diff --git a/CVE-2022/CVE-2022-471xx/CVE-2022-47186.json b/CVE-2022/CVE-2022-471xx/CVE-2022-47186.json index 070e4f756f4..6e079c414e0 100644 --- a/CVE-2022/CVE-2022-471xx/CVE-2022-47186.json +++ b/CVE-2022/CVE-2022-471xx/CVE-2022-47186.json @@ -2,16 +2,40 @@ "id": "CVE-2022-47186", "sourceIdentifier": "cve-coordination@incibe.es", "published": "2023-09-28T14:15:16.047", - "lastModified": "2023-09-28T14:29:58.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:45:03.710", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the \"upload\" directory." + }, + { + "lang": "es", + "value": "Hay una vulnerabilidad de carga de archivos sin restricciones en Generex CS141 por debajo de la versi\u00f3n 2.06. Un atacante podr\u00eda cargar y/o eliminar cualquier tipo de archivo, sin ninguna restricci\u00f3n de formato y sin ninguna autenticaci\u00f3n, en el directorio \"upload\"." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "cve-coordination@incibe.es", "type": "Secondary", @@ -46,14 +80,50 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:generex:cs141_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.06", + "matchCriteriaId": "45AC1134-C83A-435F-AFCB-32CC1E691C9E" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:generex:cs141:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE00F7F0-4011-4F62-9E11-1BBDDCE4F46B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.generex.de/support/changelogs/cs141/page:2", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.incibe-cert.es/en/early-warning/ics-advisories/update-03032023-multiple-vulnerabilities-generex-ups-cs141", - "source": "cve-coordination@incibe.es" + "source": "cve-coordination@incibe.es", + "tags": [ + "Not Applicable" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20819.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20819.json index b3256643125..c836fa725fc 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20819.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20819.json @@ -2,19 +2,550 @@ "id": "CVE-2023-20819", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.710", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:56:36.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003." + }, + { + "lang": "es", + "value": "En el CDMA PPP protocol, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: MOLY01068234; ID del problema: ALPS08010003." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr11:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BFEBC79B-E936-4499-8B2D-C6619C51B755" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr12a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4B6AFD8-6CBA-4A1D-B38F-A9ABFEB6EFC5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:lr13:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12318A0A-16CD-48A5-98A4-373070734642" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E30A2D2E-6A72-4070-A471-EEE75F7D07F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr16:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B763B71-F913-45B4-B91E-D7F0670C4315" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F8874B-DBF1-4A67-8ADF-4654AB56B6A8" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2731:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6528FA05-C8B7-498B-93BE-0BEFED28C1FB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6570:-:*:*:*:*:*:*:*", + "matchCriteriaId": "975802CC-B130-4CF3-9B8E-A23DEA464259" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6595:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1B42CCA9-A835-4871-A129-B83573713AA9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6732:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7FBCBDD-5ADA-49A7-A152-61FB909EE5FF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C82E144B-0BAD-47E1-A657-3A5880988FE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4E76B29F-007E-4445-B3F3-3FDC054FEB84" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6737m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E3152A6-982E-415E-9F19-1CB2F6D11850" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6738:-:*:*:*:*:*:*:*", + "matchCriteriaId": "99735131-D437-40AA-9EDB-31DC61DD15DF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6750:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F51C9D91-A64F-446E-BC14-7C79B770C3A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6750s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12A1CB8F-3C1C-4374-8D46-23175D1174DE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6752:-:*:*:*:*:*:*:*", + "matchCriteriaId": "22C2668D-7A14-42AA-A164-957FE78B9ABF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6753:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7362AED0-47F2-4D48-A292-89F717F0697E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6755:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47BE9434-12D6-4801-8B04-7F18AF58E717" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6757:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B4C27948-65A7-4B1E-9F10-6744D176A5C3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6758:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B15C285A-0A26-46F7-9D72-CCADC47D93B0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "160C2DDD-6CA5-4E4F-B885-C8AAA7D1D942" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762m:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0002C537-4268-43CA-B349-BC14F1F0313C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AE80B083-D5A3-418C-9655-C79C9DECB4C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6767:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3367BA13-9C4D-4CCF-8E