diff --git a/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json b/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json index 0efa307b6ad..68deef3598a 100644 --- a/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json +++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13878.json @@ -2,12 +2,16 @@ "id": "CVE-2020-13878", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T08:15:41.840", - "lastModified": "2024-01-05T08:15:41.840", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write." + }, + { + "lang": "es", + "value": "IrfanView B3D PlugIns anteriores a la versi\u00f3n 4.56 tienen una escritura fuera de los l\u00edmites basada en mont\u00f3n B3d.dll!+27ef." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-138xx/CVE-2020-13879.json b/CVE-2020/CVE-2020-138xx/CVE-2020-13879.json index 85dff11832c..524cc39962b 100644 --- a/CVE-2020/CVE-2020-138xx/CVE-2020-13879.json +++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13879.json @@ -2,12 +2,16 @@ "id": "CVE-2020-13879", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T08:15:42.663", - "lastModified": "2024-01-05T08:15:42.663", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write." + }, + { + "lang": "es", + "value": "rfanView B3D PlugIns anteriores a la versi\u00f3n 4.56 tienen una escritura fuera de los l\u00edmites basada en mont\u00f3n B3d.dll!+214f." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json b/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json index 132410be256..319a95c2760 100644 --- a/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json +++ b/CVE-2020/CVE-2020-138xx/CVE-2020-13880.json @@ -2,12 +2,16 @@ "id": "CVE-2020-13880", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T09:15:08.587", - "lastModified": "2024-01-05T09:15:08.587", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write." + }, + { + "lang": "es", + "value": "IrfanView B3D PlugIns anteriores a la versi\u00f3n 4.56 tienen una escritura fuera de los l\u00edmites basada en mont\u00f3n B3d.dll!+1cbf." } ], "metrics": {}, diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46839.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46839.json new file mode 100644 index 00000000000..e7a2e02311b --- /dev/null +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46839.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-46839", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T11:15:09.433", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.7.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-plugin-2-7-1-arbitrary-file-upload-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json index c3abb82bf9e..1eb0c5cb4d8 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32831.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32831", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.720", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:11:01.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,129 @@ "value": "En el controlador WLAN, existe una posible vulneraci\u00f3n del PIN debido al uso de valores insuficientemente aleatorios. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: WCNCR00325055; ID del problema: MSV-868." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-330" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:software_development_kit:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.6.7.1", + "matchCriteriaId": "70C1BCD5-180E-410C-A434-F6313616E7E6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF2E9975-607D-4F06-A85A-B1C2BE3C5B75" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7613:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4979BA07-DC09-4DF8-BA7F-E4143A0ECFE6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*", + "matchCriteriaId": "05748BB1-0D48-4097-932E-E8E2E574FD8D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*", + "matchCriteriaId": "55EB4B27-6264-45BE-9A22-BE8418BB0C06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7626:-:*:*:*:*:*:*:*", + "matchCriteriaId": "79C6A4C1-BAB5-4C53-91CF-2637C2ECF37F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7629:-:*:*:*:*:*:*:*", + "matchCriteriaId": "29C210A3-C71E-4010-9DD6-9E36CADC9EED" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AB22996-9C22-4B6C-9E94-E4C055D16335" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD5AA441-5381-4179-89EB-1642120F72B4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", + "matchCriteriaId": "490CD97B-021F-4350-AEE7-A2FA866D5889" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", + "matchCriteriaId": "40A9E917-4B34-403F-B512-09EEBEA46811" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json index 990d65ec864..23d389b23b7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32872.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32872", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.790", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:11:25.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,371 @@ }, { "lang": "es", - "value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308607; ID del problema: ALPS08308607." + "value": "En keyInstall, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308607; ID del problema: ALPS08308607." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json index f5dc631edad..18d8d3642cd 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32874.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32874", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.833", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:11:38.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,293 @@ "value": "En Modem IMS Stack, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161803; ID del problema: MOLY01161803 (MSV-893)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr13:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12318A0A-16CD-48A5-98A4-373070734642" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6783:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2C8F9C2-6471-4498-B089-2F40D2483487" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E208C7B7-7BF6-4E56-B61C-0198B08DC8B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json index 2293373fabf..f49ff486c06 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32875.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32875", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.883", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:11:49.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,368 @@ "value": "En keyInstall, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308607; ID del problema: ALPS08304217." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json index 3e7cecfd1a0..6b433f4abe4 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32876.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32876", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.937", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:11:59.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,368 @@ "value": "En keyInstall, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308612; ID del problema: ALPS08308612." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json index 5ab24908597..c11dca50b76 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32877.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32877", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:07.980", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:08.767", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,183 @@ "value": "En la bater\u00eda, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308070." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json index 44eb54e9e90..4644a4e8e91 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32878.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32878", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.027", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:17.683", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,183 @@ "value": "En la bater\u00eda, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08307992." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json index 7c6a5272b86..3b20ae9bd37 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32879.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32879", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.077", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:25.