diff --git a/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json b/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json index 1cc7f38b133..347bd61fe7e 100644 --- a/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json +++ b/CVE-2020/CVE-2020-226xx/CVE-2020-22612.json @@ -2,19 +2,75 @@ "id": "CVE-2020-22612", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.533", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T18:33:00.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Installer RCE on settings file write in MyBB before 1.8.22." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mybb:mybb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.22", + "matchCriteriaId": "7B03E0B1-4D3E-48F1-BE5B-BCF4A338CC34" + } + ] + } + ] + } + ], "references": [ { "url": "https://mybb.com/versions/1.8.22/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-320xx/CVE-2021-32050.json b/CVE-2021/CVE-2021-320xx/CVE-2021-32050.json index 5c02de548f6..100525cedc6 100644 --- a/CVE-2021/CVE-2021-320xx/CVE-2021-32050.json +++ b/CVE-2021/CVE-2021-320xx/CVE-2021-32050.json @@ -2,8 +2,8 @@ "id": "CVE-2021-32050", "sourceIdentifier": "cna@mongodb.com", "published": "2023-08-29T16:15:08.423", - "lastModified": "2023-08-29T18:14:25.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:28:34.920", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "cna@mongodb.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "cna@mongodb.com", "type": "Secondary", @@ -46,26 +76,110 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:c\\+\\+:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.17.7", + "matchCriteriaId": "09486555-7473-46FA-B646-E6AA6ECB005F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:c_driver:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.17.7", + "matchCriteriaId": "FCB74F72-5943-472D-A787-363B6B6AAC45" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "3.6", + "versionEndExcluding": "3.6.10", + "matchCriteriaId": "AD1E66B4-D728-41EE-8D61-967D411BA260" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "4.17.0", + "matchCriteriaId": "9DE0FDB0-1227-465E-9F95-F3689BBD5C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:node.js:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.8.0", + "matchCriteriaId": "0C560F25-FF53-437A-8D60-FB5CC356AE60" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:php_driver:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.9.2", + "matchCriteriaId": "1284F2B7-7338-4796-B993-9FB547DC2869" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mongodb:swift_driver:*:*:*:*:*:mongodb:*:*", + "versionStartIncluding": "1.0.0", + "versionEndExcluding": "1.1.1", + "matchCriteriaId": "89AA28DB-8B7B-46FC-9DDB-8912BD6EA26D" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.mongodb.org/browse/CDRIVER-3797", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.mongodb.org/browse/CXX-2028", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.mongodb.org/browse/NODE-3356", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.mongodb.org/browse/PHPC-1869", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://jira.mongodb.org/browse/SWIFT-1229", - "source": "cna@mongodb.com" + "source": "cna@mongodb.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json b/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json index fb2d817a78e..8895025b358 100644 --- a/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json +++ b/CVE-2021/CVE-2021-405xx/CVE-2021-40546.json @@ -2,19 +2,87 @@ "id": "CVE-2021-40546", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-05T19:15:48.523", - "lastModified": "2023-09-07T01:10:21.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:37:58.750", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V4.0RTL_V02.03.01.26_cn.bin allows attackers (who have the administrator password) to cause a denial of service (device crash) via a long string in the wifiPwd_5G parameter to /goform/setWifi." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:02.03.01.26:*:*:*:*:*:*:*", + "matchCriteriaId": "D733507C-6176-4C5E-8DBF-7FBD9533327E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B5A1AA92-23DD-498F-A511-436C6F17CD5B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/doudoudedi/buffer_overflow/blob/main/Tenda%20AC6%20V4.0-Denial%20of%20Service%20Vulnerability.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-223xx/CVE-2022-22305.json b/CVE-2022/CVE-2022-223xx/CVE-2022-22305.json index 177df730836..2f635b3a49d 100644 --- a/CVE-2022/CVE-2022-223xx/CVE-2022-22305.json +++ b/CVE-2022/CVE-2022-223xx/CVE-2022-22305.json @@ -2,8 +2,8 @@ "id": "CVE-2022-22305", "sourceIdentifier": "psirt@fortinet.com", "published": "2023-09-01T12:15:08.363", - "lastModified": "2023-09-01T13:39:55.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:46:50.437", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -34,10 +54,159 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.12", + "matchCriteriaId": "2318A6AC-AA3E-4604-968C-35A46E79FCB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.9", + "versionEndIncluding": "6.4.7", + "matchCriteriaId": "82AA3275-8A1D-43DA-880B-1EFFBD96C29D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D7DC87E0-0C9F-4E65-B96E-7E91F71764AC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "80518C1A-60DB-4CC3-92ED-0C0BDCF2F1C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F8619721-489F-4BE7-BBAC-7D07FB64A8EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.12", + "matchCriteriaId": "8DFFD873-3F9B-41D8-92E6-09F84712BCE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.11", + "matchCriteriaId": "67777F42-09E1-4651-807C-325A5F0D8A66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndIncluding": "6.4.6", + "matchCriteriaId": "D4EB03A2-7143-407C-B622-03E6AFAF6A78" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8A4E6379-A79E-4135-BAF1-D53E8F56798B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "9CF421D9-54D7-47FB-AB11-A556BDB4A372" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0.0", + "versionEndIncluding": "3.0.7", + "matchCriteriaId": "7D1EE4D7-4087-4A4A-9171-F48B1C5915C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.1.0", + "versionEndIncluding": "3.1.5", + "matchCriteriaId": "2C47A3DB-A02A-488D-B0E1-867A19CE43B8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.0", + "versionEndIncluding": "3.2.4", + "matchCriteriaId": "16BB4915-1330-45E5-887E-AD97C29F500B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:3.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "527BEC13-9EC9-44AB-9F02-C948BDC96558" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0260B512-77CA-4FE8-A039-D7B287A19BAA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "7D6CCD1A-3412-4A55-88A8-40B227FB00BA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:4.0.2:*:*:*:*:*:*:*", + "matchCriteriaId": "51A80522-EBFC-4C3E-BF38-01453CC359F7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.6.10", + "versionEndIncluding": "5.6.14", + "matchCriteriaId": "1728ED99-9A01-4819-B382-EDEF00F97B9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "6.0.17", + "matchCriteriaId": "0135464C-532C-430D-A76C-2FCDE4C991D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndIncluding": "6.2.15", + "matchCriteriaId": "7916D6BB-838E-40A0-9C7F-FBE9ECBA0D99" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-18-292", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20820.