diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48681.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48681.json index fb382e3686c..75a9385b9a0 100644 --- a/CVE-2022/CVE-2022-486xx/CVE-2022-48681.json +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48681.json @@ -2,7 +2,7 @@ "id": "CVE-2022-48681", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T04:15:08.623", - "lastModified": "2024-05-28T04:15:08.623", + "lastModified": "2024-05-28T07:15:08.470", "vulnStatus": "Received", "descriptions": [ { @@ -47,6 +47,10 @@ } ], "references": [ + { + "url": "https://https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-samovishss-28e21e39-en", + "source": "psirt@huawei.com" + }, { "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-samovishss-28e21e39-cn", "source": "psirt@huawei.com" diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52547.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52547.json new file mode 100644 index 00000000000..2880d7b8001 --- /dev/null +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52547.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52547", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-05-28T07:15:08.930", + "lastModified": "2024-05-28T07:15:08.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26. Memory Corruption in SMI Handler of HddPassword SMM Module. This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-130" + } + ] + } + ], + "references": [ + { + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52548.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52548.json new file mode 100644 index 00000000000..0a1c0120a72 --- /dev/null +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52548.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-52548", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-05-28T07:15:09.753", + "lastModified": "2024-05-28T07:15:09.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26) Arbitrary Memory Corruption in SMI Handler of ThisiServicesSmm SMM module. This can be leveraged by a malicious OS attacker to corrupt arbitrary SMRAM memory and, in turn, lead to code execution in SMM" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [ + { + "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-cn", + "source": "psirt@huawei.com" + }, + { + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-en", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52710.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52710.json new file mode 100644 index 00000000000..8223a429dab --- /dev/null +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52710.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52710", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-05-28T07:15:10.100", + "lastModified": "2024-05-28T07:15:10.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Huawei Matebook D16(Model: CREM-WXX9, BIOS: v2.26), As the communication buffer size hasn\u2019t been properly validated to be of the expected size, it can partially overlap with the beginning SMRAM.This can be leveraged by a malicious OS attacker to corrupt data structures stored at the beginning of SMRAM and can potentially lead to code execution in SMM." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52711.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52711.json new file mode 100644 index 00000000000..64c8b7c801c --- /dev/null +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52711.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52711", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-05-28T07:15:10.490", + "lastModified": "2024-05-28T07:15:10.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially leading code execution in SMM" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-en", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52712.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52712.json new file mode 100644 index 00000000000..b2d1be61f93 --- /dev/null +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52712.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52712", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-05-28T07:15:10.810", + "lastModified": "2024-05-28T07:15:10.