From b0cd68cfa9e6c63d0eb5e2a2821727bc0ce58ebf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 7 Sep 2023 16:00:28 +0000 Subject: [PATCH] Auto-Update: 2023-09-07T16:00:24.858095+00:00 --- CVE-2021/CVE-2021-441xx/CVE-2021-44189.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44190.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44191.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44192.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44193.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44194.json | 55 ++++ CVE-2021/CVE-2021-441xx/CVE-2021-44195.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30637.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30638.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30639.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30640.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30641.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30642.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30643.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30644.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30645.json | 55 ++++ CVE-2022/CVE-2022-306xx/CVE-2022-30646.json | 55 ++++ CVE-2022/CVE-2022-419xx/CVE-2022-41954.json | 34 +-- CVE-2022/CVE-2022-468xx/CVE-2022-46868.json | 72 ++++- CVE-2022/CVE-2022-468xx/CVE-2022-46869.json | 72 ++++- CVE-2023/CVE-2023-208xx/CVE-2023-20837.json | 160 ++++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20838.json | 290 +++++++++++++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20839.json | 130 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20840.json | 124 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20841.json | 130 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20842.json | 130 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20843.json | 125 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20844.json | 125 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20845.json | 120 +++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20846.json | 125 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20847.json | 125 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20848.json | 130 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20849.json | 130 ++++++++- CVE-2023/CVE-2023-208xx/CVE-2023-20850.json | 130 ++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32812.json | 265 +++++++++++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32813.json | 280 ++++++++++++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32814.json | 265 +++++++++++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32815.json | 270 +++++++++++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32816.json | 240 +++++++++++++++- CVE-2023/CVE-2023-328xx/CVE-2023-32817.json | 240 +++++++++++++++- CVE-2023/CVE-2023-386xx/CVE-2023-38633.json | 10 +- CVE-2023/CVE-2023-397xx/CVE-2023-39711.json | 28 ++ CVE-2023/CVE-2023-401xx/CVE-2023-40181.json | 68 ++++- CVE-2023/CVE-2023-401xx/CVE-2023-40186.json | 63 ++++- CVE-2023/CVE-2023-401xx/CVE-2023-40187.json | 69 ++++- CVE-2023/CVE-2023-401xx/CVE-2023-40188.json | 63 ++++- CVE-2023/CVE-2023-405xx/CVE-2023-40567.json | 68 ++++- CVE-2023/CVE-2023-405xx/CVE-2023-40574.json | 57 +++- CVE-2023/CVE-2023-405xx/CVE-2023-40575.json | 57 +++- CVE-2023/CVE-2023-405xx/CVE-2023-40576.json | 57 +++- CVE-2023/CVE-2023-408xx/CVE-2023-40839.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40840.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40841.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40842.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40843.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40844.json | 75 ++++- CVE-2023/CVE-2023-408xx/CVE-2023-40845.json | 75 ++++- CVE-2023/CVE-2023-409xx/CVE-2023-40942.json | 20 ++ CVE-2023/CVE-2023-409xx/CVE-2023-40969.json | 69 ++++- README.md | 99 ++++--- 60 files changed, 5676 insertions(+), 224 deletions(-) create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44189.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44190.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44191.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44192.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44193.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44194.json create mode 100644 CVE-2021/CVE-2021-441xx/CVE-2021-44195.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30637.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30638.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30639.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30640.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30641.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30642.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30643.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30644.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30645.json create mode 100644 CVE-2022/CVE-2022-306xx/CVE-2022-30646.json create mode 100644 CVE-2023/CVE-2023-397xx/CVE-2023-39711.json create mode 100644 CVE-2023/CVE-2023-409xx/CVE-2023-40942.json diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44189.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44189.json new file mode 100644 index 00000000000..6209310e512 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44189.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44189", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:07.843", + "lastModified": "2023-09-07T14:15:07.843", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44190.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44190.json new file mode 100644 index 00000000000..1d1c1f05697 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44190.