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,186 @@ }, { "lang": "es", - "value": "En la bater\u00eda, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308064." + "value": "En battery, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308064." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json index 1b7cb7ecba3..fc4bcd36218 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32880.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32880", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.123", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:35.443", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,186 @@ }, { "lang": "es", - "value": "En la bater\u00eda, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308076." + "value": "En la battery, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308076." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json index fcb1726a6e3..0a2bb6fec8d 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32881.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32881", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.173", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:45.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,183 @@ "value": "En bater\u00eda existe una posible divulgaci\u00f3n de informaci\u00f3n debido a un desbordamiento de enteros. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308080." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json index 8b468844927..202ad73bea4 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32882.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32882", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.220", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:12:51.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,183 @@ "value": "En la bater\u00eda, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08308070; ID del problema: ALPS08308616." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json index 079d8e56335..aeaff243ecb 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32883.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32883", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.260", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:00.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,358 @@ "value": "En Engineer Mode, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08282249; ID del problema: ALPS08282249." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json index 71a058a472a..3b44bb5b331 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32884.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32884", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.303", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:13.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,373 @@ "value": "En netdagent, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a una verificaci\u00f3n de l\u00edmites incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07944011; ID del problema: ALPS07944011." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8192:-:*:*:*:*:*:*:*", + "matchCriteriaId": "422634C7-D280-4664-AEE2-AA5B6723B836" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8696:-:*:*:*:*:*:*:*", + "matchCriteriaId": "26573298-76BC-49FE-8D99-CF03ED01B185" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8755:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CF88096-5CBD-4A4B-8F47-33D38985956F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D09F23D-D023-4A60-B426-61251FDD8A5A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8775:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE5FB550-7264-4879-BAF9-6798949113AF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "78D4E9E1-B044-41EC-BE98-22DC0E5E9010" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8871:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E1F80793-01B7-403A-A5F4-031F82FAC77A" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json index 87c9b25578c..e74a74fa212 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32885.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32885", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.353", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:21.123", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,233 @@ "value": "En display drm, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07780685; ID del problema: ALPS07780685." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json index 9f699988625..eae1212f8d8 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32886.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32886", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.400", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:26.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,303 @@ "value": "En el m\u00f3dem IMS SMS UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY00730807; ID del problema: MOLY00730807." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE302F6F-170E-4350-A8F4-65BE0C50CB78" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*", + "matchCriteriaId": "336FC69E-E89F-4642-B6B9-8009D9A2BD52" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8796:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DE933AD9-3A6F-421B-8AB3-C45F8DEA9548" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json index 897d3f4e3e0..86fee6a0ee4 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32887", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.450", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:33.227", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,262 @@ "value": "En Modem IMS Stack, existe un posible fallo del sistema debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161837; ID del problema: MOLY01161837 (MSV-892)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json index a25191874da..86747ce4c7e 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32888.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32888", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.493", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:38.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,258 @@ "value": "En Modem IMS Call UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161830; ID del problema: MOLY01161830 (MSV-894)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json index ef3388e90bd..1fab5c58d85 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32889.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32889", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.540", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:41.860", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,368 @@ "value": "En Modem IMS Call UA, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01161825; ID del problema: MOLY01161825 (MSV-895)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8BF784DB-3560-4045-BB32-F12DCF4C43B1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D808EF4D-0A54-4324-8341-240F7AFABC40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757cd:-:*:*:*:*:*:*:*", + "matchCriteriaId": "64EDB89E-8140-4202-97B3-9D7337E90FDE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757ch:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D2C5CC4F-DA66-4980-A4BB-693987431A38" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json index d0cc85f9747..3863322bf83 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32890.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32890", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.587", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:43.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,293 @@ "value": "En el modem EMM, existe un posible fallo del sistema debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01183647; ID del problema: MOLY01183647 (MSV-963)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr13:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12318A0A-16CD-48A5-98A4-373070734642" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6783:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2C8F9C2-6471-4498-B089-2F40D2483487" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E208C7B7-7BF6-4E56-B61C-0198B08DC8B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json index 548e917c93a..16111341986 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32891.json @@ -2,8 +2,8 @@ "id": "CVE-2023-32891", "sourceIdentifier": "security@mediatek.com", "published": "2024-01-02T03:15:08.633", - "lastModified": "2024-01-02T13:47:24.843", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-01-05T12:13:46.