admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-07T16:00:24.858095+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-07 16:00:28 +00:00
parent 4ba1feab31
commit b0cd68cfa9
60 changed files with 5676 additions and 224 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2021/CVE-2021-441xx/CVE-2021-44189.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44189",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:07.843",
"lastModified": "2023-09-07T14:15:07.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44190.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44190",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:08.187",
"lastModified": "2023-09-07T14:15:08.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44191.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44191",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:08.383",
"lastModified": "2023-09-07T14:15:08.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44192.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44192",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:08.573",
"lastModified": "2023-09-07T14:15:08.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44193.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44193",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:08.750",
"lastModified": "2023-09-07T14:15:08.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44194.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44194",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:08.943",
"lastModified": "2023-09-07T14:15:08.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2021/CVE-2021-441xx/CVE-2021-44195.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2021-44195",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:09.147",
"lastModified": "2023-09-07T14:15:09.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb21-115.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30637.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30637",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:09.323",
"lastModified": "2023-09-07T14:15:09.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30638.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30638",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:09.487",
"lastModified": "2023-09-07T14:15:09.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30639.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30639",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:09.690",
"lastModified": "2023-09-07T14:15:09.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30640.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30640",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:09.930",
"lastModified": "2023-09-07T14:15:09.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30641.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30641",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:10.057",
"lastModified": "2023-09-07T14:15:10.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30642.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30642",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:10.253",
"lastModified": "2023-09-07T14:15:10.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30643.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30643",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:10.430",
"lastModified": "2023-09-07T14:15:10.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30644.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30644",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:10.707",
"lastModified": "2023-09-07T14:15:10.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30645.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30645",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:10.910",
"lastModified": "2023-09-07T14:15:10.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2022/CVE-2022-306xx/CVE-2022-30646.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2022-30646",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-09-07T14:15:11.183",
"lastModified": "2023-09-07T14:15:11.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb22-26.html",
"source": "psirt@adobe.com"
}
]
}

34
CVE-2022/CVE-2022-419xx/CVE-2022-41954.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-41954", "id": "CVE-2022-41954",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2022-11-25T19:15:12.023", "published": "2022-11-25T19:15:12.023",
"lastModified": "2023-07-06T13:41:46.873", "lastModified": "2023-09-07T15:15:07.493",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -55,19 +55,9 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Primary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -78,6 +68,16 @@
"value": "CWE-377" "value": "CWE-377"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
} }
], ],
"configurations": [ "configurations": [
@ -100,12 +100,8 @@
], ],
"references": [ "references": [
{ {
"url": "https://github.com/joniles/mpxj/commit/287ad0234213c52b0638565e14bd9cf3ed44cedd", "url": "https://github.com/joniles/mpxj/commit/ae0af24345d79ad45705265d9927fe55e94a5721",
"source": "security-advisories@github.com", "source": "security-advisories@github.com"
"tags": [
"Patch",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/joniles/mpxj/security/advisories/GHSA-jf2p-4gqj-849g", "url": "https://github.com/joniles/mpxj/security/advisories/GHSA-jf2p-4gqj-849g",

76
CVE-2022/CVE-2022-468xx/CVE-2022-46868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46868", "id": "CVE-2022-46868",
"sourceIdentifier": "security@acronis.com", "sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T15:15:08.343", "published": "2023-08-31T15:15:08.343",
"lastModified": "2023-08-31T17:25:54.340", "lastModified": "2023-09-07T14:24:50.557",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@acronis.com", "source": "security@acronis.com",
@ -35,6 +57,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
},
{ {
"source": "security@acronis.com", "source": "security@acronis.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +78,44 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://security-advisory.acronis.com/advisories/SEC-2499", "operator": "AND",
"source": "security@acronis.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "40173",
"matchCriteriaId": "81BABB96-E94D-47DA-ADA6-3979FF372490"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-2499",
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