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44190", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:08.187", + "lastModified": "2023-09-07T14:15:08.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44191.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44191.json new file mode 100644 index 00000000000..964241161d9 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44191.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44191", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:08.383", + "lastModified": "2023-09-07T14:15:08.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44192.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44192.json new file mode 100644 index 00000000000..23e64cc13f2 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44192.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44192", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:08.573", + "lastModified": "2023-09-07T14:15:08.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44193.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44193.json new file mode 100644 index 00000000000..f8d42a3b91d --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44193.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44193", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:08.750", + "lastModified": "2023-09-07T14:15:08.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44194.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44194.json new file mode 100644 index 00000000000..5652995a6a4 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44194.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44194", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:08.943", + "lastModified": "2023-09-07T14:15:08.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-441xx/CVE-2021-44195.json b/CVE-2021/CVE-2021-441xx/CVE-2021-44195.json new file mode 100644 index 00000000000..05de1e6f8e2 --- /dev/null +++ b/CVE-2021/CVE-2021-441xx/CVE-2021-44195.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2021-44195", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:09.147", + "lastModified": "2023-09-07T14:15:09.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30637.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30637.json new file mode 100644 index 00000000000..1a87a0af25a --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30637.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30637", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:09.323", + "lastModified": "2023-09-07T14:15:09.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30638.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30638.json new file mode 100644 index 00000000000..9abe6d5e22a --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30638.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30638", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:09.487", + "lastModified": "2023-09-07T14:15:09.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30639.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30639.json new file mode 100644 index 00000000000..f6030c15356 --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30639.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30639", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:09.690", + "lastModified": "2023-09-07T14:15:09.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30640.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30640.json new file mode 100644 index 00000000000..5e249d92ce5 --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30640.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30640", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:09.930", + "lastModified": "2023-09-07T14:15:09.930", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30641.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30641.json new file mode 100644 index 00000000000..bd0efde5bee --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30641.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30641", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:10.057", + "lastModified": "2023-09-07T14:15:10.057", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30642.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30642.json new file mode 100644 index 00000000000..687fdf1f75d --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30642.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30642", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:10.253", + "lastModified": "2023-09-07T14:15:10.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30643.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30643.json new file mode 100644 index 00000000000..888ceda6dcd --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30643.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30643", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:10.430", + "lastModified": "2023-09-07T14:15:10.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30644.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30644.json new file mode 100644 index 00000000000..bb36639c8f0 --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30644.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30644", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:10.707", + "lastModified": "2023-09-07T14:15:10.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30645.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30645.json new file mode 100644 index 00000000000..dbba941026f --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30645.