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,308 @@ "value": "En el servicio Bluetooth, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07933038; ID del problema: MSV-559." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr13:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12318A0A-16CD-48A5-98A4-373070734642" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6783:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2C8F9C2-6471-4498-B089-2F40D2483487" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E208C7B7-7BF6-4E56-B61C-0198B08DC8B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CB690F5A-9367-45D3-A53E-80BF60053630" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EFA54AA1-4E3A-44F8-A222-31C60F8F81DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2758122C-4D11-4D34-9B72-3905F3A28448" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7D6430E-840D-447F-892E-EA4FD7F69BAF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983w:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F00B6513-EDB2-4303-9648-17ECD6DA2083" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8D8E0661-FCAB-48D7-A7F8-310F9BCF13A3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DEBB2AE0-F6CD-4CAF-BBF2-09C5C20B9910" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/January-2024", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38674.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38674.json index 5fe495e82ad..11db3514e24 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38674.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38674.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38674", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:08.107", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:14.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-006.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38675.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38675.json index c7b26b639a4..67d496d34ca 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38675.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38675.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38675", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:08.340", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:31.273", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-007.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38676.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38676.json index e3d5dd0f44b..e30290654a0 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38676.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38676.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38676", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:08.517", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:33.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-008.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38677.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38677.json index dd92547137a..7b59ca0cb75 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38677.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38677.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38677", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:08.687", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:35.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-009.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38678.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38678.json index 4bb0771717c..1f9936e8b86 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38678.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38678.json @@ -2,8 +2,8 @@ "id": "CVE-2023-38678", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:08.877", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:37.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-010.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41782.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41782.json index 6853d87fca6..fe4c62c60a1 100644 --- a/CVE-2023/CVE-2023-417xx/CVE-2023-41782.json +++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41782.json @@ -2,12 +2,16 @@ "id": "CVE-2023-41782", "sourceIdentifier": "psirt@zte.com.cn", "published": "2024-01-05T02:15:07.147", - "lastModified": "2024-01-05T02:15:07.147", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nThere is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.\n\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de secuestro de DLL en ZTE ZXCLOUD iRAI. Un atacante podr\u00eda colocar un archivo DLL falso en un directorio espec\u00edfico y explotar con \u00e9xito esta vulnerabilidad para ejecutar c\u00f3digo malicioso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json b/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json index 6a47fb8ca9a..e37a5240887 100644 --- a/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json +++ b/CVE-2023/CVE-2023-465xx/CVE-2023-46589.json @@ -2,7 +2,7 @@ "id": "CVE-2023-46589", "sourceIdentifier": "security@apache.org", "published": "2023-11-28T16:15:06.943", - "lastModified": "2023-12-14T10:15:08.053", + "lastModified": "2024-01-05T11:15:09.847", "vulnStatus": "Modified", "descriptions": [ { @@ -152,6 +152,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00001.html", + "source": "security@apache.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20231214-0009/", "source": "security@apache.org" diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49773.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49773.json index 85561048a61..3cd5414e1b1 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49773.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49773.json @@ -2,16 +2,40 @@ "id": "CVE-2023-49773", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-20T16:15:09.360", - "lastModified": "2023-12-20T16:47:19.580", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:07:52.007", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Tim Brattberg BCorp Shortcodes. Este problema afecta a BCorp Shortcodes: desde n/a hasta 0.23." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bcorp_shortcodes_project:bcorp_shortcodes:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "0.23", + "matchCriteriaId": "7775E4C0-D768-4797-8FAC-4FF837C0228C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bcorp-shortcodes/wordpress-bcorp-shortcodes-plugin-0-23-unauthenticated-php-object-injection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json index 47539659bde..02eda481912 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50027.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50027", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T09:15:08.743", - "lastModified": "2024-01-05T09:15:08.743", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via BaproductzoommagnifierZoomModuleFrontController::run() method." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en el m\u00f3dulo Buy Addons baproductzoommagnifier para PrestaShop versiones 1.0.16 y anteriores, permite a atacantes remotos escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del m\u00e9todo BaproductzoommagnifierZoomModuleFrontController::run()." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json index 729c1dc2936..5f2bd95d5fd 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50731.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50731", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T21:15:08.150", - "lastModified": "2023-12-25T03:08:20.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:08:43.