From 884dd376a159c15fe0ab5f6d1776220f00fdc049 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Helmke?= Date: Tue, 2 May 2023 10:00:31 +0200 Subject: [PATCH] Auto-Update: 2023-05-02T08:00:28.719397+00:00 --- CVE-2022/CVE-2022-257xx/CVE-2022-25713.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-332xx/CVE-2022-33281.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-332xx/CVE-2022-33292.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-333xx/CVE-2022-33304.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-333xx/CVE-2022-33305.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-341xx/CVE-2022-34144.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-405xx/CVE-2022-40505.json | 43 +++++++++++++++++++++ CVE-2022/CVE-2022-405xx/CVE-2022-40508.json | 43 +++++++++++++++++++++ CVE-2023/CVE-2023-216xx/CVE-2023-21642.json | 43 +++++++++++++++++++++ CVE-2023/CVE-2023-216xx/CVE-2023-21665.json | 43 +++++++++++++++++++++ CVE-2023/CVE-2023-216xx/CVE-2023-21666.json | 43 +++++++++++++++++++++ README.md | 25 +++++++----- 12 files changed, 489 insertions(+), 9 deletions(-) create mode 100644 CVE-2022/CVE-2022-257xx/CVE-2022-25713.json create mode 100644 CVE-2022/CVE-2022-332xx/CVE-2022-33281.json create mode 100644 CVE-2022/CVE-2022-332xx/CVE-2022-33292.json create mode 100644 CVE-2022/CVE-2022-333xx/CVE-2022-33304.json create mode 100644 CVE-2022/CVE-2022-333xx/CVE-2022-33305.json create mode 100644 CVE-2022/CVE-2022-341xx/CVE-2022-34144.json create mode 100644 CVE-2022/CVE-2022-405xx/CVE-2022-40505.json create mode 100644 CVE-2022/CVE-2022-405xx/CVE-2022-40508.json create mode 100644 CVE-2023/CVE-2023-216xx/CVE-2023-21642.json create mode 100644 CVE-2023/CVE-2023-216xx/CVE-2023-21665.json create mode 100644 CVE-2023/CVE-2023-216xx/CVE-2023-21666.json diff --git a/CVE-2022/CVE-2022-257xx/CVE-2022-25713.json b/CVE-2022/CVE-2022-257xx/CVE-2022-25713.json new file mode 100644 index 00000000000..b4bc604177f --- /dev/null +++ b/CVE-2022/CVE-2022-257xx/CVE-2022-25713.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-25713", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:08.500", + "lastModified": "2023-05-02T06:15:08.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33281.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33281.json new file mode 100644 index 00000000000..c3a13124939 --- /dev/null +++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33281.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-33281", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:09.507", + "lastModified": "2023-05-02T06:15:09.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-332xx/CVE-2022-33292.json b/CVE-2022/CVE-2022-332xx/CVE-2022-33292.json new file mode 100644 index 00000000000..39a6dc68d61 --- /dev/null +++ b/CVE-2022/CVE-2022-332xx/CVE-2022-33292.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-33292", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:09.757", + "lastModified": "2023-05-02T06:15:09.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33304.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33304.json new file mode 100644 index 00000000000..effe859f068 --- /dev/null +++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33304.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-33304", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:09.910", + "lastModified": "2023-05-02T06:15:09.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33305.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33305.json new file mode 100644 index 00000000000..23dd990a593 --- /dev/null +++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33305.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-33305", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:09.997", + "lastModified": "2023-05-02T06:15:09.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-341xx/CVE-2022-34144.json b/CVE-2022/CVE-2022-341xx/CVE-2022-34144.json new file mode 100644 index 00000000000..1ded5c9dcb2 --- /dev/null +++ b/CVE-2022/CVE-2022-341xx/CVE-2022-34144.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-34144", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.077", + "lastModified": "2023-05-02T06:15:10.077", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Transient DOS due to reachable assertion in Modem during OSI decode scheduling." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40505.