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30645", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:10.910", + "lastModified": "2023-09-07T14:15:10.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-306xx/CVE-2022-30646.json b/CVE-2022/CVE-2022-306xx/CVE-2022-30646.json new file mode 100644 index 00000000000..67b0dcc7a41 --- /dev/null +++ b/CVE-2022/CVE-2022-306xx/CVE-2022-30646.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2022-30646", + "sourceIdentifier": "psirt@adobe.com", + "published": "2023-09-07T14:15:11.183", + "lastModified": "2023-09-07T14:15:11.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-419xx/CVE-2022-41954.json b/CVE-2022/CVE-2022-419xx/CVE-2022-41954.json index bf319daa25f..7c149aafdbf 100644 --- a/CVE-2022/CVE-2022-419xx/CVE-2022-41954.json +++ b/CVE-2022/CVE-2022-419xx/CVE-2022-41954.json @@ -2,8 +2,8 @@ "id": "CVE-2022-41954", "sourceIdentifier": "security-advisories@github.com", "published": "2022-11-25T19:15:12.023", - "lastModified": "2023-07-06T13:41:46.873", - "vulnStatus": "Analyzed", + "lastModified": "2023-09-07T15:15:07.493", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -55,19 +55,9 @@ ] }, "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-668" - } - ] - }, { "source": "security-advisories@github.com", - "type": "Secondary", + "type": "Primary", "description": [ { "lang": "en", @@ -78,6 +68,16 @@ "value": "CWE-377" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] } ], "configurations": [ @@ -100,12 +100,8 @@ ], "references": [ { - "url": "https://github.com/joniles/mpxj/commit/287ad0234213c52b0638565e14bd9cf3ed44cedd", - "source": "security-advisories@github.com", - "tags": [ - "Patch", - "Third Party Advisory" - ] + "url": "https://github.com/joniles/mpxj/commit/ae0af24345d79ad45705265d9927fe55e94a5721", + "source": "security-advisories@github.com" }, { "url": "https://github.com/joniles/mpxj/security/advisories/GHSA-jf2p-4gqj-849g", diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json index 30bf8135f94..1558434d324 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46868.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46868", "sourceIdentifier": "security@acronis.com", "published": "2023-08-31T15:15:08.343", - "lastModified": "2023-08-31T17:25:54.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:24:50.557", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*", + "versionEndExcluding": "40173", + "matchCriteriaId": "81BABB96-E94D-47DA-ADA6-3979FF372490" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-2499", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-468xx/CVE-2022-46869.json b/CVE-2022/CVE-2022-468xx/CVE-2022-46869.json index a14f858ddcb..7ccf6d5a01a 100644 --- a/CVE-2022/CVE-2022-468xx/CVE-2022-46869.json +++ b/CVE-2022/CVE-2022-468xx/CVE-2022-46869.json @@ -2,8 +2,8 @@ "id": "CVE-2022-46869", "sourceIdentifier": "security@acronis.com", "published": "2023-08-31T20:15:08.027", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:25:24.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@acronis.com", @@ -35,6 +57,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-59" + } + ] + }, { "source": "security@acronis.com", "type": "Secondary", @@ -46,10 +78,44 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*", + "versionEndExcluding": "40278", + "matchCriteriaId": "DA67D824-36CA-4954-A798-1128251F6556" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://security-advisory.acronis.com/advisories/SEC-3835", - "source": "security@acronis.com" + "source": "security@acronis.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20837.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20837.json index 088f0ac78cf..eb79f9d5ca4 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20837.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20837.json @@ -2,19 +2,171 @@ "id": "CVE-2023-20837", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.430", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:39:00.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20838.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20838.json index 5eef4cc0ee9..1d213eeb8c5 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20838.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20838.json @@ -2,19 +2,301 @@ "id": "CVE-2023-20838", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.560", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:41:14.693", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*", + "matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*", + "matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*", + "matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*", + "matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*", + "matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*", + "matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*", + "matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20839.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20839.json index 5205e282044..11e6c92635c 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20839.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20839.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20839", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.677", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:41:27.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20840.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20840.json index 9a0e339701f..3c3273cf946 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20840.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20840.json @@ -2,19 +2,135 @@ "id": "CVE-2023-20840", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:10.827", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:38:08.