71-397F33CFF773" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B43D63CF-FF77-41D8-BA4B-F8BDF88830BA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA1BE913-70AE-49FE-99E9-E996165DF79D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6775:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C387CFFD-BAE4-4626-8AC3-7C9CFB6819FB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6783:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2C8F9C2-6471-4498-B089-2F40D2483487" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E208C7B7-7BF6-4E56-B61C-0198B08DC8B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6795:-:*:*:*:*:*:*:*", + "matchCriteriaId": "809FEAD7-F02B-48A9-B442-28B46C7806C6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE7CC141-E2D6-4F28-B6F0-167E11869CD1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6799:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC0CAAE1-2BC9-49CA-AC68-2217A4258BDD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "66F9EAE4-F1D7-46DB-AA2A-0290F6EF0501" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B7122918-8C44-4F24-82E4-B8448247FC83" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F883C6D3-1724-4553-9EFC-3D204FF3CAA3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", + "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A97CE1E0-7B77-49BA-8D92-9AF031CD18FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF649E18-4DA8-4724-A9B2-575BC01BFACC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8F25CBBB-B600-4A54-8653-4C60CD125353" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D039235C-D84C-4E9B-9D01-16A24E95FE79" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4D99E26E-A551-428C-90FF-0F6CDE28C1A1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "21CA41B1-2BAF-43DE-AD79-396FA5125695" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "02B6E7E0-8BD2-4BA1-948F-3F5A95B989F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0165F48B-B11A-4A8B-859B-083D239270FF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788x:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F4DE760A-BF65-4917-B571-1382C6703271" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5CE75D73-582B-48BF-B38A-3F9626338C7D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-283xx/CVE-2023-28373.json b/CVE-2023/CVE-2023-283xx/CVE-2023-28373.json new file mode 100644 index 00000000000..f9c5c3824dd --- /dev/null +++ b/CVE-2023/CVE-2023-283xx/CVE-2023-28373.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-28373", + "sourceIdentifier": "psirt@purestorage.com", + "published": "2023-10-03T00:15:09.913", + "lastModified": "2023-10-03T00:15:09.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@purestorage.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashArray_SafeMode_Immutable_Vulnerability_CVE-2023-28373", + "source": "psirt@purestorage.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-325xx/CVE-2023-32572.json b/CVE-2023/CVE-2023-325xx/CVE-2023-32572.json new file mode 100644 index 00000000000..8f41bb98cd6 --- /dev/null +++ b/CVE-2023/CVE-2023-325xx/CVE-2023-32572.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-32572", + "sourceIdentifier": "psirt@purestorage.com", + "published": "2023-10-03T00:15:09.990", + "lastModified": "2023-10-03T00:15:09.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@purestorage.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_-_FlashArray_pgroup_Retention_Lock_SafeMode_Protection_CVE-2023-32572", + "source": "psirt@purestorage.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32819.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32819.json index ee84f48ad75..9953566e184 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32819.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32819.json @@ -2,19 +2,160 @@ "id": "CVE-2023-32819", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.777", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:59:45.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138." + }, + { + "lang": "es", + "value": "En el display, hay una posible divulgaci\u00f3n de informaci\u00f3n debido a una ausencia de la verificaci\u00f3n de los l\u00edmites. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del Sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993705; ID del problema: ALPS08014138." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32820.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32820.json index 9ccc6cdc7eb..51cdf000ca3 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32820.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32820.json @@ -2,19 +2,310 @@ "id": "CVE-2023-32820", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.823", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:07:27.053", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637." + }, + { + "lang": "es", + "value": "En wlan firmware, existe una posible afirmaci\u00f3n del firmware debido a un manejo inadecuado de la entrada. Esto podr\u00eda provocar una denegaci\u00f3n remota de servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07932637; ID del problema: ALPS07932637." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", + "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*", + "matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", + "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7668:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8E400AB9-B82A-4449-8789-35112940270F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7902:-:*:*:*:*:*:*:*", + "matchCriteriaId": "91DEA745-47A8-43F1-A1B2-F53F651A99EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt7921:-:*:*:*:*:*:*:*", + "matchCriteriaId": "32AFEA0A-FFE2-4EA9-8B51-7E3E75DE65CC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8695:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B5126E05-25DC-4EF7-8DDE-BBA38A7547FB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32821.