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20820.json index e6fca425e58..041fb373da9 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20820.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20820.json @@ -2,19 +2,151 @@ "id": "CVE-2023-20820", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:07.840", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:14:49.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In wlan service, there is a possible command injection due to improper input validation. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00244189; Issue ID: WCNCR00244189." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7603:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8A45CDA9-95E6-4C02-8C3C-3B0CF7272A6F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF2E9975-607D-4F06-A85A-B1C2BE3C5B75" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4979BA07-DC09-4DF8-BA7F-E4143A0ECFE6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*", + "matchCriteriaId": "05748BB1-0D48-4097-932E-E8E2E574FD8D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*", + "matchCriteriaId": "55EB4B27-6264-45BE-9A22-BE8418BB0C06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7626:-:*:*:*:*:*:*:*", + "matchCriteriaId": "79C6A4C1-BAB5-4C53-91CF-2637C2ECF37F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29C210A3-C71E-4010-9DD6-9E36CADC9EED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AB22996-9C22-4B6C-9E94-E4C055D16335" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD5AA441-5381-4179-89EB-1642120F72B4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", + "matchCriteriaId": "490CD97B-021F-4350-AEE7-A2FA866D5889" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40A9E917-4B34-403F-B512-09EEBEA46811" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4901B2A5-B0C8-4A0C-AC17-87D469744817" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20821.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20821.json index f8a503b8cf8..434609862f6 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20821.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20821.json @@ -2,19 +2,356 @@ "id": "CVE-2023-20821", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:08.480", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:14:35.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937113; Issue ID: ALPS07937113." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20822.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20822.json index 2a0978e4fe8..b20e0591ade 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20822.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20822.json @@ -2,19 +2,151 @@ "id": "CVE-2023-20822", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:08.647", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:14:27.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In netdagent, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944012; Issue ID: ALPS07944012." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20823.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20823.json index f573b47da80..a1ac74b761c 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20823.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20823.json @@ -2,19 +2,186 @@ "id": "CVE-2023-20823", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:08.773", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:06:39.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In cmdq, there is a possible out of bounds read due to an incorrect status check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08021592; Issue ID: ALPS08021592." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20824.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20824.json index d98e60549f9..678331ac474 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20824.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20824.json @@ -2,19 +2,311 @@ "id": "CVE-2023-20824", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:08.893", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:06:55.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951402." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20825.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20825.json index fb21d0abbd6..499ea27b75f 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20825.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20825.json @@ -2,19 +2,311 @@ "id": "CVE-2023-20825", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.023", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:14:16.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In duraspeed, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07951402; Issue ID: ALPS07951413." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20826.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20826.json index 7c485eefbd3..ff4e0768afc 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20826.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20826.json @@ -2,19 +2,216 @@ "id": "CVE-2023-20826", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.137", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:13:15.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20827.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20827.json index d9f277d1e89..ece383f4b59 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20827.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20827.json @@ -2,19 +2,241 @@ "id": "CVE-2023-20827", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.270", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:13:24.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ims service, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07937105; Issue ID: ALPS07937105." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20828.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20828.json index 8e8f432a764..db7f1f74a0e 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20828.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20828.json @@ -2,19 +2,281 @@ "id": "CVE-2023-20828", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.413", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:13:33.270", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014144." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20829.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20829.json index 7a1484d11d6..70296477ffb 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20829.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20829.json @@ -2,19 +2,281 @@ "id": "CVE-2023-20829", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.527", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:07:12.237", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014148." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20830.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20830.json index 2f43448ab25..e2d500fc8dd 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20830.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20830.json @@ -2,19 +2,296 @@ "id": "CVE-2023-20830", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.650", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:07:25.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014156." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20831.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20831.json index d7ecb04f4c8..069ebe26b77 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20831.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20831.json @@ -2,19 +2,281 @@ "id": "CVE-2023-20831", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.770", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:07:47.907", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08014162." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20832.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20832.json index e64c4cb8a26..6e26098e51c 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20832.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20832.json @@ -2,19 +2,286 @@ "id": "CVE-2023-20832", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:09.873", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:08:10.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08014144; Issue ID: ALPS08013530." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*", + "matchCriteriaId": "A1488152-CC93-40DF-8D1F-BF33DC8444FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20833.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20833.json index a1e53e65ace..c7566f3498b 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20833.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20833.json @@ -2,19 +2,361 @@ "id": "CVE-2023-20833", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.010", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:08:21.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017764." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20834.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20834.json index e90f5d7ef41..674846c07e6 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20834.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20834.json @@ -2,19 +2,140 @@ "id": "CVE-2023-20834", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.063", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:08:44.343", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In pda, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608514; Issue ID: ALPS07608514." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + }, + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20835.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20835.json index 133900b990d..a0506bb61b4 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20835.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20835.json @@ -2,19 +2,130 @@ "id": "CVE-2023-20835", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.183", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:13:46.380", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07326570." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + }, + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20836.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20836.json index 75bf7c128ed..485189c98d8 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20836.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20836.json @@ -2,19 +2,161 @@ "id": "CVE-2023-20836", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.257", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:14:40.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camsys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505629; Issue ID: ALPS07505629." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20851.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20851.json index a9c8f17c615..51a1b8be97b 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20851.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20851.json @@ -2,19 +2,91 @@ "id": "CVE-2023-20851", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.083", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:10:10.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In stc, there is a possible out of bounds read due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08048635; Issue ID: ALPS08048635." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20897.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20897.json index 8fef4708299..4ec00e58cef 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20897.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20897.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20897", "sourceIdentifier": "security@vmware.com", "published": "2023-09-05T11:15:32.973", - "lastModified": "2023-09-05T12:54:46.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:40:05.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security@vmware.com", "type": "Secondary", @@ -34,10 +54,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3005.2", + "matchCriteriaId": "B70F6397-8CB9-47B6-A4BF-C7E4A1017F6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3006.0", + "versionEndExcluding": "3006.2", + "matchCriteriaId": "A22FBD43-AC7E-45B9-9EC5-340CF735773E" + } + ] + } + ] + } + ], "references": [ { "url": "https://saltproject.io/security-announcements/2023-08-10-advisory/", - "source": "security@vmware.com" + "source": "security@vmware.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-22xx/CVE-2023-2251.json b/CVE-2023/CVE-2023-22xx/CVE-2023-2251.json index f49b24f70f9..a3081e21fa7 100644 --- a/CVE-2023/CVE-2023-22xx/CVE-2023-2251.json +++ b/CVE-2023/CVE-2023-22xx/CVE-2023-2251.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2251", "sourceIdentifier": "security@huntr.dev", "published": "2023-04-24T15:15:08.897", - "lastModified": "2023-05-08T10:15:09.230", - "vulnStatus": "Modified", + "lastModified": "2023-09-07T18:31:01.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -77,9 +77,10 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:go:*:*", - "versionEndExcluding": "2.0.0-4", - "matchCriteriaId": "33E17CA5-8A74-4BE7-ACC1-CD1DBE0695BD" + "criteria": "cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:node.js:*:*", + "versionStartIncluding": "2.0.0-5", + "versionEndExcluding": "2.2.2", + "matchCriteriaId": "50610051-3CA8-4BE1-8F5E-9D463027C628" } ] } diff --git a/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json b/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json index b2ac9cd6423..12aa6aa8987 100644 --- a/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json +++ b/CVE-2023/CVE-2023-237xx/CVE-2023-23763.json @@ -2,8 +2,8 @@ "id": "CVE-2023-23763", "sourceIdentifier": "product-cna@github.com", "published": "2023-09-01T15:15:07.620", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:53:27.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -46,22 +76,74 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.6.0", + "versionEndExcluding": "3.6.18", + "matchCriteriaId": "B03C9B63-C322-4C77-B1D9-637A9C45AE65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.0", + "versionEndExcluding": "3.7.16", + "matchCriteriaId": "12B15ADD-B347-4EBC-8AA8-945083E5BB85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.8.0", + "versionEndExcluding": "3.8.9", + "matchCriteriaId": "56FDAC1D-5BF6-4067-AEB1-5EA35FA7871A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.9.4", + "matchCriteriaId": "5B9AA495-49D5-4331-B57B-60FF995C0B09" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.6/admin/release-notes#3.6.18-security-fixes", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.7/admin/release-notes#3.7.16-security-fixes", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.9-security-fixes", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.4-security-fixes", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json index 31a1d6947a4..24ae545dc81 100644 --- a/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28366.json @@ -2,31 +2,97 @@ "id": "CVE-2023-28366", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.790", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:29:57.