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20841.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20841.json index e3435ce3b56..b44c860d249 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20841.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20841.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20841", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.003", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:38:22.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20842.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20842.json index 581109320a5..b2a130031ce 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20842.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20842.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20842", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.163", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:38:36.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing\u00a0valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20843.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20843.json index 7c7b3bb4e66..b972bb7286c 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20843.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20843.json @@ -2,19 +2,136 @@ "id": "CVE-2023-20843", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.343", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:41:36.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20844.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20844.json index edd32bdd6f9..b10b9c1b5df 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20844.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20844.json @@ -2,19 +2,136 @@ "id": "CVE-2023-20844", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.443", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:41:45.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20845.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20845.json index 53a03fba59b..cd041c784c2 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20845.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20845.json @@ -2,19 +2,131 @@ "id": "CVE-2023-20845", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.523", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:41:57.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20846.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20846.json index 567c65dc0cd..0705e7c15ea 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20846.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20846.json @@ -2,19 +2,136 @@ "id": "CVE-2023-20846", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.637", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:42:09.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20847.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20847.json index 6e483482899..849053f0839 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20847.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20847.json @@ -2,19 +2,136 @@ "id": "CVE-2023-20847", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.717", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:43:55.820", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20848.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20848.json index a9f6aec8e58..2c7359e6031 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20848.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20848.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20848", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.830", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:44:06.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20849.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20849.json index b75274b2076..1ad8be263d0 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20849.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20849.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20849", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:11.983", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:44:14.570", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-208xx/CVE-2023-20850.json b/CVE-2023/CVE-2023-208xx/CVE-2023-20850.json index 34fdd675019..8095d529a1a 100644 --- a/CVE-2023/CVE-2023-208xx/CVE-2023-20850.json +++ b/CVE-2023/CVE-2023-208xx/CVE-2023-20850.json @@ -2,19 +2,141 @@ "id": "CVE-2023-20850", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:12.033", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:44:28.573", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*", + "matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", + "matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*", + "matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*", + "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32812.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32812.json index 09d07f8bba2..92903c97434 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32812.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32812.json @@ -2,19 +2,276 @@ "id": "CVE-2023-32812", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.440", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:42:25.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32813.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32813.json index 957351d5352..a425f96447d 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32813.