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32821.json index 8d25a878f59..5e440975b02 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32821.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32821.json @@ -2,19 +2,140 @@ "id": "CVE-2023-32821", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.870", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:10:44.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433." + }, + { + "lang": "es", + "value": "En video, hay una posible escritura fuera de l\u00edmites debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08013430; ID del problema: ALPS08013433." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6763:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F19C76A-50DF-4ACA-BACA-07157B4D838B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32822.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32822.json index 45528513c02..ceabf1eb594 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32822.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32822.json @@ -2,19 +2,310 @@ "id": "CVE-2023-32822", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.917", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:14:28.230", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229." + }, + { + "lang": "es", + "value": "En ftm, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07994229; ID del problema: ALPS07994229." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32823.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32823.json index d743c9e7a2e..7975ecac0f7 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32823.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32823.json @@ -2,19 +2,240 @@ "id": "CVE-2023-32823", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:09.963", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:23:26.747", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966." + }, + { + "lang": "es", + "value": "En rpmb, existe una posible corrupci\u00f3n de la memoria debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07912966; ID del problema: ALPS07912966." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32824.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32824.json index 12898b4bed7..3dd86938cd8 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32824.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32824.json @@ -2,19 +2,240 @@ "id": "CVE-2023-32824", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.003", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:35:09.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961." + }, + { + "lang": "es", + "value": "En rpmb, existe una posible doble liberaci\u00f3n debido a un bloqueo inadecuado. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07912966; ID del problema: ALPS07912961." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6762:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C445EB80-6021-4E26-B74E-1B4B6910CE48" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6769:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D23991D5-1893-49F4-8A06-D5E66C96C3B3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*", + "matchCriteriaId": "80BDC5EC-E822-4BC7-8C0D-E8AD8396E8FE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32826.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32826.json index 3c29e470dad..da66788b086 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32826.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32826.json @@ -2,19 +2,260 @@ "id": "CVE-2023-32826", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.050", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:37:23.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544." + }, + { + "lang": "es", + "value": "En camera middleware, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada faltante. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993539; ID del problema: ALPS07993544." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32827.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32827.json index 47faf428231..3606b88575a 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32827.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32827.json @@ -2,19 +2,260 @@ "id": "CVE-2023-32827", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.097", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:39:18.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539." + }, + { + "lang": "es", + "value": "En camera middleware, existe una posible escritura fuera de l\u00edmites debido a una validaci\u00f3n de entrada faltante. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07993539; ID del problema: ALPS07993539." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "639C5BDE-2E83-427A-BAB7-85EA9348AC68" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8362a:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2F16F2B9-D89D-4AB2-B768-CB3B22AEFE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "03E6123A-7603-4EAB-AFFB-229E8A040709" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*", + "matchCriteriaId": "637CAAD2-DCC0-4F81-B781-5D0536844CA8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32828.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32828.json index 6ae48e82bbe..746cb47fb17 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32828.