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eclipse:mosquitto:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.3.2", + "versionEndExcluding": "2.0.16", + "matchCriteriaId": "489726DB-BC82-41A1-AB84-800B80E459A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/eclipse/mosquitto/commit/6113eac95a9df634fbc858be542c4a0456bfe7b9", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/eclipse/mosquitto/compare/v2.0.15...v2.0.16", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://mosquitto.org/blog/2023/08/version-2-0-16-released/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.compass-security.com/fileadmin/Research/Advisories/2023_02_CSNC-2023-001_Eclipse_Mosquitto_Memory_Leak.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json b/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json index c3ab9a05f46..f09c78c18b8 100644 --- a/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json +++ b/CVE-2023/CVE-2023-311xx/CVE-2023-31167.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31167", "sourceIdentifier": "security@selinc.com", "published": "2023-08-31T16:15:08.507", - "lastModified": "2023-08-31T17:25:54.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:26:11.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "security@selinc.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security@selinc.com", "type": "Secondary", @@ -46,14 +76,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:selinc:sel-5036_acselerator_bay_screen_builder:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.0.49152.778", + "matchCriteriaId": "DDE78144-2332-4226-812D-675E8FB6EEFE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://dragos.com", - "source": "security@selinc.com" + "source": "security@selinc.com", + "tags": [ + "Not Applicable" + ] }, { "url": "https://selinc.com/support/security-notifications/external-reports/", - "source": "security@selinc.com" + "source": "security@selinc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32805.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32805.json index 07cb662f715..25c690d50c6 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32805.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32805.json @@ -2,19 +2,96 @@ "id": "CVE-2023-32805", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.140", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:10:30.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In power, there is a possible out of bounds write due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08102892; Issue ID: ALPS08102892." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32806.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32806.json index 7e3e5062a3e..63ba2bb17e2 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32806.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32806.json @@ -2,19 +2,246 @@ "id": "CVE-2023-32806", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.393", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:10:40.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441589; Issue ID: ALPS07441589." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32807.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32807.json index 4ef5fefca61..d7986cd53c8 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32807.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32807.json @@ -2,19 +2,211 @@ "id": "CVE-2023-32807", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.657", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:12:25.147", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588360; Issue ID: ALPS07588360." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", + "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32808.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32808.json index cbc553a8b6b..076db818a9e 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32808.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32808.json @@ -2,19 +2,251 @@ "id": "CVE-2023-32808", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.840", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:12:34.423", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849751; Issue ID: ALPS07849751." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32809.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32809.json index 52886086312..72731e8957e 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32809.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32809.json @@ -2,19 +2,251 @@ "id": "CVE-2023-32809", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.023", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:12:43.770", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In bluetooth driver, there is a possible read and write access to registers due to improper access control of register interface. This could lead to local leak of sensitive information with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07849753; Issue ID: ALPS07849753." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DC1B2D4B-C7C3-420C-9361-6C056B4BCA9E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "720F4AA0-6AAE-465F-8F50-F11DD11B5FA3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797wifi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9BD3FB61-EA42-4D3D-9867-7EBCD0B8F647" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32810.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32810.json index e815c7b8744..ceecb644c1f 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32810.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32810.json @@ -2,19 +2,301 @@ "id": "CVE-2023-32810", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.223", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:12:56.850", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In bluetooth driver, there is a possible out of bounds read due to improper input validation. This could lead to local information leak with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07867212; Issue ID: ALPS07867212." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", + "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*", + "matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32811.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32811.json index 09db95319dc..e86cb5c0846 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32811.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32811.json @@ -2,19 +2,186 @@ "id": "CVE-2023-32811", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.387", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:13:05.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In connectivity system driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929848; Issue ID: ALPS07929848." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json index 19353731942..2c6bf40f478 100644 --- a/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3297.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3297", "sourceIdentifier": "security@ubuntu.com", "published": "2023-09-01T21:15:07.977", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:24:36.467", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + }, { "source": "security@ubuntu.com", "type": "Secondary", @@ -46,22 +76,209 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.13.9-2ubuntu2", + "matchCriteriaId": "6CD8D70C-FFD4-4F0A-A51C-6C95630AA4A5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.08.8-1ubuntu7.1", + "matchCriteriaId": "39846023-221F-4FAE-8CEE-0729CBA5102E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", + "matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.08.8-1ubuntu7.1", + "matchCriteriaId": "39846023-221F-4FAE-8CEE-0729CBA5102E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*", + "matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.07.5-2ubuntu1.4", + "matchCriteriaId": "F70B47A4-5FFF-4260-99D1-C8BFF1027C34" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:canonical:accountsservice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.6.55-0ubuntu12\\~20.04.6", + "matchCriteriaId": "98D9AA5D-7CF4-4EEE-9AD4-7548E408414C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*", + "matchCriteriaId": "359012F1-2C63-415A-88B8-6726A87830DE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:22.10:*:*:*:-:*:*:*", + "matchCriteriaId": "47842532-D2B6-44CB-ADE2-4AC8630A4D8C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*", + "matchCriteriaId": "B2E702D7-F8C0-49BF-9FFB-883017076E98" + } + ] + } + ] + } + ], "references": [ { "url": "https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/2024182", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3297", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-139_accountsservice/", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://ubuntu.com/security/notices/USN-6190-1", - "source": "security@ubuntu.com" + "source": "security@ubuntu.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json index 21bd9d82db2..14be9576f3f 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36076.json @@ -2,19 +2,77 @@ "id": "CVE-2023-36076", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.857", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:23:17.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pocketmanga:smanga:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.1.9", + "matchCriteriaId": "2CDB3ADC-6AC1-4E1F-B95D-237A07B5124E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/lkw199711/smanga/issues/100", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json b/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json index dd956f1a9a9..27d9991afa8 100644 --- a/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json +++ b/CVE-2023/CVE-2023-360xx/CVE-2023-36088.json @@ -2,27 +2,90 @@ "id": "CVE-2023-36088", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.910", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:20:09.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vesoft:nebulagraph_studio:3.7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "10E246F7-BEED-4EDB-898B-09599EA9A6A2" + } + ] + } + ] + } + ], "references": [ { "url": "http://nebulagraph.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/vesoft-inc/nebula-studio", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/vesoft-inc/nebula-studio/issues/571", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json b/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json index 4c9f25f1ef4..bd1fb46ea38 100644 --- a/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json +++ b/CVE-2023/CVE-2023-361xx/CVE-2023-36100.json @@ -2,19 +2,76 @@ "id": "CVE-2023-36100", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T16:15:07.967", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T18:16:22.440", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:macwk:icecms:2.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "C8043F07-E915-49DC-A4D8-DC34AC2B9770" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Thecosy/IceCMS/issues/15", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-377xx/CVE-2023-37798.json b/CVE-2023/CVE-2023-377xx/CVE-2023-37798.json new file mode 100644 index 00000000000..9ba55d7f9a3 --- /dev/null +++ b/CVE-2023/CVE-2023-377xx/CVE-2023-37798.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-37798", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-07T19:15:47.510", + "lastModified": "2023-09-07T19:15:47.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the project title parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://redcap.com", + "source": "cve@mitre.org" + }, + { + "url": "http://vanderbilt.com", + "source": "cve@mitre.org" + }, + { + "url": "https://www.cyderes.com/blog/cve-2023-37798-stored-cross-site-scripting-in-vanderbilt-redcap/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-382xx/CVE-2023-38283.json b/CVE-2023/CVE-2023-382xx/CVE-2023-38283.json index 574c72a9f29..d4af21ef64a 100644 --- a/CVE-2023/CVE-2023-382xx/CVE-2023-38283.json +++ b/CVE-2023/CVE-2023-382xx/CVE-2023-38283.json @@ -2,35 +2,147 @@ "id": "CVE-2023-38283", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-29T16:15:08.960", - "lastModified": "2023-08-29T18:14:25.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:15:12.473", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:openbgpd:openbgpd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1", + "matchCriteriaId": "E100F828-9002-4B76-902C-49345579AAA7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.3", + "matchCriteriaId": "131B4208-6843-40D3-8818-159D1204BD0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:-:*:*:*:*:*:*", + "matchCriteriaId": "7BAA0C9B-7CEA-4647-809F-027EB34C142E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_001:*:*:*:*:*:*", + "matchCriteriaId": "B3CC37B8-46C0-407B-8DE4-2B5BC36BA969" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_002:*:*:*:*:*:*", + "matchCriteriaId": "D53FE3CA-1A90-4783-8AC2-C0B4CF6F052D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_003:*:*:*:*:*:*", + "matchCriteriaId": "9C32DD2B-BBE0-4031-B105-743E4058B4A1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_004:*:*:*:*:*:*", + "matchCriteriaId": "3F481F84-81C2-4E5F-BD60-4C46CD3DD603" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:openbsd:openbsd:7.3:errata_005:*:*:*:*:*:*", + "matchCriteriaId": "DCAE527B-1176-4759-B903-59A72245517B" + } + ] + } + ] + } + ], "references": [ { "url": "https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://ftp.openbsd.org/pub/OpenBSD/patches/7.3/common/006_bgpd.patch.sig", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/openbgpd-portable/openbgpd-portable/releases/tag/8.1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://news.ycombinator.com/item?id=37305800", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.openbsd.org/errata73.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json index 4505162ec88..d744bb7409d 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40970.json @@ -2,23 +2,82 @@ "id": "CVE-2023-40970", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T11:15:42.923", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:02:05.073", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slims:senayan_library_management_system:9.