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40505.json new file mode 100644 index 00000000000..3bf8a1038af --- /dev/null +++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40505.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-40505", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.173", + "lastModified": "2023-05-02T06:15:10.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Information disclosure due to buffer over-read in Modem while parsing DNS hostname." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-405xx/CVE-2022-40508.json b/CVE-2022/CVE-2022-405xx/CVE-2022-40508.json new file mode 100644 index 00000000000..74d3cb08e2b --- /dev/null +++ b/CVE-2022/CVE-2022-405xx/CVE-2022-40508.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-40508", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.263", + "lastModified": "2023-05-02T06:15:10.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21642.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21642.json new file mode 100644 index 00000000000..0b24fdc0ab8 --- /dev/null +++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21642.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-21642", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.347", + "lastModified": "2023-05-02T06:15:10.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory corruption in HAB Memory management due to broad system privileges via physical address." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21665.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21665.json new file mode 100644 index 00000000000..fb5191976eb --- /dev/null +++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21665.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-21665", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.433", + "lastModified": "2023-05-02T06:15:10.433", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory corruption in Graphics while importing a file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-216xx/CVE-2023-21666.json b/CVE-2023/CVE-2023-216xx/CVE-2023-21666.json new file mode 100644 index 00000000000..84e5a0b9f99 --- /dev/null +++ b/CVE-2023/CVE-2023-216xx/CVE-2023-21666.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-21666", + "sourceIdentifier": "product-security@qualcomm.com", + "published": "2023-05-02T06:15:10.510", + "lastModified": "2023-05-02T06:15:10.510", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@qualcomm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin", + "source": "product-security@qualcomm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f4c9c713ed2..8752c910221 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-05-02T06:00:23.783014+00:00 +2023-05-02T08:00:28.719397+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-05-02T05:15:28.113000+00:00 +2023-05-02T06:15:10.510000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,30 @@ Download and Changelog: [Click](releases/latest) ### Total Number of included CVEs ```plain -213881 +213892 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `11` -* [CVE-2022-48482](CVE-2022/CVE-2022-484xx/CVE-2022-48482.json) (`2023-05-02T05:15:27.407`) -* [CVE-2022-48483](CVE-2022/CVE-2022-484xx/CVE-2022-48483.json) (`2023-05-02T05:15:28.057`) -* [CVE-2023-2247](CVE-2023/CVE-2023-22xx/CVE-2023-2247.json) (`2023-05-02T05:15:28.113`) +* [CVE-2022-25713](CVE-2022/CVE-2022-257xx/CVE-2022-25713.json) (`2023-05-02T06:15:08.500`) +* [CVE-2022-33281](CVE-2022/CVE-2022-332xx/CVE-2022-33281.json) (`2023-05-02T06:15:09.507`) +* [CVE-2022-33292](CVE-2022/CVE-2022-332xx/CVE-2022-33292.json) (`2023-05-02T06:15:09.757`) +* [CVE-2022-33304](CVE-2022/CVE-2022-333xx/CVE-2022-33304.json) (`2023-05-02T06:15:09.910`) +* [CVE-2022-33305](CVE-2022/CVE-2022-333xx/CVE-2022-33305.json) (`2023-05-02T06:15:09.997`) +* [CVE-2022-34144](CVE-2022/CVE-2022-341xx/CVE-2022-34144.json) (`2023-05-02T06:15:10.077`) +* [CVE-2022-40505](CVE-2022/CVE-2022-405xx/CVE-2022-40505.json) (`2023-05-02T06:15:10.173`) +* [CVE-2022-40508](CVE-2022/CVE-2022-405xx/CVE-2022-40508.json) (`2023-05-02T06:15:10.263`) +* [CVE-2023-21642](CVE-2023/CVE-2023-216xx/CVE-2023-21642.json) (`2023-05-02T06:15:10.347`) +* [CVE-2023-21665](CVE-2023/CVE-2023-216xx/CVE-2023-21665.json) (`2023-05-02T06:15:10.433`) +* [CVE-2023-21666](CVE-2023/CVE-2023-216xx/CVE-2023-21666.json) (`2023-05-02T06:15:10.510`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2022-28005](CVE-2022/CVE-2022-280xx/CVE-2022-28005.json) (`2023-05-02T04:15:46.873`) ## Download and Usage