76
CVE-2022/CVE-2022-468xx/CVE-2022-46869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-46869", "id": "CVE-2022-46869",
"sourceIdentifier": "security@acronis.com", "sourceIdentifier": "security@acronis.com",
"published": "2023-08-31T20:15:08.027", "published": "2023-08-31T20:15:08.027",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T14:25:24.507",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -11,6 +11,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@acronis.com", "source": "security@acronis.com",
@ -35,6 +57,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{ {
"source": "security@acronis.com", "source": "security@acronis.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +78,44 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://security-advisory.acronis.com/advisories/SEC-3835", "operator": "AND",
"source": "security@acronis.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:acronis:cyber_protect_home_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "40278",
"matchCriteriaId": "DA67D824-36CA-4954-A798-1128251F6556"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://security-advisory.acronis.com/advisories/SEC-3835",
"source": "security@acronis.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

164
CVE-2023/CVE-2023-208xx/CVE-2023-20837.json
View File

@ -2,19 +2,171 @@
"id": "CVE-2023-20837", "id": "CVE-2023-20837",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.430", "published": "2023-09-04T03:15:10.430",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:39:00.457",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786." "value": "In seninf, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07992786; Issue ID: ALPS07992786."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

294
CVE-2023/CVE-2023-208xx/CVE-2023-20838.json
View File

@ -2,19 +2,301 @@
"id": "CVE-2023-20838", "id": "CVE-2023-20838",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.560", "published": "2023-09-04T03:15:10.560",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:41:14.693",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418." "value": "In imgsys, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326418."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EECB3C-723A-492D-A6D7-6A1A73EDBFDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2385F2C9-3EA1-424B-AB8D-A672BF1CBE56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19:-:*:*:*:*:*:*",
"matchCriteriaId": "CFDAD450-8799-4C2D-80CE-2AA45DEC35CE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt5221:-:*:*:*:*:*:*:*",
"matchCriteriaId": "518D4593-D5E2-489C-92C3-343716A621E9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8167:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B5FE245-6346-4078-A3D0-E5F79BB636B8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8173:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4452EFCF-5733-40A0-8726-F8E33E569411"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8185:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62FDE8E0-FD9F-4D2B-944C-E17F34A09F06"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8321:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793B7F88-79E7-4031-8AD0-35C9BFD073C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8385:-:*:*:*:*:*:*:*",
"matchCriteriaId": "299378ED-41CE-4966-99B1-65D2BA1215EF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8518s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6069CD03-6AB1-4A06-88CF-EFBDEA84CDE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE18D5C2-0423-4CE5-86E7-69E7BB131BBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AACF35D-27E0-49AF-A667-13585C8B8071"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8766:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE45F606-2E75-48BC-9D1B-99D504974CBF"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8788:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE10C121-F2AD-43D2-8FF9-A6C197858220"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1505AD53-987E-4328-8E1D-F5F1EC12B677"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CD2C3EC-B62D-4616-964F-FDBE5B14A449"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB05B1D-77C9-4E42-91AD-9F087413DC20"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B469BF4-5961-42E9-814B-1BE06D182E45"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20839.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20839", "id": "CVE-2023-20839",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.677", "published": "2023-09-04T03:15:10.677",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:41:27.213",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409." "value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326409."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

128
CVE-2023/CVE-2023-208xx/CVE-2023-20840.json
View File

@ -2,19 +2,135 @@
"id": "CVE-2023-20840", "id": "CVE-2023-20840",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:10.827", "published": "2023-09-04T03:15:10.827",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:38:08.260",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430." "value": "In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326430; Issue ID: ALPS07326430."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20841.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20841", "id": "CVE-2023-20841",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.003", "published": "2023-09-04T03:15:11.003",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:38:22.917",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441." "value": "In imgsys, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326441."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20842.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20842", "id": "CVE-2023-20842",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.163", "published": "2023-09-04T03:15:11.163",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:38:36.610",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing\u00a0valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477." "value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing\u00a0valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354259; Issue ID: ALPS07340477."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

129
CVE-2023/CVE-2023-208xx/CVE-2023-20843.json
View File

@ -2,19 +2,136 @@
"id": "CVE-2023-20843", "id": "CVE-2023-20843",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.343", "published": "2023-09-04T03:15:11.343",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:41:36.843",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119." "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340119; Issue ID: ALPS07340119."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