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32828.json @@ -2,19 +2,165 @@ "id": "CVE-2023-32828", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.137", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:44:32.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817." + }, + { + "lang": "es", + "value": "En vpu, existe una posible escritura fuera de l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07767817; ID del problema: ALPS07767817." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6771:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BE4D2AED-C713-407F-A34A-52C3D8F65835" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8183:-:*:*:*:*:*:*:*", + "matchCriteriaId": "23F65D7B-31A1-4D94-82E9-254A7A6D7BE1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32829.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32829.json index fc231a1c344..db9729d2811 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32829.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32829.json @@ -2,19 +2,180 @@ "id": "CVE-2023-32829", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.183", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:43:08.800", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478." + }, + { + "lang": "es", + "value": "En apusys, existe una posible escritura fuera de l\u00edmites debido a un desbordamiento de enteros. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS07713478; ID del problema: ALPS07713478." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D8E91CA4-CA5B-40D1-9A96-2B875104BCF4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6896:-:*:*:*:*:*:*:*", + "matchCriteriaId": "33DEF766-EAF1-4E36-BB7C-43069B26507A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8137:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E3E832CB-1FEB-4E32-B675-6CC49E4A8024" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8139:-:*:*:*:*:*:*:*", + "matchCriteriaId": "14C5DB83-B705-4B2C-916E-4B67C0D9FBAB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195z:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9B3A37B9-F500-4B3C-B77C-B2BD7B015154" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32830.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32830.json index 347d02f166c..99afd575ea2 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32830.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32830.json @@ -2,19 +2,440 @@ "id": "CVE-2023-32830", "sourceIdentifier": "security@mediatek.com", "published": "2023-10-02T03:15:10.233", - "lastModified": "2023-10-02T03:53:27.737", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T01:01:49.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522." + }, + { + "lang": "es", + "value": "En TVAPI, existe una posible escritura fuera de l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del sistema necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: DTV03802522; ID del problema: DTV03802522." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", + "matchCriteriaId": "D558D965-FA70-4822-A770-419E73BA9ED3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5527:-:*:*:*:*:*:*:*", + "matchCriteriaId": "69C04171-DB18-40D7-AFC5-04A869942396" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5583:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C394724-3294-4953-85C8-EE3894B5092C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5598:-:*:*:*:*:*:*:*", + "matchCriteriaId": "455B256C-83C8-406F-B28F-A4205E7C094E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5599:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4FF926A-2D26-4666-ACA4-474A89243566" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5670:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C59206E9-31C7-40A4-86EF-1D12EA2C5CDC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5680:-:*:*:*:*:*:*:*", + "matchCriteriaId": "07AEB6AF-2644-4560-9C11-C608C1AD9F66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5691:-:*:*:*:*:*:*:*", + "matchCriteriaId": "96BD96BE-10BC-4C7E-8A48-C7CB08A61765" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5695:-:*:*:*:*:*:*:*", + "matchCriteriaId": "75A56009-090B-4101-B000-224412058654" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5806:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2587EAA-29E0-4123-9855-CA726B8014C2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5813:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F87A1085-222A-4135-9DB5-EB1AB0452561" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5815:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0B4D227C-8387-441E-B085-E933FFB69AE8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5816:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B68EA99F-5323-4167-9DF9-D677BCA37A22" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9237902-24AE-4127-AC96-5982BD37ECC1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63B93DFF-3D39-42DD-B6EB-3E3172F25A93" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "37B2216B-3B20-4DFC-BB2A-7DDD060E5C40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9010:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3EC50C1C-A31D-4EDF-AB6A-FA1E92AE7F2A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9011:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CEE06B45-7F23-4EB5-9885-4FCA0FC0D5C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CBFB4E04-7BC0-4B48-ABD7-6971E4725895" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9016:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE1DD6A9-E503-4A8E-92FF-625CD734DBD6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9020:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