023/CVE-2023-34xx/CVE-2023-3465.json) (`2023-07-07T18:45:16.383`)
* [CVE-2023-3464](CVE-2023/CVE-2023-34xx/CVE-2023-3464.json) (`2023-07-07T18:46:28.547`)
* [CVE-2023-36146](CVE-2023/CVE-2023-361xx/CVE-2023-36146.json) (`2023-07-07T18:48:07.887`)
* [CVE-2023-3478](CVE-2023/CVE-2023-34xx/CVE-2023-3478.json) (`2023-07-07T18:52:16.210`)
* [CVE-2023-37307](CVE-2023/CVE-2023-373xx/CVE-2023-37307.json) (`2023-07-07T19:00:08.273`)
* [CVE-2023-37306](CVE-2023/CVE-2023-373xx/CVE-2023-37306.json) (`2023-07-07T19:00:31.167`)
* [CVE-2023-36347](CVE-2023/CVE-2023-363xx/CVE-2023-36347.json) (`2023-07-07T19:05:16.083`)
* [CVE-2023-3113](CVE-2023/CVE-2023-31xx/CVE-2023-3113.json) (`2023-07-07T19:09:45.693`)
* [CVE-2023-20006](CVE-2023/CVE-2023-200xx/CVE-2023-20006.json) (`2023-07-07T19:46:53.497`)
* [CVE-2021-4398](CVE-2021/CVE-2021-43xx/CVE-2021-4398.json) (`2023-07-07T20:29:06.920`)
* [CVE-2021-4397](CVE-2021/CVE-2021-43xx/CVE-2021-4397.json) (`2023-07-07T20:29:50.133`)
* [CVE-2021-4396](CVE-2021/CVE-2021-43xx/CVE-2021-4396.json) (`2023-07-07T20:31:07.107`)
* [CVE-2021-4395](CVE-2021/CVE-2021-43xx/CVE-2021-4395.json) (`2023-07-07T20:33:31.233`)
* [CVE-2022-43684](CVE-2022/CVE-2022-436xx/CVE-2022-43684.json) (`2023-07-07T20:15:09.707`)
* [CVE-2022-32666](CVE-2022/CVE-2022-326xx/CVE-2022-32666.json) (`2023-07-07T21:42:17.617`)
* [CVE-2023-28489](CVE-2023/CVE-2023-284xx/CVE-2023-28489.json) (`2023-07-07T20:15:10.007`)
* [CVE-2023-32434](CVE-2023/CVE-2023-324xx/CVE-2023-32434.json) (`2023-07-07T20:15:10.107`)
* [CVE-2023-32435](CVE-2023/CVE-2023-324xx/CVE-2023-32435.json) (`2023-07-07T20:15:10.187`)
* [CVE-2023-32439](CVE-2023/CVE-2023-324xx/CVE-2023-32439.json) (`2023-07-07T20:15:10.247`)
* [CVE-2023-33919](CVE-2023/CVE-2023-339xx/CVE-2023-33919.json) (`2023-07-07T20:15:10.323`)
* [CVE-2023-33920](CVE-2023/CVE-2023-339xx/CVE-2023-33920.json) (`2023-07-07T20:15:10.423`)
* [CVE-2023-33921](CVE-2023/CVE-2023-339xx/CVE-2023-33921.json) (`2023-07-07T20:15:10.523`)
* [CVE-2023-20756](CVE-2023/CVE-2023-207xx/CVE-2023-20756.json) (`2023-07-07T21:37:26.080`)
* [CVE-2023-20755](CVE-2023/CVE-2023-207xx/CVE-2023-20755.json) (`2023-07-07T21:38:18.937`)
* [CVE-2023-36610](CVE-2023/CVE-2023-366xx/CVE-2023-36610.json) (`2023-07-07T21:39:36.900`)
* [CVE-2023-36611](CVE-2023/CVE-2023-366xx/CVE-2023-36611.json) (`2023-07-07T21:40:07.380`)
* [CVE-2023-3395](CVE-2023/CVE-2023-33xx/CVE-2023-3395.json) (`2023-07-07T21:41:01.043`)
* [CVE-2023-20689](CVE-2023/CVE-2023-206xx/CVE-2023-20689.json) (`2023-07-07T21:46:40.247`)
## Download and Usage