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server." + }, + { + "lang": "es", + "value": "MindsDB es un servidor SQL para inteligencia artificial. Antes de la versi\u00f3n 23.11.4.1, el m\u00e9todo `put` en `mindsdb/mindsdb/api/http/namespaces/file.py` no valida el valor del nombre controlado por el usuario, que se usa en un nombre de archivo temporal, que se muestra posteriormente. abierto para escritura en las l\u00edneas 122-125, lo que conduce a inyecci\u00f3n de ruta. M\u00e1s adelante en el m\u00e9todo, el directorio temporal se elimina en la l\u00ednea 151, pero como podemos escribir fuera del directorio utilizando la vulnerabilidad de inyecci\u00f3n de ruta, el archivo potencialmente peligroso no se elimina. Se pueden escribir contenidos de archivos arbitrarios debido a `f.write(chunk)` en la l\u00ednea 125. Mindsdb verifica m\u00e1s adelante en la l\u00ednea 149 en el m\u00e9todo `save_file` en `file-controller.py` que llama al m\u00e9todo `_handle_source` en ` file_handler.py` si un archivo es de uno de los tipos `csv`, `json`, `parquet`, `xls` o `xlsx`. Sin embargo, dado que la verificaci\u00f3n se realiza despu\u00e9s de que el archivo ya se haya escrito, los archivos seguir\u00e1n existiendo (y no se eliminar\u00e1n debido a la inyecci\u00f3n de ruta descrito anteriormente), solo el m\u00e9todo `_handle_source` devolver\u00e1 un error. La misma fuente controlada por el usuario tambi\u00e9n se utiliza en otro receptor de inyecci\u00f3n de ruta en la l\u00ednea 138. Esto conduce a otra inyecci\u00f3n de ruta, que permite a un atacante eliminar cualquier archivo `zip` o `tar.gz` en el servidor." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,22 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", + "versionEndExcluding": "23.11.4.1", + "matchCriteriaId": "C6B06EE4-0DFA-4550-AC4A-E16005231E2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json index eace77772fd..52dc13d10d2 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50924.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50924", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-22T21:15:08.370", - "lastModified": "2023-12-25T03:08:20.540", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:09:54.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Englesystem is a shift planning system for chaos events. Engelsystem prior to v3.4.1 performed insufficient validation of user supplied data for the DECT number, mobile number, and work-log comment fields. The values of those fields would be displayed in corresponding log overviews, allowing the injection and execution of Javascript code in another user's context. This vulnerability enables an authenticated user to inject Javascript into other user's sessions. The injected JS will be executed during normal usage of the system when viewing, e.g., overview pages. This issue has been fixed in version 3.4.1." + }, + { + "lang": "es", + "value": "Englesystem es un sistema de planificaci\u00f3n de turnos para eventos de caos. Engelsystem anterior a v3.4.1 realizaba una validaci\u00f3n insuficiente de los datos proporcionados por el usuario para los campos de DECT number, mobile number y work-log comment fields. Los valores de esos campos se mostrar\u00edan en las descripciones generales de registros correspondientes, lo que permitir\u00eda la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo Javascript en el contexto de otro usuario. Esta vulnerabilidad permite a un usuario autenticado inyectar Javascript en las sesiones de otros usuarios. El JS inyectado se ejecutar\u00e1 durante el uso normal del sistema al visualizar, por ejemplo, p\u00e1ginas de descripci\u00f3n general. Este problema se solucion\u00f3 en la versi\u00f3n 3.4.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:engelsystem:engelsystem:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.4.1", + "matchCriteriaId": "7FFE9236-E9EA-4C61-908B-D8F668F22099" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/engelsystem/engelsystem/commit/efda1ffc1ce59f02a7d237d9087adea26e73ec5f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/engelsystem/engelsystem/security/advisories/GHSA-p5ch-rrpm-wvhm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json index 81720678de3..5a2a60c5cb3 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50991.json @@ -2,12 +2,16 @@ "id": "CVE-2023-50991", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T10:15:10.683", - "lastModified": "2024-01-05T10:15:10.683", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function." + }, + { + "lang": "es", + "value": "Vulnerabilidad de desbordamiento de b\u00fafer en Tenda i29 versiones 1.0 V1.0.0.5 y 1.0 V1.0.0.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del par\u00e1metro pingIp en la funci\u00f3n pingSet." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-512xx/CVE-2023-51277.json b/CVE-2023/CVE-2023-512xx/CVE-2023-51277.json index f14380b39df..488c703b257 100644 --- a/CVE-2023/CVE-2023-512xx/CVE-2023-51277.json +++ b/CVE-2023/CVE-2023-512xx/CVE-2023-51277.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51277", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T05:15:08.793", - "lastModified": "2024-01-05T05:15:08.793", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds." + }, + { + "lang": "es", + "value": "nbviewer-app (aka Jupyter Notebook Viewer) anterior a 0.1.6 tiene el derecho get-task-allow para las versiones de lanzamiento." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json index ee86266fe3e..aea1f92f36c 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51502.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51502", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:42.770", - "lastModified": "2024-01-05T08:15:42.770", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de omisi\u00f3n de autorizaci\u00f3n a trav\u00e9s de clave controlada por el usuario en WooCommerce WooCommerce Stripe Payment Gateway. Este problema afecta a WooCommerce Stripe Payment Gateway: desde n/a hasta 7.6.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json index c51852448db..236e4c07ba4 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51535.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51535", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:10.740", - "lastModified": "2024-01-05T10:15:10.740", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u0421leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n" + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.This issue affects Spam protection, Anti-Spam, FireWall by CleanTalk: from n/a through 6.20.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en ?leanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk. Este problema afecta a Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk: desde n/a hasta 6.20." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json index b83308de5d3..432f8cdab43 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51538.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51538", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:11.090", - "lastModified": "2024-01-05T10:15:11.090", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin.This issue affects Awesome Support \u2013 WordPress HelpDesk & Support Plugin: from n/a through 6.1.5.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Awesome Support Team Awesome Support \u2013 WordPress HelpDesk & Support Plugin. Este problema afecta a Awesome Support \u2013 WordPress HelpDesk & Support Plugin: desde n/a hasta 6.1.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json index bdfc427db52..341e33fcb3f 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51539.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51539", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:11.370", - "lastModified": "2024-01-05T10:15:11.370", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Apollo13Themes Apollo13 Framework Extensions. Este problema afecta a Apollo13 Framework Extensions: desde n/a hasta 1.9.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json index c2e947a4d31..7c5fe3b776e 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51668.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51668", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:11.727", - "lastModified": "2024-01-05T10:15:11.727", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.This issue affects Inline Image Upload for BBPress: from n/a through 1.1.18.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Zone Inline Image Upload for BBPress. Este problema afecta a Inline Image Upload for BBPress: desde n/a hasta 1.1.18." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json index edb03ef0f90..bceac09a130 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51673.