129
CVE-2023/CVE-2023-208xx/CVE-2023-20844.json
View File

@ -2,19 +2,136 @@
"id": "CVE-2023-20844", "id": "CVE-2023-20844",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.443", "published": "2023-09-04T03:15:11.443",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:41:45.870",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121." "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354058; Issue ID: ALPS07340121."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

124
CVE-2023/CVE-2023-208xx/CVE-2023-20845.json
View File

@ -2,19 +2,131 @@
"id": "CVE-2023-20845", "id": "CVE-2023-20845",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.523", "published": "2023-09-04T03:15:11.523",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:41:57.077",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357." "value": "In imgsys, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07197795; Issue ID: ALPS07340357."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

129
CVE-2023/CVE-2023-208xx/CVE-2023-20846.json
View File

@ -2,19 +2,136 @@
"id": "CVE-2023-20846", "id": "CVE-2023-20846",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.637", "published": "2023-09-04T03:15:11.637",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:42:09.063",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098." "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354023; Issue ID: ALPS07340098."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

129
CVE-2023/CVE-2023-208xx/CVE-2023-20847.json
View File

@ -2,19 +2,136 @@
"id": "CVE-2023-20847", "id": "CVE-2023-20847",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.717", "published": "2023-09-04T03:15:11.717",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:43:55.820",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108." "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local denial of service with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07354025; Issue ID: ALPS07340108."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20848.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20848", "id": "CVE-2023-20848",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.830", "published": "2023-09-04T03:15:11.830",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:44:06.117",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433." "value": "In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340433."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20849.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20849", "id": "CVE-2023-20849",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:11.983", "published": "2023-09-04T03:15:11.983",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:44:14.570",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350." "value": "In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340350."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2023/CVE-2023-208xx/CVE-2023-20850.json
View File

@ -2,19 +2,141 @@
"id": "CVE-2023-20850", "id": "CVE-2023-20850",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:12.033", "published": "2023-09-04T03:15:12.033",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:44:28.573",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381." "value": "In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07340381."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mediatek:iot_yocto:23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9ED712-53EF-4AF7-AB45-A87B50F6BE16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:-:*:*:*:*:*:*",
"matchCriteriaId": "DE093B34-F4CD-4052-8122-730D6537A91A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "533284E5-C3AF-48D3-A287-993099DB2E41"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

269
CVE-2023/CVE-2023-328xx/CVE-2023-32812.json
View File

@ -2,19 +2,276 @@
"id": "CVE-2023-32812", "id": "CVE-2023-32812",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:13.440", "published": "2023-09-04T03:15:13.440",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:42:25.327",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365." "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local esclation of privileges with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017365; Issue ID: ALPS08017365."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

284
CVE-2023/CVE-2023-328xx/CVE-2023-32813.json
View File

@ -2,19 +2,291 @@
"id": "CVE-2023-32813", "id": "CVE-2023-32813",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:13.527", "published": "2023-09-04T03:15:13.527",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:42:39.470",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370." "value": "In gnss service, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017370; Issue ID: ALPS08017370."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

269
CVE-2023/CVE-2023-328xx/CVE-2023-32814.json
View File

@ -2,19 +2,276 @@
"id": "CVE-2023-32814", "id": "CVE-2023-32814",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:13.783", "published": "2023-09-04T03:15:13.783",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:42:58.513",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947." "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08031947; Issue ID: ALPS08031947."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

274
CVE-2023/CVE-2023-328xx/CVE-2023-32815.json
View File

@ -2,19 +2,281 @@
"id": "CVE-2023-32815", "id": "CVE-2023-32815",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:13.990", "published": "2023-09-04T03:15:13.990",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:43:12.923",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801." "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:yocto:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "397C75CA-D217-4617-B8B1-80F74CFB04CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*",
"matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F1D09FC-5BE9-4B23-82F1-3C6EAC5711A6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68CF4A7A-3136-4C4C-A795-81323896BE11"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*",
"matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9131F6-F167-4FD7-8FBF-B372CBBCF46F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A4675A09-0147-4690-8AA1-E3802CA1B3EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