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32813.json @@ -2,19 +2,291 @@ "id": "CVE-2023-32813", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.527", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:42:39.470", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32814.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32814.json index 6e33b9eab01..be0d79ddc8f 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32814.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32814.json @@ -2,19 +2,276 @@ "id": "CVE-2023-32814", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.783", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:42:58.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32815.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32815.json index c6f3cb8d6ec..8de3f5c35f5 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32815.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32815.json @@ -2,19 +2,281 @@ "id": "CVE-2023-32815", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:13.990", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:43:12.923", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*", + "matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", + "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", + "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*", + "matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", + "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", + "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32816.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32816.json index 098f7ddb93f..042d5171fc0 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32816.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32816.json @@ -2,19 +2,251 @@ "id": "CVE-2023-32816", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:14.220", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:43:32.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-328xx/CVE-2023-32817.json b/CVE-2023/CVE-2023-328xx/CVE-2023-32817.json index fdc9998df89..08ee9c71627 100644 --- a/CVE-2023/CVE-2023-328xx/CVE-2023-32817.json +++ b/CVE-2023/CVE-2023-328xx/CVE-2023-32817.json @@ -2,19 +2,251 @@ "id": "CVE-2023-32817", "sourceIdentifier": "security@mediatek.com", "published": "2023-09-04T03:15:14.277", - "lastModified": "2023-09-04T03:51:45.317", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:43:42.350", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", + "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*", + "matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*", + "matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", + "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*", + "matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", + "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", + "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*", + "matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", + "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*", + "matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*", + "matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*", + "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*", + "matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3" + } + ] + } + ] + } + ], "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/September-2023", - "source": "security@mediatek.com" + "source": "security@mediatek.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json index 89912e480d3..b9274bea83b 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38633.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38633", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-22T17:15:09.810", - "lastModified": "2023-09-07T00:15:07.590", + "lastModified": "2023-09-07T14:15:11.410", "vulnStatus": "Modified", "descriptions": [ { @@ -181,10 +181,18 @@ "Third Party Advisory" ] }, + { + "url": "https://news.ycombinator.com/item?id=37415799", + "source": "cve@mitre.org" + }, { "url": "https://security.netapp.com/advisory/ntap-20230831-0011/", "source": "cve@mitre.org" }, + { + "url": "https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/", + "source": "cve@mitre.org" + }, { "url": "https://www.debian.org/security/2023/dsa-5484", "source": "cve@mitre.org" diff --git a/CVE-2023/CVE-2023-397xx/CVE-2023-39711.json b/CVE-2023/CVE-2023-397xx/CVE-2023-39711.json new file mode 100644 index 00000000000..9750c9efab1 --- /dev/null +++ b/CVE-2023/CVE-2023-397xx/CVE-2023-39711.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-39711", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-07T15:15:07.697", + "lastModified": "2023-09-07T15:15:07.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40181.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40181.json index 0b893bd8036..85239e4034c 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40181.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40181.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40181", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:07.860", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:55:50.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40186.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40186.json index 8c16fdeed8e..d2e89ecbe82 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40186.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40186.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40186", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.303", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:48:23.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40187.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40187.json index f7a3995ee81..7a05d299e88 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40187.