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51673", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:12.053", - "lastModified": "2024-01-05T10:15:12.053", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu.This issue affects Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu: from n/a through 7.0.17.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Designful Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu. Este problema afecta a Stylish Price List \u2013 Price Table Builder & QR Code Restaurant Menu: desde n/a hasta 7.0.17." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json index 85f2fe4e153..b39bc4ac084 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51678.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51678", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:12.347", - "lastModified": "2024-01-05T10:15:12.347", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.This issue affects Doofinder WP & WooCommerce Search: from n/a through 2.0.33.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Doofinder Doofinder WP & WooCommerce Search. Este problema afecta a Doofinder WP & WooCommerce Search: desde n/a hasta 2.0.33." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json index 1bed02678a5..671ac3d97da 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52119.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52119", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:12.743", - "lastModified": "2024-01-05T10:15:12.743", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.18.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building. Este problema afecta a Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: desde n/a hasta el 3.1.18." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json index 85b9d7408b5..06435ff3d63 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52120.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52120", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:13.110", - "lastModified": "2024-01-05T10:15:13.110", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more.This issue affects NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more: from n/a through 8.5.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Basix NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more. Este problema afecta a NEX-Forms \u2013 Ultimate Form Builder \u2013 Contact forms and much more: desde n/a hasta 8.5.2 ." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json index 64dc8420471..3bfcb60c42c 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52121.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52121", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:13.337", - "lastModified": "2024-01-05T10:15:13.337", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a through 1.10.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en NitroPack Inc. NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images. Este problema afecta a NitroPack \u2013 Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: desde n/a hasta 1.10.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json index 49e1c13bd47..4cdb7888777 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52122.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52122", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T10:15:13.683", - "lastModified": "2024-01-05T10:15:13.683", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.This issue affects Simple Job Board: from n/a through 2.10.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en PressTigers Simple Job Board. Este problema afecta a Simple Job Board: desde n/a hasta 2.10.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json index 5fc5f843ce4..a81ec8d3012 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52123.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52123", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:08.800", - "lastModified": "2024-01-05T09:15:08.800", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPChill Strong Testimonials. Este problema afecta a Strong Testimonials: desde n/a hasta 3.1.10." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52124.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52124.json new file mode 100644 index 00000000000..17be83b7eac --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52124.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52124", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T12:15:09.877", + "lastModified": "2024-01-05T12:15:09.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs \u2013 Responsive Tabs Plugin for WordPress allows Stored XSS.This issue affects WP Tabs \u2013 Responsive Tabs Plugin for WordPress: from n/a through 2.2.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52125.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52125.json new file mode 100644 index 00000000000..7bd4fe4c9f3 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52125.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52125", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T12:15:10.750", + "lastModified": "2024-01-05T12:15:10.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.This issue affects iframe: from n/a through 4.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/iframe/wordpress-iframe-plugin-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52126.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52126.json new file mode 100644 index 00000000000..403eff84e73 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52126.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52126", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T12:15:11.707", + "lastModified": "2024-01-05T12:15:11.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.This issue affects Send Users Email: from n/a through 1.4.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/send-users-email/wordpress-send-users-email-plugin-1-4-3-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json index f036322fd50..ee1c27dab65 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52127.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52127", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.057", - "lastModified": "2024-01-05T09:15:09.057", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.This issue affects WPC Product Bundles for WooCommerce: from n/a through 7.3.1.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WPClever WPC Product Bundles for WooCommerce. Este problema afecta a WPC Product Bundles for WooCommerce: desde n/a hasta 7.3.1." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json index 58c6b9cd1b9..1f37b6e3cfc 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52128.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52128", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.253", - "lastModified": "2024-01-05T09:15:09.253", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard.This issue affects White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard: from n/a through 2.9.0.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WhiteWP White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard. Este problema afecta a White Label \u2013 WordPress Custom Admin, Custom Login Page, and Custom Dashboard: desde n/a hasta 2.9 .0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json index 9183c7df77a..d86e3dc68ba 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52129.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52129", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.443", - "lastModified": "2024-01-05T09:15:09.443", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.This issue affects teachPress: from n/a through 9.0.4.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Michael Winkler TeachPress. Este problema afecta a TeachPress: desde n/a hasta 9.0.4." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json index f6098d1a7f1..7164ef5b764 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52130.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52130", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.657", - "lastModified": "2024-01-05T09:15:09.657", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.31.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en wp.Insider, wpaffiliatemgr Affiliates Manager. Este problema afecta a Affiliates Manager: desde n/a hasta 2.9.31." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json index da618fa559b..41578194099 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52136.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52136", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:09.883", - "lastModified": "2024-01-05T09:15:09.883", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget.This issue affects Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget: from n/a through 2.1.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Smash Balloon Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget. Este problema afecta a Custom Twitter Feeds \u2013 A Tweets Widget or X Feed Widget: desde n/a hasta 2.1.2." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json new file mode 100644 index 00000000000..3e7757e00a8 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52143.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-52143", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T11:15:10.103", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Naa986 WP Stripe Checkout.This issue affects WP Stripe Checkout: from n/a through 1.2.2.37.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Naa986 WP Stripe Checkout. Este problema afecta a WP Stripe Checkout: desde n/a hasta 1.2.2.37." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-stripe-checkout/wordpress-wp-stripe-checkout-plugin-1-2-2-37-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json index 2834f13c0cb..1cca9eb02d3 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52145.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52145", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:10.117", - "lastModified": "2024-01-05T09:15:10.117", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.This issue affects Republish Old Posts: from n/a through 1.21.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Marios Alexandrou Republish Old Posts. Este problema afecta a Republish Old Posts: desde n/a hasta 1.21." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json new file mode 100644 index 00000000000..38ddc5b8fbc --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52146.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52146", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T11:15:10.650", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.This issue affects 404 Solution: from n/a through 2.33.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/404-solution/wordpress-404-solution-plugin-2-33-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52148.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52148.json new file mode 100644 index 00000000000..ded3ad2d802 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52148.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52148", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T11:15:11.250", + "lastModified": "2024-01-05T11:54:15.830", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.This issue affects Affiliates Manager: from n/a through 2.9.30.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/affiliates-manager/wordpress-affiliates-manager-plugin-2-9-30-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json index fc41d747b50..c9f704edfe0 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52149.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52149", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T09:15:10.310", - "lastModified": "2024-01-05T09:15:10.310", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0.\n\n" + }, + { + "lang": "es", + "value": "Cross-Site Request Forgery (CSRF) en Wow-Company Floating Button. Este problema afecta a Floating Button: desde n/a hasta 6.0." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52150.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52150.json index 42e49921aad..44ac7738cd0 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52150.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52150.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52150", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:43.077", - "lastModified": "2024-01-05T08:15:43.077", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Ovation S.R.L. Dynamic Content for Elementor.This issue affects Dynamic Content for Elementor: from n/a before 2.12.5.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Ovation S.R.L. Dynamic Content for Elementor. Este problema afecta a Dynamic Content for Elementor: desde n/a antes de 2.12.5." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52151.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52151.json new file mode 100644 index 00000000000..e899f6e1758 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52151.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-52151", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-05T11:15:11.817", + "lastModified": "2024-01-05T11:54:15.830", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator \u2013 Automate everything with the #1 no-code automation and integration plugin.This issue affects Uncanny Automator \u2013 Automate everything with the #1 no-code automation and integration plugin: from n/a through 5.1.0.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado en Uncanny Automator, Uncanny Owl Uncanny Automator \u2013 Automate everything with the #1 no-code automation and integration plugin. Este problema afecta a Uncanny Automator \u2013 Automate everything with the #1 no-code automation and integration plugin: desde n/a hasta 5.1.0.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/uncanny-automator/wordpress-uncanny-automator-plugin-5-1-0-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json index 6bdd026e46b..2efd708f4c0 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52178.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52178", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:43.327", - "lastModified": "2024-01-05T08:15:43.327", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.This issue affects WP Affiliate Disclosure: from n/a through 1.2.7.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en MojofyWP WP Affiliate Disclosure permite XSS almacenado. Este problema afecta a WP Affiliate Disclosure: desde n/a hasta 1.2.7." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json index 294c12f29c7..d73e861c33c 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52184.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52184", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-05T08:15:43.573", - "lastModified": "2024-01-05T08:15:43.573", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal \u2013 A Complete Job Board.This issue affects WP Job Portal \u2013 A Complete Job Board: from n/a through 2.0.6.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en WP Job Portal WP Job Portal \u2013 A Complete Job Board. Este problema afecta a WP Job Portal \u2013 A Complete Job Board: desde n/a hasta 2.0.6." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52302.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52302.json index 409f10b74af..9d36781016f 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52302.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52302.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52302", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.110", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:39.403", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-011.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52303.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52303.json index 6c9354a7d67..3d6050acb1c 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52303.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52303.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52303", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.277", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:41.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-012.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52304.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52304.json index d124a1510d8..5f92faf4301 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52304.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52304.