1EAAF66C-9C81-498B-A0C0-3295CB7324A9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9021:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3E1092AC-60EC-453C-9AA9-8F35A2A6DF92" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9022:-:*:*:*:*:*:*:*", + "matchCriteriaId": "350ED16A-35A5-4F54-A01F-6EADE58E5530" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9215:-:*:*:*:*:*:*:*", + "matchCriteriaId": "726E51E6-E765-4973-A0D2-5CC746CACFB9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9216:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4B45803F-1AD2-47C8-BB9B-276628A0D605" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9221:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B9E90123-D7DC-4C68-B2F9-27DCEDED2FC6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9222:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5B250A0A-BE50-45B6-AD72-8EA876F64DD4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9255:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D9C5A33A-7B04-4E14-A268-A717CD2420DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9256:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FAC84405-17EE-4C25-8477-317F2A6A095F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9266:-:*:*:*:*:*:*:*", + "matchCriteriaId": "85C42802-293E-448B-A059-DFDEF1D97EC2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9269:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F19E7E64-721E-436B-B879-D1EDE5EFF84C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9285:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7A7E7D3C-436A-4068-99F1-AFEB34989F69" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9286:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4CEEB709-8C7B-48AF-B359-9CE9C68790D5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9600:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1567AAB0-8C08-4A7C-A5D3-4F057C7F6871" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9602:-:*:*:*:*:*:*:*", + "matchCriteriaId": "49ED757E-42DD-4176-B216-915EFD8E2F40" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9610:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6BA3286D-A136-4EB2-A181-6EF8A556EFDF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9612:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BD04E099-75F4-48F6-BB8C-28A5D6FB8F60" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9613:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E92602E3-1B1B-4683-801D-D151919C63EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9615:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0AF44498-001B-4A51-AB32-EBC206B14741" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9617:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F2E6E130-9F65-482B-AF8B-97DA81FCE19E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9629:-:*:*:*:*:*:*:*", + "matchCriteriaId": "47E5EE7B-1208-4007-AF87-6DC309FFE312" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9630:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9FE404F4-FFAE-4646-9234-15230F0577F1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9631:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA834B63-F689-48BA-84E6-500351990BFD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9632:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EF1B3B37-22C4-42F4-8264-07512619D706" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9633:-:*:*:*:*:*:*:*", + "matchCriteriaId": "5CF26725-1701-40F4-83E9-1A4709B60763" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9636:-:*:*:*:*:*:*:*", + "matchCriteriaId": "11B89606-5FD7-4513-984A-16217D37BF4B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9638:-:*:*:*:*:*:*:*", + "matchCriteriaId": "76F4FC23-534B-449A-8344-1F13AE9C8C57" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9639:-:*:*:*:*:*:*:*", + "matchCriteriaId": "392C9A58-EAB1-44B5-B189-98C68CC23199" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9649:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C1C6E88C-46DD-45AB-88C1-B69FC0E25056" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9650:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2D0EF507-52A0-45D1-AC26-97F765E691FC" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9652:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C826242C-440E-4D85-841E-570E9C69777C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9653:-:*:*:*:*:*:*:*", + "matchCriteriaId": "63BC3AE7-4180-4B8C-AB69-8AC4F502700D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9660:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DB80E351-B6E5-4571-A603-04A3A6AFB8CB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A4E9A32-6267-4AB3-B9A9-BBC79ED2F343" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CD7AC916-FF8D-430D-837C-0587056198AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9669:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8531FD76-C0C1-45FE-8FDC-26402FF8BFA5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9670:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC3E19E5-4DD7-4ECB-A7AE-F501A152078E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9671:-:*:*:*:*:*:*:*", + "matchCriteriaId": "94F5F738-459C-4316-80AF-1B9C33E0F36B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9675:-:*:*:*:*:*:*:*", + "matchCriteriaId": "046B7E06-8C40-4D37-8D10-4816E51CA143" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9679:-:*:*:*:*:*:*:*", + "matchCriteriaId": "717AE700-78CC-4750-92CB-C9293571EC7D" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9685:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CFD9AD54-9F0F-414B-8936