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40187.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40187", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.417", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:40:05.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,7 +56,7 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,16 +64,55 @@ "value": "CWE-416" } ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-401xx/CVE-2023-40188.json b/CVE-2023/CVE-2023-401xx/CVE-2023-40188.json index 58454579bae..45415a09275 100644 --- a/CVE-2023/CVE-2023-401xx/CVE-2023-40188.json +++ b/CVE-2023/CVE-2023-401xx/CVE-2023-40188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40188", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.523", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:30:37.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,49 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40567.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40567.json index 255eb505ef2..85d2a1e4c8a 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40567.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40567.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40567", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.613", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:28:46.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +66,56 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.11.0", + "matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40574.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40574.json index f282da0c194..40f82aff0d8 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40574.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40574.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40574", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.793", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:24:25.010", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40575.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40575.json index adf73dd8810..082485bd1d9 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40575.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40575.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40575", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.877", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T15:18:56.130", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40576.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40576.json index 345871f2e4f..935b78a0c5d 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40576.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40576.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40576", "sourceIdentifier": "security-advisories@github.com", "published": "2023-08-31T22:15:08.970", - "lastModified": "2023-09-01T07:32:13.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:50:27.893", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -12,6 +12,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +66,43 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40839.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40839.json index 34a3279a735..016a3880989 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40839.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40839.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40839", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.453", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:14:25.523", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the \"formSetIptv\" function, obtaining the \"list\" and \"vlanId\" fields, unfiltered passing these two fields as parameters to the \"sub_ADF3C\" function to execute commands." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40840.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40840.json index 9c65fff28ff..f2a0a7fef06 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40840.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40840.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40840", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.517", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:13:17.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"fromGetWirelessRepeat.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/6.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40841.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40841.json index 6095f0a2d0c..11709860c7e 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40841.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40841.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40841", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.577", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:13:10.490", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"add_white_node,\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/5.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40842.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40842.json index 301e703aed3..b23c288b9cd 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40842.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40842.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40842", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.640", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:13:05.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"R7WebsSecurityHandler.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/4.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40843.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40843.json index 0c989c17a6c..1453bd9c3ad 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40843.