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "548C3132-1CC1-446F-90FC-3411038DFAAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SQLI-loan_rules.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/slims/slims9_bulian/issues/205", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json b/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json index 07f1ea2f62f..20117733d96 100644 --- a/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json +++ b/CVE-2023/CVE-2023-40xx/CVE-2023-4018.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4018", "sourceIdentifier": "cve@gitlab.com", "published": "2023-09-01T11:15:43.037", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:22:14.580", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -35,6 +55,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "cve@gitlab.com", "type": "Secondary", @@ -46,14 +76,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "18116007-7452-495F-80A1-39499882656E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", + "versionStartIncluding": "16.2", + "versionEndExcluding": "16.2.5", + "matchCriteriaId": "4E03E8BA-63C8-47D5-B5A1-26DF199E1F65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:community:*:*:*", + "matchCriteriaId": "EE9B8DE8-9990-494B-BDBE-F867DDBB9D57" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gitlab:gitlab:16.3.0:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "08D6B555-39B6-493D-8460-3DC998BAF651" + } + ] + } + ] + } + ], "references": [ { "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420301", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://hackerone.com/reports/2083440", - "source": "cve@gitlab.com" + "source": "cve@gitlab.com", + "tags": [ + "Permissions Required" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json index d50b71c5f8c..5503028e227 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41046.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41046", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-01T20:15:07.540", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:20:17.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,22 +66,64 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2", + "versionEndExcluding": "14.10.10", + "matchCriteriaId": "BB71750B-49AB-4C51-BFBF-38047BB5FA32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.4", + "matchCriteriaId": "6FFCB973-8456-44E0-ACB0-2A237AEAD917" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20847", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-20848", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json index 4a6fafe870d..7e70c222e86 100644 --- a/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41051.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41051", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-01T19:15:42.883", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:19:19.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,20 +64,58 @@ "value": "CWE-125" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vm-memory_project:vm-memory:*:*:*:*:*:rust:*:*", + "versionStartIncluding": "0.1.0", + "versionEndExcluding": "0.12.2", + "matchCriteriaId": "48D4C531-5DF9-4E76-8274-F133E20944B4" + } + ] + } + ] } ], "references": [ { "url": "https://crates.io/crates/vm-memory/0.12.2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/rust-vmm/vm-memory/commit/aff1dd4a5259f7deba56692840f7a2d9ca34c9c8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/rust-vmm/vm-memory/security/advisories/GHSA-49hh-fprx-m68g", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41061.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41061.json new file mode 100644 index 00000000000..cabd6a050c7 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41061.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-41061", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-09-07T18:15:07.617", + "lastModified": "2023-09-07T19:15:47.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213905", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213907", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213905", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213907", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json new file mode 100644 index 00000000000..88ddb858c57 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41064.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-41064", + "sourceIdentifier": "product-security@apple.com", + "published": "2023-09-07T18:15:07.727", + "lastModified": "2023-09-07T19:15:48.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.apple.com/en-us/HT213905", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/en-us/HT213906", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213905", + "source": "product-security@apple.com" + }, + { + "url": "https://support.apple.com/kb/HT213906", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json index e4fade17c44..f3f3659a010 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41627.json @@ -2,19 +2,74 @@ "id": "CVE-2023-41627", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T17:15:07.633", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:51:52.623", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:o-ran-sc:ric_message_router:4.9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "09883935-1EE0-4711-B707-9A1B78E4E326" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.o-ran-sc.org/browse/RIC-1001", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json b/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json index 0d6ab0180e3..f8447d1ddf7 100644 --- a/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json +++ b/CVE-2023/CVE-2023-416xx/CVE-2023-41628.json @@ -2,19 +2,75 @@ "id": "CVE-2023-41628", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T17:15:07.690", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T18:07:52.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:o-ran-sc:e2:g-release:*:*:*:*:*:*:*", + "matchCriteriaId": "AB844F32-B82A-49E7-A4E6-7B5694143CD8" + } + ] + } + ] + } + ], "references": [ { "url": "https://jira.o-ran-sc.org/browse/RIC-1002", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json index ac0a8906bb1..8a83a6548d7 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41717.json @@ -2,19 +2,80 @@ "id": "CVE-2023-41717", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-31T16:15:10.217", - "lastModified": "2023-08-31T17:25:54.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:11:38.933", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions." + }, + { + "lang": "es", + "value": "El control inadecuado del tipo de archivo en las versiones 3.6.1.25 y anteriores de Zscaler Proxy permite a los atacantes locales eludir las restricciones de descarga/subida de archivos. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zscaler:zscaler_proxy:*:*:*:*:*:windows:*:*", + "versionEndIncluding": "3.6.1.25", + "matchCriteriaId": "BE237BBE-1F1F-4E75-B403-EE96DE38D0DC" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/federella/CVE-2023-41717", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4481.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4481.json index 04b1dd654ac..2d9132bca83 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4481.