-3A981657D6AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9686:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4B429106-36BE-42F2-8D05-FB9EF00BDFBA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9688:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F7D78E76-6A3B-4736-B7E7-C9032CDA845B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9900:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4A720E3-FF7F-4607-998D-EBD23F38A2DA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9901:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0F433EC9-C9F5-40D4-9EBB-219295EC1978" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9931:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DDB4C96A-A50F-4194-BE9C-BF2DFD3DEB3B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9950:-:*:*:*:*:*:*:*", + "matchCriteriaId": "31E0E580-A76F-4CFA-BFF2-0F7540C63C3C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9969:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B14AF01-D1D9-483B-9D10-2697A08FFA8F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9970:-:*:*:*:*:*:*:*", + "matchCriteriaId": "961C13C3-2C3D-46B1-A618-D45920EC5E95" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "16B4C37E-B6CA-4176-B98D-E1C9E66472EA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt9981:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62282860-5EAF-45EA-B36E-6B6F124C3096" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/October-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-366xx/CVE-2023-36628.json b/CVE-2023/CVE-2023-366xx/CVE-2023-36628.json new file mode 100644 index 00000000000..dd4c9856bf1 --- /dev/null +++ b/CVE-2023/CVE-2023-366xx/CVE-2023-36628.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-36628", + "sourceIdentifier": "psirt@purestorage.com", + "published": "2023-10-03T00:15:10.057", + "lastModified": "2023-10-03T00:15:10.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@purestorage.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_Privilege_Escalation_in_VASA_CVE-2023-36628", + "source": "psirt@purestorage.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38870.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38870.json index 8b23e37b956..7e240e4f3c4 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38870.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38870.json @@ -2,27 +2,98 @@ "id": "CVE-2023-38870", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-28T04:15:11.893", - "lastModified": "2023-09-28T12:44:04.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:10:51.737", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el commit 3730880 de gugoan Economizzer (abril de 2023) y v.0.9-beta1. El cash book tiene una funci\u00f3n para enumerar los logros por categor\u00eda y el par\u00e1metro 'category_id' es vulnerable a la inyecci\u00f3n SQL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:0.9:beta1:*:*:*:wordpress:*:*", + "matchCriteriaId": "330109B8-8E3F-4E44-83B2-F000BEB32288" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:april_2023:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "BC008109-5EFA-47BA-99B2-01120532E7D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38870", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/gugoan/economizzer", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.economizzer.org", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38871.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38871.json index 162d56a1fa6..08e1e36932e 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38871.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38871.json @@ -2,27 +2,98 @@ "id": "CVE-2023-38871", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-28T04:15:12.003", - "lastModified": "2023-09-28T12:44:04.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:49:18.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses." + }, + { + "lang": "es", + "value": "El commit 3730880 (abril de 2023) y v.0.9-beta1 de gugoan Economizzer tiene una vulnerabilidad de enumeraci\u00f3n de usuarios en las funcionalidades de inicio de sesi\u00f3n y olvido de contrase\u00f1a. La aplicaci\u00f3n reacciona de manera diferente cuando un usuario o direcci\u00f3n de correo electr\u00f3nico es v\u00e1lido y cuando no lo es. Esto puede permitir a un atacante determinar si un usuario o una direcci\u00f3n de correo electr\u00f3nico son v\u00e1lidos, o utilizar la fuerza bruta para determinar si los nombres de usuario y las direcciones de correo electr\u00f3nico son v\u00e1lidos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:0.9:beta1:*:*:*:wordpress:*:*", + "matchCriteriaId": "330109B8-8E3F-4E44-83B2-F000BEB32288" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:april_2023:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "BC008109-5EFA-47BA-99B2-01120532E7D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38871", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/gugoan/economizzer", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.economizzer.org", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-388xx/CVE-2023-38872.json b/CVE-2023/CVE-2023-388xx/CVE-2023-38872.json index 6856f244106..c352b5612af 100644 --- a/CVE-2023/CVE-2023-388xx/CVE-2023-38872.json +++ b/CVE-2023/CVE-2023-388xx/CVE-2023-38872.json @@ -2,27 +2,98 @@ "id": "CVE-2023-38872", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-28T04:15:12.067", - "lastModified": "2023-09-28T12:44:04.973", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:13:23.