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40843.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40843", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.697", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:12:53.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"sub_73004.\"" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/8/8.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40844.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40844.json index 161e5aaa4be..ea189be067d 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40844.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40844.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40844", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.757", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:15:43.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/2.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-408xx/CVE-2023-40845.json b/CVE-2023/CVE-2023-408xx/CVE-2023-40845.json index 4260250cb98..39b2952fc54 100644 --- a/CVE-2023/CVE-2023-408xx/CVE-2023-40845.json +++ b/CVE-2023/CVE-2023-408xx/CVE-2023-40845.json @@ -2,19 +2,86 @@ "id": "CVE-2023-40845", "sourceIdentifier": "cve@mitre.org", "published": "2023-08-30T17:15:10.817", - "lastModified": "2023-08-31T10:02:10.690", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2023-09-07T14:12:00.257", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*", + "matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/14.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40942.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40942.json new file mode 100644 index 00000000000..b7be2226263 --- /dev/null +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40942.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-40942", + "sourceIdentifier": "cve@mitre.org", + "published": "2023-09-07T15:15:07.767", + "lastModified": "2023-09-07T15:15:07.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json b/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json index dc88909ee91..022f7a448c1 100644 --- a/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json +++ b/CVE-2023/CVE-2023-409xx/CVE-2023-40969.json @@ -2,23 +2,82 @@ "id": "CVE-2023-40969", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-01T11:15:42.800", - "lastModified": "2023-09-01T11:47:43.290", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2023-09-07T14:16:25.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:slims:senayan_library_management_system:9.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "548C3132-1CC1-446F-90FC-3411038DFAAB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://github.com/slims/slims9_bulian/issues/204", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index aee92ba3aae..089f1c21cee 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2023-09-07T14:00:25.857485+00:00 +2023-09-07T16:00:24.858095+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2023-09-07T13:48:46.393000+00:00 +2023-09-07T15:55:50.960000+00:00 ``` ### Last Data Feed Release @@ -29,64 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -224453 +224472 ``` ### CVEs added in the last Commit -Recently added CVEs: `20` +Recently added CVEs: `19` -* [CVE-2021-40698](CVE-2021/CVE-2021-406xx/CVE-2021-40698.json) (`2023-09-07T13:15:07.160`) -* [CVE-2021-40699](CVE-2021/CVE-2021-406xx/CVE-2021-40699.json) (`2023-09-07T13:15:07.300`) -* [CVE-2021-40723](CVE-2021/CVE-2021-407xx/CVE-2021-40723.json) (`2023-09-07T13:15:07.393`) -* [CVE-2021-40790](CVE-2021/CVE-2021-407xx/CVE-2021-40790.json) (`2023-09-07T13:15:07.507`) -* [CVE-2021-40791](CVE-2021/CVE-2021-407xx/CVE-2021-40791.json) (`2023-09-07T13:15:07.597`) -* [CVE-2021-40795](CVE-2021/CVE-2021-407xx/CVE-2021-40795.json) (`2023-09-07T13:15:07.683`) -* [CVE-2021-42265](CVE-2021/CVE-2021-422xx/CVE-2021-42265.json) (`2023-09-07T13:15:07.777`) -* [CVE-2021-42734](CVE-2021/CVE-2021-427xx/CVE-2021-42734.json) (`2023-09-07T13:15:07.883`) -* [CVE-2021-43018](CVE-2021/CVE-2021-430xx/CVE-2021-43018.json) (`2023-09-07T13:15:07.973`) -* [CVE-2021-43027](CVE-2021/CVE-2021-430xx/CVE-2021-43027.json) (`2023-09-07T13:15:08.057`) -* [CVE-2021-43751](CVE-2021/CVE-2021-437xx/CVE-2021-43751.json) (`2023-09-07T13:15:08.140`) -* [CVE-2021-43753](CVE-2021/CVE-2021-437xx/CVE-2021-43753.json) (`2023-09-07T13:15:08.230`) -* [CVE-2021-44188](CVE-2021/CVE-2021-441xx/CVE-2021-44188.json) (`2023-09-07T13:15:08.317`) -* [CVE-2023-36635](CVE-2023/CVE-2023-366xx/CVE-2023-36635.json) (`2023-09-07T13:15:08.433`) -* [CVE-2023-39420](CVE-2023/CVE-2023-394xx/CVE-2023-39420.json) (`2023-09-07T13:15:08.517`) -* [CVE-2023-39421](CVE-2023/CVE-2023-394xx/CVE-2023-39421.json) (`2023-09-07T13:15:08.617`) -* [CVE-2023-39422](CVE-2023/CVE-2023-394xx/CVE-2023-39422.json) (`2023-09-07T13:15:08.710`) -* [CVE-2023-39423](CVE-2023/CVE-2023-394xx/CVE-2023-39423.json) (`2023-09-07T13:15:08.837`) -* [CVE-2023-39424](CVE-2023/CVE-2023-394xx/CVE-2023-39424.json) (`2023-09-07T13:15:08.933`) -* [CVE-2023-3747](CVE-2023/CVE-2023-37xx/CVE-2023-3747.json) (`2023-09-07T13:15:09.030`) +* [CVE-2021-44189](CVE-2021/CVE-2021-441xx/CVE-2021-44189.json) (`2023-09-07T14:15:07.843`) +* [CVE-2021-44190](CVE-2021/CVE-2021-441xx/CVE-2021-44190.json) (`2023-09-07T14:15:08.187`) +* [CVE-2021-44191](CVE-2021/CVE-2021-441xx/CVE-2021-44191.json) (`2023-09-07T14:15:08.383`) +* [CVE-2021-44192](CVE-2021/CVE-2021-441xx/CVE-2021-44192.json) (`2023-09-07T14:15:08.573`) +* [CVE-2021-44193](CVE-2021/CVE-2021-441xx/CVE-2021-44193.json) (`2023-09-07T14:15:08.750`) +* [CVE-2021-44194](CVE-2021/CVE-2021-441xx/CVE-2021-44194.json