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52304", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.447", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:43.940", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-013.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52305.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52305.json index d464236a616..6be38129d2a 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52305.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52305.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52305", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.617", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:45.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-014.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52306.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52306.json index 299ccdcfd3e..eca593b079b 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52306.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52306.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52306", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.793", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:47.657", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-015.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52307.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52307.json index 9af3750bd3b..d7d9b1e52e2 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52307.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52307.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52307", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:09.970", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:49.853", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-016.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52308.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52308.json index bdc3d3005c3..b85258d538b 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52308.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52308.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52308", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:10.170", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:51.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-017.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52309.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52309.json index 31ad1953259..227132c62c8 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52309.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52309.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52309", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:10.340", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:54.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-018.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52310.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52310.json index 36e08c7e65b..5115fb9ec70 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52310.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52310.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52310", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:10.520", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:56.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-019.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52311.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52311.json index d4abe5d790e..042a261fc5d 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52311.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52311.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52311", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:10.720", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:14:59.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-020.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52312.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52312.json index 31cb3e1b149..48c7e8c12bc 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52312.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52312.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52312", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:10.903", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:15:01.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.6.0", + "matchCriteriaId": "6F71D768-BEAD-4F7B-BB35-E4FB4F593005" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-021.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52313.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52313.json index ef8b631e9e1..fe3e76e086d 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52313.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52313.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52313", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:11.083", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:15:03.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-369" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-022.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52314.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52314.json index dead0122f58..1bb916ebb84 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52314.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52314.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52314", "sourceIdentifier": "paddle-security@baidu.com", "published": "2024-01-03T09:15:11.267", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-05T12:15:05.973", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "paddle-security@baidu.com", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:paddlepaddle:paddlepaddle:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "739E7A00-8CAF-4A63-9F8F-6E86935C2892" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PaddlePaddle/Paddle/blob/develop/security/advisory/pdsa-2023-023.md", - "source": "paddle-security@baidu.com" + "source": "paddle-security@baidu.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52323.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52323.json index 33c1bbe30e8..ae33a9fa083 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52323.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52323.json @@ -2,12 +2,16 @@ "id": "CVE-2023-52323", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T04:15:07.763", - "lastModified": "2024-01-05T04:15:07.763", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack." + }, + { + "lang": "es", + "value": "PyCryptodome y pycryptodomex anteriores a 3.19.1 permiten la fuga de canal lateral para el descifrado OAEP, explotable para un ataque Manger." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6493.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6493.json index a103a6a9f26..05431643436 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6493.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6493.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6493", "sourceIdentifier": "security@wordfence.com", "published": "2024-01-05T02:15:07.740", - "lastModified": "2024-01-05T02:15:07.740", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Depicter Slider \u2013 Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue." + }, + { + "lang": "es", + "value": "The Depicter Slider \u2013 Responsive Image Slider, Video Slider & Post Slider plugin for WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.0.6 inclusive. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n \"save\". Esto hace posible que atacantes no autenticados modifiquen la configuraci\u00f3n del plugin mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace. CVE-2023-51491 parece ser un duplicado de este problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22075.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22075.json index 2e2f49102cc..3cd12e253b5 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22075.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22075.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22075", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T03:15:08.537", - "lastModified": "2024-01-05T03:15:08.537", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection." + }, + { + "lang": "es", + "value": "Firefly III (aka firefly-iii) anterior a 6.1.1 permite la inyecci\u00f3n HTML de webhooks." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22086.