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4481.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4481", "sourceIdentifier": "sirt@juniper.net", "published": "2023-09-01T00:15:08.703", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:11:15.643", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,22 +46,58 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.4", + "matchCriteriaId": "5A3CEF98-279E-4622-8F3F-147B6C4DE9E0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.4", + "matchCriteriaId": "95805928-FFA2-4A75-81AF-84E4C42DA9FF" + } + ] + } + ] + } + ], "references": [ { "url": "https://kb.juniper.net/JSA72510", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/topic-map/bgp-error-messages.html", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.rfc-editor.org/rfc/rfc4271", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Technical Description" + ] }, { "url": "https://www.rfc-editor.org/rfc/rfc7606", - "source": "sirt@juniper.net" + "source": "sirt@juniper.net", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-45xx/CVE-2023-4528.json b/CVE-2023/CVE-2023-45xx/CVE-2023-4528.json new file mode 100644 index 00000000000..63a75ff8806 --- /dev/null +++ b/CVE-2023/CVE-2023-45xx/CVE-2023-4528.json @@ -0,0 +1,36 @@ +{ + "id": "CVE-2023-4528", + "sourceIdentifier": "cve@rapid7.con", + "published": "2023-09-07T18:15:07.797", + "lastModified": "2023-09-07T18:15:07.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unsafe deserialization in JSCAPE MFT Server versions prior to\u00a02023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve@rapid7.con", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.jscape.com/blog/binary-management-service-patch-cve-2023-4528", + "source": "cve@rapid7.con" + }, + { + "url": "https://www.rapid7.com/blog/post/2023/09/07/cve-2023-4528-java-deserialization-vulnerability-in-jscape-mft-fixed/", + "source": "cve@rapid7.con" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4685.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4685.json new file mode 100644 index 00000000000..a3aef2463d5 --- /dev/null +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4685.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4685", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2023-09-07T18:15:07.883", + "lastModified": "2023-09-07T18:15:07.883", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-157-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4695.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4695.json index 732c490d37c..0e1dce48f53 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4695.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4695.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4695", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-01T01:15:07.877", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:10:59.810", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pkp:pkb-lib:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.3.0-16", + "matchCriteriaId": "E9B73175-F54D-4089-AFDE-C3ADCAC11380" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pkp/pkp-lib/commit/e5e7e543887fe77708aa31e07b18fe85f9b5a3b5", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Product" + ] }, { "url": "https://huntr.dev/bounties/887c7fc7-70c8-482d-b570-350533af4702", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json index adf770ced9f..d142b1ee579 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4709.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4709", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T19:15:43.063", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:43:43.600", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:totvs:rm:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8664BD39-E1BB-410B-9C57-9E108BC8A99F" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.238572", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238572", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json index 71a737a5d13..6679113e915 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4710", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T20:15:08.103", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T19:16:32.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,14 +93,40 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:totvs:rm:12.1:*:*:*:*:*:*:*", + "matchCriteriaId": "8664BD39-E1BB-410B-9C57-9E108BC8A99F" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.238573", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238573", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json index 416015e45e7..f1a0ed8255a 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4711.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4711", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T20:15:08.310", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:21:02.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,59 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dlink:dar-8000-10_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20230819", + "matchCriteriaId": "B402A316-BDF5-4E14-A81F-CEA0161B33FA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dar-8000-10:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D44DF047-CB1C-47CE-AC33-60F8859F242F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/TinkAnet/cve/blob/main/rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.238574", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238574", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json index d5b38afdb1e..8d7286085f0 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4712.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4712", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T20:15:08.473", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T19:21:25.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:suntront:smart_table_integrated_management_system:5.6.9:*:*:*:*:*:*:*", + "matchCriteriaId": "5079B9D5-440B-4135-A8BA-CC49969B43EC" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/wpay65249519/cve/blob/main/SQL_injection.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.238575", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238575", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json index 3283291ed21..6119cfcc45c 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4713.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4713", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T20:15:08.680", - "lastModified": "2023-09-01T21:15:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:22:48.413", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibos:ibos:4.5.5:*:*:*:*:*:*:*", + "matchCriteriaId": "1F678D76-48AA-4940-833F-5567D196DB7D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/13aiZe1/cve/blob/main/sql.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.238576", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238576", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json index dcf843d39c7..35ebfaa797c 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4714.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4714", "sourceIdentifier": "cna@vuldb.com", "published": "2023-09-01T20:15:08.890", - "lastModified": "2023-09-02T15:15:27.907", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T19:23:35.