) (`2023-09-07T14:15:08.943`) +* [CVE-2021-44195](CVE-2021/CVE-2021-441xx/CVE-2021-44195.json) (`2023-09-07T14:15:09.147`) +* [CVE-2022-30637](CVE-2022/CVE-2022-306xx/CVE-2022-30637.json) (`2023-09-07T14:15:09.323`) +* [CVE-2022-30638](CVE-2022/CVE-2022-306xx/CVE-2022-30638.json) (`2023-09-07T14:15:09.487`) +* [CVE-2022-30639](CVE-2022/CVE-2022-306xx/CVE-2022-30639.json) (`2023-09-07T14:15:09.690`) +* [CVE-2022-30640](CVE-2022/CVE-2022-306xx/CVE-2022-30640.json) (`2023-09-07T14:15:09.930`) +* [CVE-2022-30641](CVE-2022/CVE-2022-306xx/CVE-2022-30641.json) (`2023-09-07T14:15:10.057`) +* [CVE-2022-30642](CVE-2022/CVE-2022-306xx/CVE-2022-30642.json) (`2023-09-07T14:15:10.253`) +* [CVE-2022-30643](CVE-2022/CVE-2022-306xx/CVE-2022-30643.json) (`2023-09-07T14:15:10.430`) +* [CVE-2022-30644](CVE-2022/CVE-2022-306xx/CVE-2022-30644.json) (`2023-09-07T14:15:10.707`) +* [CVE-2022-30645](CVE-2022/CVE-2022-306xx/CVE-2022-30645.json) (`2023-09-07T14:15:10.910`) +* [CVE-2022-30646](CVE-2022/CVE-2022-306xx/CVE-2022-30646.json) (`2023-09-07T14:15:11.183`) +* [CVE-2023-39711](CVE-2023/CVE-2023-397xx/CVE-2023-39711.json) (`2023-09-07T15:15:07.697`) +* [CVE-2023-40942](CVE-2023/CVE-2023-409xx/CVE-2023-40942.json) (`2023-09-07T15:15:07.767`) ### CVEs modified in the last Commit -Recently modified CVEs: `30` +Recently modified CVEs: `40` -* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-4815](CVE-2023/CVE-2023-48xx/CVE-2023-4815.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39238](CVE-2023/CVE-2023-392xx/CVE-2023-39238.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39239](CVE-2023/CVE-2023-392xx/CVE-2023-39239.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39240](CVE-2023/CVE-2023-392xx/CVE-2023-39240.json) (`2023-09-07T12:50:36.973`) -* [CVE-2023-39710](CVE-2023/CVE-2023-397xx/CVE-2023-39710.json) (`2023-09-07T12:56:42.723`) -* [CVE-2023-39703](CVE-2023/CVE-2023-397xx/CVE-2023-39703.json) (`2023-09-07T12:57:41.467`) -* [CVE-2023-37830](CVE-2023/CVE-2023-378xx/CVE-2023-37830.json) (`2023-09-07T12:58:00.423`) -* [CVE-2023-37829](CVE-2023/CVE-2023-378xx/CVE-2023-37829.json) (`2023-09-07T13:03:28.967`) -* [CVE-2023-37828](CVE-2023/CVE-2023-378xx/CVE-2023-37828.json) (`2023-09-07T13:03:37.697`) -* [CVE-2023-37827](CVE-2023/CVE-2023-378xx/CVE-2023-37827.json) (`2023-09-07T13:03:44.377`) -* [CVE-2023-37826](CVE-2023/CVE-2023-378xx/CVE-2023-37826.json) (`2023-09-07T13:04:10.693`) -* [CVE-2023-37997](CVE-2023/CVE-2023-379xx/CVE-2023-37997.json) (`2023-09-07T13:05:27.313`) -* [CVE-2023-37994](CVE-2023/CVE-2023-379xx/CVE-2023-37994.json) (`2023-09-07T13:05:35.930`) -* [CVE-2023-37986](CVE-2023/CVE-2023-379xx/CVE-2023-37986.json) (`2023-09-07T13:05:43.310`) -* [CVE-2023-37893](CVE-2023/CVE-2023-378xx/CVE-2023-37893.json) (`2023-09-07T13:05:50.480`) -* [CVE-2023-34011](CVE-2023/CVE-2023-340xx/CVE-2023-34011.json) (`2023-09-07T13:06:11.770`) -* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-09-07T13:13:00.990`) -* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-09-07T13:26:55.797`) -* [CVE-2023-40848](CVE-2023/CVE-2023-408xx/CVE-2023-40848.json) (`2023-09-07T13:45:12.653`) -* [CVE-2023-40847](CVE-2023/CVE-2023-408xx/CVE-2023-40847.json) (`2023-09-07T13:47:17.837`) -* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-09-07T13:48:46.393`) +* [CVE-2023-20837](CVE-2023/CVE-2023-208xx/CVE-2023-20837.json) (`2023-09-07T14:39:00.457`) +* [CVE-2023-20838](CVE-2023/CVE-2023-208xx/CVE-2023-20838.json) (`2023-09-07T14:41:14.693`) +* [CVE-2023-20839](CVE-2023/CVE-2023-208xx/CVE-2023-20839.json) (`2023-09-07T14:41:27.213`) +* [CVE-2023-20843](CVE-2023/CVE-2023-208xx/CVE-2023-20843.json) (`2023-09-07T14:41:36.843`) +* [CVE-2023-20844](CVE-2023/CVE-2023-208xx/CVE-2023-20844.json) (`2023-09-07T14:41:45.870`) +* [CVE-2023-20845](CVE-2023/CVE-2023-208xx/CVE-2023-20845.json) (`2023-09-07T14:41:57.077`) +* [CVE-2023-20846](CVE-2023/CVE-2023-208xx/CVE-2023-20846.json) (`2023-09-07T14:42:09.063`) +* [CVE-2023-32812](CVE-2023/CVE-2023-328xx/CVE-2023-32812.json) (`2023-09-07T14:42:25.327`) +* [CVE-2023-32813](CVE-2023/CVE-2023-328xx/CVE-2023-32813.json) (`2023-09-07T14:42:39.470`) +* [CVE-2023-32814](CVE-2023/CVE-2023-328xx/CVE-2023-32814.json) (`2023-09-07T14:42:58.513`) +* [CVE-2023-32815](CVE-2023/CVE-2023-328xx/CVE-2023-32815.json) (`2023-09-07T14:43:12.923`) +* [CVE-2023-32816](CVE-2023/CVE-2023-328xx/CVE-2023-32816.json) (`2023-09-07T14:43:32.837`) +* [CVE-2023-32817](CVE-2023/CVE-2023-328xx/CVE-2023-32817.json) (`2023-09-07T14:43:42.350`) +* [CVE-2023-20847](CVE-2023/CVE-2023-208xx/CVE-2023-20847.json) (`2023-09-07T14:43:55.820`) +* [CVE-2023-20848](CVE-2023/CVE-2023-208xx/CVE-2023-20848.json) (`2023-09-07T14:44:06.117`) +* [CVE-2023-20849](CVE-2023/CVE-2023-208xx/CVE-2023-20849.json) (`2023-09-07T14:44:14.570`) +* [CVE-2023-20850](CVE-2023/CVE-2023-208xx/CVE-2023-20850.json) (`2023-09-07T14:44:28.573`) +* [CVE-2023-40576](CVE-2023/CVE-2023-405xx/CVE-2023-40576.json) (`2023-09-07T14:50:27.893`) +* [CVE-2023-40575](CVE-2023/CVE-2023-405xx/CVE-2023-40575.json) (`2023-09-07T15:18:56.130`) +* [CVE-2023-40574](CVE-2023/CVE-2023-405xx/CVE-2023-40574.json) (`2023-09-07T15:24:25.010`) +* [CVE-2023-40567](CVE-2023/CVE-2023-405xx/CVE-2023-40567.json) (`2023-09-07T15:28:46.033`) +* [CVE-2023-40188](CVE-2023/CVE-2023-401xx/CVE-2023-40188.json) (`2023-09-07T15:30:37.297`) +* [CVE-2023-40187](CVE-2023/CVE-2023-401xx/CVE-2023-40187.json) (`2023-09-07T15:40:05.617`) +* [CVE-2023-40186](CVE-2023/CVE-2023-401xx/CVE-2023-40186.json) (`2023-09-07T15:48:23.590`) +* [CVE-2023-40181](CVE-2023/CVE-2023-401xx/CVE-2023-40181.json) (`2023-09-07T15:55:50.960`) ## Download and Usage