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentially leading code execution in SMM" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 72b579f92d8..b8e428fb727 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-28T06:00:37.935905+00:00 +2024-05-28T08:00:46.061917+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-28T04:15:08.623000+00:00 +2024-05-28T07:15:10.810000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251890 +251895 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -- [CVE-2022-48681](CVE-2022/CVE-2022-486xx/CVE-2022-48681.json) (`2024-05-28T04:15:08.623`) +- [CVE-2023-52547](CVE-2023/CVE-2023-525xx/CVE-2023-52547.json) (`2024-05-28T07:15:08.930`) +- [CVE-2023-52548](CVE-2023/CVE-2023-525xx/CVE-2023-52548.json) (`2024-05-28T07:15:09.753`) +- [CVE-2023-52710](CVE-2023/CVE-2023-527xx/CVE-2023-52710.json) (`2024-05-28T07:15:10.100`) +- [CVE-2023-52711](CVE-2023/CVE-2023-527xx/CVE-2023-52711.json) (`2024-05-28T07:15:10.490`) +- [CVE-2023-52712](CVE-2023/CVE-2023-527xx/CVE-2023-52712.json) (`2024-05-28T07:15:10.810`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2022-48681](CVE-2022/CVE-2022-486xx/CVE-2022-48681.json) (`2024-05-28T07:15:08.470`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4b1a6e147de..f23c40ee3fd 100644 --- a/_state.csv +++ b/_state.csv @@ -211981,7 +211981,7 @@ CVE-2022-48673,0,0,9605618fa7597ed94995f84a27fb057932599afff122e438d60e99636f587 CVE-2022-48674,0,0,fa42813fe90b0585e3ad673a0800f86f62acc80eb213e88f44bacff6d05e9fd4,2024-05-23T19:36:25.633000 CVE-2022-48675,0,0,ffdc7ff07043ff8d904f74a8a1b71fad7bff2a559dea9c5bb178531131fc30c0,2024-05-23T20:33:42.183000 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000 -CVE-2022-48681,1,1,ee619af1bd07e9b0f3c69adf1f3dc953c80ca076d732216baf0619655c890970,2024-05-28T04:15:08.623000 +CVE-2022-48681,0,1,9e7073e34e9e8c7a99139e60cad321857fdd2e4e9eedbb45eeb8252f3a098e62,2024-05-28T07:15:08.470000 CVE-2022-48682,0,0,a9e8566df4d423615eab0842eba8f88c67d4de5de15c1876586d34ed294d4bbf,2024-04-26T12:58:17.720000 CVE-2022-48684,0,0,183793e4ba2f09101fce115e434fee8cb8ff9c6a4ec46d5771edf2b59c69d11d,2024-04-29T12:42:03.667000 CVE-2022-48685,0,0,ffa3e1d85b1e2d4bd3c19f046cb04890a395016777f2401ecc051ad5f33c92b4,2024-04-29T12:42:03.667000 @@ -238040,6 +238040,8 @@ CVE-2023-52543,0,0,96cbb9c63e763444820892c7ea5efee2df71c41bd28581892639f66a6a56d CVE-2023-52544,0,0,b8f9dfcd8e084326549a47e222528becd132d7752a5bb142236d04dce4e2e08e,2024-04-08T18:48:40.217000 CVE-2023-52545,0,0,f8ad27aae442eed0a3dd2f998164c3c106828ee316ba6775ec94c0b831b59e4e,2024-04-08T18:48:40.217000 CVE-2023-52546,0,0,98e83b458ee5ccf9e1559640eef1a61ae796d230ceddac590d5e3e1ef188ba7c,2024-04-08T18:48:40.217000 +CVE-2023-52547,1,1,0c25c96425d4fb800aef08164a588490bcdbd5daab74053d2a77671003a413c7,2024-05-28T07:15:08.930000 +CVE-2023-52548,1,1,65cde8d41632d15c891d7017055fc731391545a45ba91bf7f51b02299f87349d,2024-05-28T07:15:09.753000 CVE-2023-52549,0,0,064dba9aa8a5e58753593db89b3a8652ddfce895e5228c52376f3a9b60547bd3,2024-04-08T18:48:40.217000 CVE-2023-5255,0,0,7b00041b943da6551d182c3ce2fdbb603d656d59887e0f5b6c6238fdb452d7ad,2023-10-05T16:48:26.820000 CVE-2023-52550,0,0,0ed3b46b04f5be2ab55ecd4fa9e7b72bd0bb7ac1ab5de511ef41abd80f8d8ea5,2024-04-08T18:48:40.217000 @@ -238217,6 +238219,9 @@ CVE-2023-52706,0,0,7d9c0c1398f25f64cb551d39aa33e70e8f9f22a240090f57c2f33850d1e43 CVE-2023-52707,0,0,afa67acbd2d4c3b36af0fd1bf97a2513956a69e9bfe403e299f73a97c4e8e16f,2024-05-21T16:53:56.550000 CVE-2023-52708,0,0,0cf5531d52b4f0e27229e5431a6641f8a33b6ad189d69b571295e2268c7460a8,2024-05-21T16:53:56.550000 CVE-2023-5271,0,0,70cb4211a176d5dd405f00e1f8e768679b692805db27818df2a991a5138e8644,2024-05-17T02:32:57.007000 +CVE-2023-52710,1,1,8a3c1e11cbcd981449050bf88ec435d64257bb18299910d13d5087402394db72,2024-05-28T07:15:10.100000 +CVE-2023-52711,1,1,a6173461c367b71f9d7e53676fb7b1941cfab6c45c6e42917aec09975a7c9459,2024-05-28T07:15:10.490000 +CVE-2023-52712,1,1,d96c63e5c36fda249ee751f68e210467afbfb00c6972ca915fb3db06a558507a,2024-05-28T07:15:10.810000 CVE-2023-52713,0,0,a82d0be4af03c7dceedf68675e47448344d098e5d4aaf1d8c272ce3767fe9c32,2024-04-08T18:48:40.217000 CVE-2023-52714,0,0,991cd44d006c1b2366208e786d7d4a500460a04aecbaa12bc932d9b06456d878,2024-04-08T18:48:40.217000 CVE-2023-52715,0,0,820cbdfbd6db2c6b83279badddd26d2af4801521939e0773de26b1e63304abe5,2024-04-08T18:48:40.217000