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22086.json index a1d73cccf09..8094869f42f 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22086.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22086.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22086", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T04:15:07.833", - "lastModified": "2024-01-05T04:15:07.833", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution." + }, + { + "lang": "es", + "value": "handle_request en http.c en cherry hasta 4b877df tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria sscanf a trav\u00e9s de un URI largo, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22087.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22087.json index 824c837b30b..1b5d33a9c89 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22087.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22087.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22087", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T04:15:07.880", - "lastModified": "2024-01-05T04:15:07.880", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution." + }, + { + "lang": "es", + "value": "La ruta en main.c en Pico HTTP Server en C hasta f3b69a6 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria sprintf a trav\u00e9s de un URI largo, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22088.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22088.json index 51c3d5fa6df..10da3c3c357 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22088.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22088.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22088", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-05T04:15:07.930", - "lastModified": "2024-01-05T04:15:07.930", - "vulnStatus": "Received", + "lastModified": "2024-01-05T11:54:11.040", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled." + }, + { + "lang": "es", + "value": "Lotos WebServer hasta 0.1.1 (commit 3eb36cc) tiene un use after free en buffer_avail() en buffer.h a trav\u00e9s de un URI largo, porque la realloc no se maneja correctamente." } ], "metrics": {}, diff --git a/README.md b/README.md index 2c06ba7a28b..05da8cf5970 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-05T11:00:26.148067+00:00 +2024-01-05T13:00:25.647462+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-05T10:15:13.683000+00:00 +2024-01-05T12:15:11.707000+00:00 ``` ### Last Data Feed Release @@ -29,46 +29,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234924 +234932 ``` ### CVEs added in the last Commit -Recently added CVEs: `21` +Recently added CVEs: `8` -* [CVE-2020-13880](CVE-2020/CVE-2020-138xx/CVE-2020-13880.json) (`2024-01-05T09:15:08.587`) -* [CVE-2023-50027](CVE-2023/CVE-2023-500xx/CVE-2023-50027.json) (`2024-01-05T09:15:08.743`) -* [CVE-2023-52123](CVE-2023/CVE-2023-521xx/CVE-2023-52123.json) (`2024-01-05T09:15:08.800`) -* [CVE-2023-52127](CVE-2023/CVE-2023-521xx/CVE-2023-52127.json) (`2024-01-05T09:15:09.057`) -* [CVE-2023-52128](CVE-2023/CVE-2023-521xx/CVE-2023-52128.json) (`2024-01-05T09:15:09.253`) -* [CVE-2023-52129](CVE-2023/CVE-2023-521xx/CVE-2023-52129.json) (`2024-01-05T09:15:09.443`) -* [CVE-2023-52130](CVE-2023/CVE-2023-521xx/CVE-2023-52130.json) (`2024-01-05T09:15:09.657`) -* [CVE-2023-52136](CVE-2023/CVE-2023-521xx/CVE-2023-52136.json) (`2024-01-05T09:15:09.883`) -* [CVE-2023-52145](CVE-2023/CVE-2023-521xx/CVE-2023-52145.json) (`2024-01-05T09:15:10.117`) -* [CVE-2023-52149](CVE-2023/CVE-2023-521xx/CVE-2023-52149.json) (`2024-01-05T09:15:10.310`) -* [CVE-2023-50991](CVE-2023/CVE-2023-509xx/CVE-2023-50991.json) (`2024-01-05T10:15:10.683`) -* [CVE-2023-51535](CVE-2023/CVE-2023-515xx/CVE-2023-51535.json) (`2024-01-05T10:15:10.740`) -* [CVE-2023-51538](CVE-2023/CVE-2023-515xx/CVE-2023-51538.json) (`2024-01-05T10:15:11.090`) -* [CVE-2023-51539](CVE-2023/CVE-2023-515xx/CVE-2023-51539.json) (`2024-01-05T10:15:11.370`) -* [CVE-2023-51668](CVE-2023/CVE-2023-516xx/CVE-2023-51668.json) (`2024-01-05T10:15:11.727`) -* [CVE-2023-51673](CVE-2023/CVE-2023-516xx/CVE-2023-51673.json) (`2024-01-05T10:15:12.053`) -* [CVE-2023-51678](CVE-2023/CVE-2023-516xx/CVE-2023-51678.json) (`2024-01-05T10:15:12.347`) -* [CVE-2023-52119](CVE-2023/CVE-2023-521xx/CVE-2023-52119.json) (`2024-01-05T10:15:12.743`) -* [CVE-2023-52120](CVE-2023/CVE-2023-521xx/CVE-2023-52120.json) (`2024-01-05T10:15:13.110`) -* [CVE-2023-52121](CVE-2023/CVE-2023-521xx/CVE-2023-52121.json) (`2024-01-05T10:15:13.337`) -* [CVE-2023-52122](CVE-2023/CVE-2023-521xx/CVE-2023-52122.json) (`2024-01-05T10:15:13.683`) +* [CVE-2022-46839](CVE-2022/CVE-2022-468xx/CVE-2022-46839.json) (`2024-01-05T11:15:09.433`) +* [CVE-2023-52143](CVE-2023/CVE-2023-521xx/CVE-2023-52143.json) (`2024-01-05T11:15:10.103`) +* [CVE-2023-52146](CVE-2023/CVE-2023-521xx/CVE-2023-52146.json) (`2024-01-05T11:15:10.650`) +* [CVE-2023-52148](CVE-2023/CVE-2023-521xx/CVE-2023-52148.json) (`2024-01-05T11:15:11.250`) +* [CVE-2023-52151](CVE-2023/CVE-2023-521xx/CVE-2023-52151.json) (`2024-01-05T11:15:11.817`) +* [CVE-2023-52124](CVE-2023/CVE-2023-521xx/CVE-2023-52124.json) (`2024-01-05T12:15:09.877`) +* [CVE-2023-52125](CVE-2023/CVE-2023-521xx/CVE-2023-52125.json) (`2024-01-05T12:15:10.750`) +* [CVE-2023-52126](CVE-2023/CVE-2023-521xx/CVE-2023-52126.json) (`2024-01-05T12:15:11.707`) ### CVEs modified in the last Commit -Recently modified CVEs: `6` +Recently modified CVEs: `77` -* [CVE-2021-22930](CVE-2021/CVE-2021-229xx/CVE-2021-22930.json) (`2024-01-05T10:15:07.943`) -* [CVE-2021-22931](CVE-2021/CVE-2021-229xx/CVE-2021-22931.json) (`2024-01-05T10:15:09.183`) -* [CVE-2021-22939](CVE-2021/CVE-2021-229xx/CVE-2021-22939.json) (`2024-01-05T10:15:09.860`) -* [CVE-2021-22940](CVE-2021/CVE-2021-229xx/CVE-2021-22940.json) (`2024-01-05T10:15:10.103`) -* [CVE-2021-3672](CVE-2021/CVE-2021-36xx/CVE-2021-3672.json) (`2024-01-05T10:15:10.213`) -* [CVE-2022-4904](CVE-2022/CVE-2022-49xx/CVE-2022-4904.json) (`2024-01-05T10:15:10.403`) +* [CVE-2023-32889](CVE-2023/CVE-2023-328xx/CVE-2023-32889.json) (`2024-01-05T12:13:41.860`) +* [CVE-2023-32890](CVE-2023/CVE-2023-328xx/CVE-2023-32890.json) (`2024-01-05T12:13:43.827`) +* [CVE-2023-32891](CVE-2023/CVE-2023-328xx/CVE-2023-32891.json) (`2024-01-05T12:13:46.007`) +* [CVE-2023-38674](CVE-2023/CVE-2023-386xx/CVE-2023-38674.json) (`2024-01-05T12:14:14.417`) +* [CVE-2023-38675](CVE-2023/CVE-2023-386xx/CVE-2023-38675.json) (`2024-01-05T12:14:31.273`) +* [CVE-2023-38676](CVE-2023/CVE-2023-386xx/CVE-2023-38676.json) (`2024-01-05T12:14:33.513`) +* [CVE-2023-38677](CVE-2023/CVE-2023-386xx/CVE-2023-38677.json) (`2024-01-05T12:14:35.590`) +* [CVE-2023-38678](CVE-2023/CVE-2023-386xx/CVE-2023-38678.json) (`2024-01-05T12:14:37.553`) +* [CVE-2023-52302](CVE-2023/CVE-2023-523xx/CVE-2023-52302.json) (`2024-01-05T12:14:39.403`) +* [CVE-2023-52303](CVE-2023/CVE-2023-523xx/CVE-2023-52303.json) (`2024-01-05T12:14:41.567`) +* [CVE-2023-52304](CVE-2023/CVE-2023-523xx/CVE-2023-52304.json) (`2024-01-05T12:14:43.940`) +* [CVE-2023-52305](CVE-2023/CVE-2023-523xx/CVE-2023-52305.json) (`2024-01-05T12:14:45.727`) +* [CVE-2023-52306](CVE-2023/CVE-2023-523xx/CVE-2023-52306.json) (`2024-01-05T12:14:47.657`) +* [CVE-2023-52307](CVE-2023/CVE-2023-523xx/CVE-2023-52307.json) (`2024-01-05T12:14:49.853`) +* [CVE-2023-52308](CVE-2023/CVE-2023-523xx/CVE-2023-52308.json) (`2024-01-05T12:14:51.707`) +* [CVE-2023-52309](CVE-2023/CVE-2023-523xx/CVE-2023-52309.json) (`2024-01-05T12:14:54.590`) +* [CVE-2023-52310](CVE-2023/CVE-2023-523xx/CVE-2023-52310.json) (`2024-01-05T12:14:56.697`) +* [CVE-2023-52311](CVE-2023/CVE-2023-523xx/CVE-2023-52311.json) (`2024-01-05T12:14:59.153`) +* [CVE-2023-52312](CVE-2023/CVE-2023-523xx/CVE-2023-52312.json) (`2024-01-05T12:15:01.330`) +* [CVE-2023-52313](CVE-2023/CVE-2023-523xx/CVE-2023-52313.json) (`2024-01-05T12:15:03.560`) +* [CVE-2023-52314](CVE-2023/CVE-2023-523xx/CVE-2023-52314.json) (`2024-01-05T12:15:05.973`) +* [CVE-2024-22075](CVE-2024/CVE-2024-220xx/CVE-2024-22075.json) (`2024-01-05T11:54:11.040`) +* [CVE-2024-22086](CVE-2024/CVE-2024-220xx/CVE-2024-22086.json) (`2024-01-05T11:54:11.040`) +* [CVE-2024-22087](CVE-2024/CVE-2024-220xx/CVE-2024-22087.json) (`2024-01-05T11:54:11.040`) +* [CVE-2024-22088](CVE-2024/CVE-2024-220xx/CVE-2024-22088.json) (`2024-01-05T11:54:11.040`) ## Download and Usage