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Referencia Directa de Objetos Inseguros (IDOR) en el commit 3730880 de gugoan Economizzer (abril de 2023) y v.0.9-beta1 permite a cualquier atacante no autenticado acceder a archivos adjuntos de asientos en el cash book de cualquier otro usuario, si conoce el ID del archivo adjunto." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:0.9:beta1:*:*:*:wordpress:*:*", + "matchCriteriaId": "330109B8-8E3F-4E44-83B2-F000BEB32288" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:economizzer:economizzer:april_2023:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "BC008109-5EFA-47BA-99B2-01120532E7D6" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38872", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/gugoan/economizzer", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.economizzer.org", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-392xx/CVE-2023-39222.json b/CVE-2023/CVE-2023-392xx/CVE-2023-39222.json new file mode 100644 index 00000000000..864766ac77b --- /dev/null +++ b/CVE-2023/CVE-2023-392xx/CVE-2023-39222.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39222", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-03T01:15:56.810", + "lastModified": "2023-10-03T01:15:56.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94497038/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-394xx/CVE-2023-39429.json b/CVE-2023/CVE-2023-394xx/CVE-2023-39429.json new file mode 100644 index 00000000000..6b481fa39b8 --- /dev/null +++ b/CVE-2023/CVE-2023-394xx/CVE-2023-39429.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-39429", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-03T01:15:56.867", + "lastModified": "2023-10-03T01:15:56.867", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94497038/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-410xx/CVE-2023-41086.json b/CVE-2023/CVE-2023-410xx/CVE-2023-41086.json new file mode 100644 index 00000000000..2675a164a52 --- /dev/null +++ b/CVE-2023/CVE-2023-410xx/CVE-2023-41086.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-41086", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-03T01:15:56.917", + "lastModified": "2023-10-03T01:15:56.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94497038/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-427xx/CVE-2023-42771.json b/CVE-2023/CVE-2023-427xx/CVE-2023-42771.json new file mode 100644 index 00000000000..d07025e20e2 --- /dev/null +++ b/CVE-2023/CVE-2023-427xx/CVE-2023-42771.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-42771", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-03T01:15:56.967", + "lastModified": "2023-10-03T01:15:56.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94497038/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-430xx/CVE-2023-43044.json b/CVE-2023/CVE-2023-430xx/CVE-2023-43044.json index f0e959d64db..85098e710d6 100644 --- a/CVE-2023/CVE-2023-430xx/CVE-2023-43044.json +++ b/CVE-2023/CVE-2023-430xx/CVE-2023-43044.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43044", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-28T18:15:11.930", - "lastModified": "2023-09-28T18:19:27.953", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:42:10.740", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893." + }, + { + "lang": "es", + "value": "El servidor de aplicaciones integrado para IBM i 7.2, 7.3, 7.4 y 7.5 contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso a la l\u00ednea de comandos del sistema operativo host puede elevar los privilegios para obtener acceso root al sistema operativo host. ID de IBM X-Force: 263580." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:license_metric_tool:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.2.33", + "matchCriteriaId": "16F7191F-A434-4756-BA7E-F427C5491BA1" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266893", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://https://www.ibm.com/support/pages/node/7040605", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43627.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43627.json new file mode 100644 index 00000000000..fe222021fe0 --- /dev/null +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43627.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43627", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2023-10-03T01:15:57.017", + "lastModified": "2023-10-03T01:15:57.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://jvn.jp/en/vu/JVNVU94497038/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.furunosystems.co.jp/news/info/vulner20231002.html", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43663.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43663.json index efeea3b1e4e..7e6e79eb569 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43663.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43663.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43663", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-28T19:15:10.633", - "lastModified": "2023-09-28T20:29:46.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:38:50.460", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue." + }, + { + "lang": "es", + "value": "PrestaShop es una aplicaci\u00f3n web de comercio electr\u00f3nico de c\u00f3digo abierto. En las versiones afectadas, cualquier m\u00f3dulo se puede desactivar o desinstalar desde el back office, incluso con pocos derechos de usuario. Esto permite a los usuarios con pocos privilegios desactivar partes de la funcionalidad de una tienda. El commit `ce1f6708` soluciona este problema y se incluye en la versi\u00f3n 8.1.2. Se recomienda a los usuarios que actualicen. No se conocen workarounds para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.2", + "matchCriteriaId": "70A20382-47EA-477D-A6BE-0DDC760A3B02" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/ce1f67083537194e974caf86c57e547a0aaa46cd", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-6jmf-2pfc-q9m7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-436xx/CVE-2023-43664.json b/CVE-2023/CVE-2023-436xx/CVE-2023-43664.json index eaa0e0fcd68..d237666c994 100644 --- a/CVE-2023/CVE-2023-436xx/CVE-2023-43664.json +++ b/CVE-2023/CVE-2023-436xx/CVE-2023-43664.json @@ -2,16 +2,40 @@ "id": "CVE-2023-43664", "sourceIdentifier": "security-advisories@github.com", "published": "2023-09-28T19:15:10.713", - "lastModified": "2023-09-28T20:29:46.