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "cna@vuldb.com", @@ -71,18 +93,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:playtube:playtube:3.0.1:*:*:*:*:*:*:*", + "matchCriteriaId": "E93A36C1-9BBA-4F7A-9B50-E56B61A2E5B9" + } + ] + } + ] + } + ], "references": [ { "url": "http://packetstormsecurity.com/files/174446/PlayTube-3.0.1-Information-Disclosure.html", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.238577", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.238577", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-47xx/CVE-2023-4778.json b/CVE-2023/CVE-2023-47xx/CVE-2023-4778.json index 8116c165c86..83a2fc32f61 100644 --- a/CVE-2023/CVE-2023-47xx/CVE-2023-4778.json +++ b/CVE-2023/CVE-2023-47xx/CVE-2023-4778.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4778", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-05T16:15:08.207", - "lastModified": "2023-09-05T17:31:50.810", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T19:34:34.170", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", @@ -46,14 +68,41 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gpac:gpac:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.3-dev", + "matchCriteriaId": "F76B0068-AE98-4B7C-885D-B083842F6521" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/gpac/gpac/commit/d553698050af478049e1a09e44a15ac884f223ed", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Patch" + ] }, { "url": "https://huntr.dev/bounties/abb450fb-4ab2-49b0-90da-3d878eea5397", - "source": "security@huntr.dev" + "source": "security@huntr.dev", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 7c5ea5a970a..213eaae8054 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-07T18:00:26.095907+00:00 +2023-09-07T20:00:25.590602+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-07T17:58:03.400000+00:00 +2023-09-07T19:53:27.870000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224474 +224479 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -* [CVE-2023-30800](CVE-2023/CVE-2023-308xx/CVE-2023-30800.json) (`2023-09-07T16:15:07.670`) -* [CVE-2023-40060](CVE-2023/CVE-2023-400xx/CVE-2023-40060.json) (`2023-09-07T16:15:08.227`) +* [CVE-2023-4528](CVE-2023/CVE-2023-45xx/CVE-2023-4528.json) (`2023-09-07T18:15:07.797`) +* [CVE-2023-4685](CVE-2023/CVE-2023-46xx/CVE-2023-4685.json) (`2023-09-07T18:15:07.883`) +* [CVE-2023-37798](CVE-2023/CVE-2023-377xx/CVE-2023-37798.json) (`2023-09-07T19:15:47.510`) +* [CVE-2023-41061](CVE-2023/CVE-2023-410xx/CVE-2023-41061.json) (`2023-09-07T18:15:07.617`) +* [CVE-2023-41064](CVE-2023/CVE-2023-410xx/CVE-2023-41064.json) (`2023-09-07T18:15:07.727`) ### CVEs modified in the last Commit -Recently modified CVEs: `45` +Recently modified CVEs: `55` -* [CVE-2023-39356](CVE-2023/CVE-2023-393xx/CVE-2023-39356.json) (`2023-09-07T16:09:59.797`) -* [CVE-2023-39352](CVE-2023/CVE-2023-393xx/CVE-2023-39352.json) (`2023-09-07T16:10:53.947`) -* [CVE-2023-37454](CVE-2023/CVE-2023-374xx/CVE-2023-37454.json) (`2023-09-07T16:15:07.930`) -* [CVE-2023-39711](CVE-2023/CVE-2023-397xx/CVE-2023-39711.json) (`2023-09-07T16:25:45.377`) -* [CVE-2023-40942](CVE-2023/CVE-2023-409xx/CVE-2023-40942.json) (`2023-09-07T16:25:45.377`) -* [CVE-2023-40239](CVE-2023/CVE-2023-402xx/CVE-2023-40239.json) (`2023-09-07T16:26:26.913`) -* [CVE-2023-25488](CVE-2023/CVE-2023-254xx/CVE-2023-25488.json) (`2023-09-07T16:34:31.380`) -* [CVE-2023-25477](CVE-2023/CVE-2023-254xx/CVE-2023-25477.json) (`2023-09-07T16:34:40.223`) -* [CVE-2023-4378](CVE-2023/CVE-2023-43xx/CVE-2023-4378.json) (`2023-09-07T16:53:05.920`) -* [CVE-2023-36187](CVE-2023/CVE-2023-361xx/CVE-2023-36187.json) (`2023-09-07T17:05:35.237`) -* [CVE-2023-1555](CVE-2023/CVE-2023-15xx/CVE-2023-1555.json) (`2023-09-07T17:11:04.963`) -* [CVE-2023-40980](CVE-2023/CVE-2023-409xx/CVE-2023-40980.json) (`2023-09-07T17:11:53.560`) -* [CVE-2023-1279](CVE-2023/CVE-2023-12xx/CVE-2023-1279.json) (`2023-09-07T17:15:09.363`) -* [CVE-2023-0120](CVE-2023/CVE-2023-01xx/CVE-2023-0120.json) (`2023-09-07T17:27:27.283`) -* [CVE-2023-4704](CVE-2023/CVE-2023-47xx/CVE-2023-4704.json) (`2023-09-07T17:36:22.737`) -* [CVE-2023-41364](CVE-2023/CVE-2023-413xx/CVE-2023-41364.json) (`2023-09-07T17:36:32.723`) -* [CVE-2023-4587](CVE-2023/CVE-2023-45xx/CVE-2023-4587.json) (`2023-09-07T17:37:10.870`) -* [CVE-2023-37220](CVE-2023/CVE-2023-372xx/CVE-2023-37220.json) (`2023-09-07T17:44:17.280`) -* [CVE-2023-39369](CVE-2023/CVE-2023-393xx/CVE-2023-39369.json) (`2023-09-07T17:44:36.470`) -* [CVE-2023-37221](CVE-2023/CVE-2023-372xx/CVE-2023-37221.json) (`2023-09-07T17:44:46.410`) -* [CVE-2023-37222](CVE-2023/CVE-2023-372xx/CVE-2023-37222.json) (`2023-09-07T17:45:02.367`) -* [CVE-2023-3703](CVE-2023/CVE-2023-37xx/CVE-2023-3703.json) (`2023-09-07T17:45:19.270`) -* [CVE-2023-39373](CVE-2023/CVE-2023-393xx/CVE-2023-39373.json) (`2023-09-07T17:56:48.853`) -* [CVE-2023-24674](CVE-2023/CVE-2023-246xx/CVE-2023-24674.json) (`2023-09-07T17:58:01.300`) -* [CVE-2023-20200](CVE-2023/CVE-2023-202xx/CVE-2023-20200.json) (`2023-09-07T17:58:03.400`) +* [CVE-2023-32810](CVE-2023/CVE-2023-328xx/CVE-2023-32810.json) (`2023-09-07T19:12:56.850`) +* [CVE-2023-32811](CVE-2023/CVE-2023-328xx/CVE-2023-32811.json) (`2023-09-07T19:13:05.170`) +* [CVE-2023-20826](CVE-2023/CVE-2023-208xx/CVE-2023-20826.json) (`2023-09-07T19:13:15.787`) +* [CVE-2023-20827](CVE-2023/CVE-2023-208xx/CVE-2023-20827.json) (`2023-09-07T19:13:24.850`) +* [CVE-2023-20828](CVE-2023/CVE-2023-208xx/CVE-2023-20828.json) (`2023-09-07T19:13:33.270`) +* [CVE-2023-20835](CVE-2023/CVE-2023-208xx/CVE-2023-20835.json) (`2023-09-07T19:13:46.380`) +* [CVE-2023-20825](CVE-2023/CVE-2023-208xx/CVE-2023-20825.json) (`2023-09-07T19:14:16.880`) +* [CVE-2023-20822](CVE-2023/CVE-2023-208xx/CVE-2023-20822.json) (`2023-09-07T19:14:27.697`) +* [CVE-2023-20821](CVE-2023/CVE-2023-208xx/CVE-2023-20821.json) (`2023-09-07T19:14:35.620`) +* [CVE-2023-20836](CVE-2023/CVE-2023-208xx/CVE-2023-20836.json) (`2023-09-07T19:14:40.490`) +* [CVE-2023-20820](CVE-2023/CVE-2023-208xx/CVE-2023-20820.json) (`2023-09-07T19:14:49.727`) +* [CVE-2023-38283](CVE-2023/CVE-2023-382xx/CVE-2023-38283.json) (`2023-09-07T19:15:12.473`) +* [CVE-2023-4710](CVE-2023/CVE-2023-47xx/CVE-2023-4710.json) (`2023-09-07T19:16:32.170`) +* [CVE-2023-41051](CVE-2023/CVE-2023-410xx/CVE-2023-41051.json) (`2023-09-07T19:19:19.957`) +* [CVE-2023-41046](CVE-2023/CVE-2023-410xx/CVE-2023-41046.json) (`2023-09-07T19:20:17.653`) +* [CVE-2023-4711](CVE-2023/CVE-2023-47xx/CVE-2023-4711.json) (`2023-09-07T19:21:02.327`) +* [CVE-2023-4712](CVE-2023/CVE-2023-47xx/CVE-2023-4712.json) (`2023-09-07T19:21:25.680`) +* [CVE-2023-4713](CVE-2023/CVE-2023-47xx/CVE-2023-4713.json) (`2023-09-07T19:22:48.413`) +* [CVE-2023-4714](CVE-2023/CVE-2023-47xx/CVE-2023-4714.json) (`2023-09-07T19:23:35.707`) +* [CVE-2023-3297](CVE-2023/CVE-2023-32xx/CVE-2023-3297.json) (`2023-09-07T19:24:36.467`) +* [CVE-2023-31167](CVE-2023/CVE-2023-311xx/CVE-2023-31167.json) (`2023-09-07T19:26:11.297`) +* [CVE-2023-4778](CVE-2023/CVE-2023-47xx/CVE-2023-4778.json) (`2023-09-07T19:34:34.170`) +* [CVE-2023-20897](CVE-2023/CVE-2023-208xx/CVE-2023-20897.json) (`2023-09-07T19:40:05.767`) +* [CVE-2023-4709](CVE-2023/CVE-2023-47xx/CVE-2023-4709.json) (`2023-09-07T19:43:43.600`) +* [CVE-2023-23763](CVE-2023/CVE-2023-237xx/CVE-2023-23763.json) (`2023-09-07T19:53:27.870`) ## Download and Usage