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-10-03T00:18:35.847", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue." + }, + { + "lang": "es", + "value": "PrestaShop es una aplicaci\u00f3n web de comercio electr\u00f3nico de c\u00f3digo abierto. En la interfaz del Back office de Prestashop, un empleado puede enumerar todos los m\u00f3dulos sin ning\u00fan derecho de acceso: el m\u00e9todo `ajaxProcessGetPossibleHookingListForModule` no verifica los derechos de acceso. Este problema se solucion\u00f3 en el commit `15bd281c` que se incluye en la versi\u00f3n 8.1.2. Se recomienda a los usuarios que actualicen. No se conoce ning\u00fan workaround para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.2", + "matchCriteriaId": "70A20382-47EA-477D-A6BE-0DDC760A3B02" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/15bd281c18f032a5134a8d213b44d24829d45762", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-gvrg-62jp-rf7j", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 1b7a26b64b6..416a39d4061 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-10-02T23:55:24.052218+00:00 +2023-10-03T02:00:25.186453+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-10-02T23:15:12.533000+00:00 +2023-10-03T01:44:32.997000+00:00 ``` ### Last Data Feed Release @@ -23,34 +23,52 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2023-10-02T00:00:13.536483+00:00 +2023-10-03T00:00:13.550139+00:00 ``` ### Total Number of included CVEs ```plain -226779 +226787 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `8` -* [CVE-2023-43891](CVE-2023/CVE-2023-438xx/CVE-2023-43891.json) (`2023-10-02T22:15:09.933`) -* [CVE-2023-43892](CVE-2023/CVE-2023-438xx/CVE-2023-43892.json) (`2023-10-02T22:15:10.137`) -* [CVE-2023-43893](CVE-2023/CVE-2023-438xx/CVE-2023-43893.json) (`2023-10-02T22:15:10.187`) -* [CVE-2023-44011](CVE-2023/CVE-2023-440xx/CVE-2023-44011.json) (`2023-10-02T22:15:10.233`) -* [CVE-2023-44012](CVE-2023/CVE-2023-440xx/CVE-2023-44012.json) (`2023-10-02T22:15:10.280`) -* [CVE-2023-28372](CVE-2023/CVE-2023-283xx/CVE-2023-28372.json) (`2023-10-02T23:15:12.293`) -* [CVE-2023-31042](CVE-2023/CVE-2023-310xx/CVE-2023-31042.json) (`2023-10-02T23:15:12.397`) -* [CVE-2023-36627](CVE-2023/CVE-2023-366xx/CVE-2023-36627.json) (`2023-10-02T23:15:12.470`) -* [CVE-2023-43980](CVE-2023/CVE-2023-439xx/CVE-2023-43980.json) (`2023-10-02T23:15:12.533`) +* [CVE-2023-28373](CVE-2023/CVE-2023-283xx/CVE-2023-28373.json) (`2023-10-03T00:15:09.913`) +* [CVE-2023-32572](CVE-2023/CVE-2023-325xx/CVE-2023-32572.json) (`2023-10-03T00:15:09.990`) +* [CVE-2023-36628](CVE-2023/CVE-2023-366xx/CVE-2023-36628.json) (`2023-10-03T00:15:10.057`) +* [CVE-2023-39222](CVE-2023/CVE-2023-392xx/CVE-2023-39222.json) (`2023-10-03T01:15:56.810`) +* [CVE-2023-39429](CVE-2023/CVE-2023-394xx/CVE-2023-39429.json) (`2023-10-03T01:15:56.867`) +* [CVE-2023-41086](CVE-2023/CVE-2023-410xx/CVE-2023-41086.json) (`2023-10-03T01:15:56.917`) +* [CVE-2023-42771](CVE-2023/CVE-2023-427xx/CVE-2023-42771.json) (`2023-10-03T01:15:56.967`) +* [CVE-2023-43627](CVE-2023/CVE-2023-436xx/CVE-2023-43627.json) (`2023-10-03T01:15:57.017`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `19` +* [CVE-2022-47186](CVE-2022/CVE-2022-471xx/CVE-2022-47186.json) (`2023-10-03T00:45:03.710`) +* [CVE-2023-38870](CVE-2023/CVE-2023-388xx/CVE-2023-38870.json) (`2023-10-03T00:10:51.737`) +* [CVE-2023-38872](CVE-2023/CVE-2023-388xx/CVE-2023-38872.json) (`2023-10-03T00:13:23.070`) +* [CVE-2023-43664](CVE-2023/CVE-2023-436xx/CVE-2023-43664.json) (`2023-10-03T00:18:35.847`) +* [CVE-2023-43663](CVE-2023/CVE-2023-436xx/CVE-2023-43663.json) (`2023-10-03T00:38:50.460`) +* [CVE-2023-43044](CVE-2023/CVE-2023-430xx/CVE-2023-43044.json) (`2023-10-03T00:42:10.740`) +* [CVE-2023-38871](CVE-2023/CVE-2023-388xx/CVE-2023-38871.json) (`2023-10-03T00:49:18.640`) +* [CVE-2023-20819](CVE-2023/CVE-2023-208xx/CVE-2023-20819.json) (`2023-10-03T00:56:36.560`) +* [CVE-2023-32819](CVE-2023/CVE-2023-328xx/CVE-2023-32819.json) (`2023-10-03T00:59:45.713`) +* [CVE-2023-32830](CVE-2023/CVE-2023-328xx/CVE-2023-32830.json) (`2023-10-03T01:01:49.560`) +* [CVE-2023-32820](CVE-2023/CVE-2023-328xx/CVE-2023-32820.json) (`2023-10-03T01:07:27.053`) +* [CVE-2023-32821](CVE-2023/CVE-2023-328xx/CVE-2023-32821.json) (`2023-10-03T01:10:44.100`) +* [CVE-2023-32822](CVE-2023/CVE-2023-328xx/CVE-2023-32822.json) (`2023-10-03T01:14:28.230`) +* [CVE-2023-32823](CVE-2023/CVE-2023-328xx/CVE-2023-32823.json) (`2023-10-03T01:23:26.747`) +* [CVE-2023-32824](CVE-2023/CVE-2023-328xx/CVE-2023-32824.json) (`2023-10-03T01:35:09.277`) +* [CVE-2023-32826](CVE-2023/CVE-2023-328xx/CVE-2023-32826.json) (`2023-10-03T01:37:23.843`) +* [CVE-2023-32827](CVE-2023/CVE-2023-328xx/CVE-2023-32827.json) (`2023-10-03T01:39:18.287`) +* [CVE-2023-32829](CVE-2023/CVE-2023-328xx/CVE-2023-32829.json) (`2023-10-03T01:43:08.800`) +* [CVE-2023-32828](CVE-2023/CVE-2023-328xx/CVE-2023-32828.json) (`2023-10-03T01:44:32.997`) ## Download and Usage