244
CVE-2023/CVE-2023-328xx/CVE-2023-32816.json
View File

@ -2,19 +2,251 @@
"id": "CVE-2023-32816", "id": "CVE-2023-32816",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:14.220", "published": "2023-09-04T03:15:14.220",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:43:32.837",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032." "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044032."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

244
CVE-2023/CVE-2023-328xx/CVE-2023-32817.json
View File

@ -2,19 +2,251 @@
"id": "CVE-2023-32817", "id": "CVE-2023-32817",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-09-04T03:15:14.277", "published": "2023-09-04T03:15:14.277",
"lastModified": "2023-09-04T03:51:45.317", "lastModified": "2023-09-07T14:43:42.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035." "value": "In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023", "source": "nvd@nist.gov",
"source": "security@mediatek.com" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt2713:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1135F9-E38C-4308-BD32-A4D83959282E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6580:-:*:*:*:*:*:*:*",
"matchCriteriaId": "46F71838-4E50-4F2A-9EB8-30AE5DF8511E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6739:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA8A390-9F52-4CF3-9B45-936CE3E2B828"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6761:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F726F486-A86F-4215-AD93-7A07A071844A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6779:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA369B8-8E23-492B-82CC-23114E6A5D1C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6785:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82E0A4F-072F-474C-B94C-8114ABE05639"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "328DA6BE-1303-4646-89B7-2EC8DC444532"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "083F6134-FF26-4F1B-9B77-971D342AF774"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*",
"matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15E2EC3F-9FB3-488B-B1C1-2793A416C755"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B787DC3-8E5A-4968-B20B-37B6257FAAE2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8168:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE2FC35-716A-4706-97BA-5DB165041580"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8175:-:*:*:*:*:*:*:*",
"matchCriteriaId": "582F1041-CD84-4763-AD6F-E08DD11F689F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8365:-:*:*:*:*:*:*:*",
"matchCriteriaId": "97C76F98-5D8D-4E52-ABAF-CD27C1205B0E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C9AB4D2-0EDD-4D5E-9393-F535CA2F24C4"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE14B46-C1CA-465F-8578-059FA2ED30EB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*",
"matchCriteriaId": "152F6606-FA23-4530-AA07-419866B74CB3"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/September-2023",
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

10
CVE-2023/CVE-2023-386xx/CVE-2023-38633.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38633", "id": "CVE-2023-38633",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-07-22T17:15:09.810", "published": "2023-07-22T17:15:09.810",
"lastModified": "2023-09-07T00:15:07.590", "lastModified": "2023-09-07T14:15:11.410",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"descriptions": [ "descriptions": [
{ {
@ -181,10 +181,18 @@
"Third Party Advisory" "Third Party Advisory"
] ]
}, },
{
"url": "https://news.ycombinator.com/item?id=37415799",
"source": "cve@mitre.org"
},
{ {
"url": "https://security.netapp.com/advisory/ntap-20230831-0011/", "url": "https://security.netapp.com/advisory/ntap-20230831-0011/",
"source": "cve@mitre.org" "source": "cve@mitre.org"
}, },
{
"url": "https://www.canva.dev/blog/engineering/when-url-parsers-disagree-cve-2023-38633/",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.debian.org/security/2023/dsa-5484", "url": "https://www.debian.org/security/2023/dsa-5484",
"source": "cve@mitre.org" "source": "cve@mitre.org"

28
CVE-2023/CVE-2023-397xx/CVE-2023-39711.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-39711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-07T15:15:07.697",
"lastModified": "2023-09-07T15:15:07.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Subtotal and Paidbill parameters under the Add New Put section."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/Arajawat007/1683f9640c0d62337e0bbe23569d1ea5#file-cve-2023-39711",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/16741/free-and-open-source-inventory-management-system-php-source-code.html",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-401xx/CVE-2023-40181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40181", "id": "CVE-2023-40181",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:07.860", "published": "2023-08-31T22:15:07.860",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:55:50.960",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,18 +70,56 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L256-L261",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/2252d53001d9ce8a452f0a0a5b1f5ed9db6d57f1/libfreerdp/codec/zgfx.c#L334-L355",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxp4-rx7x-h2g8",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-401xx/CVE-2023-40186.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40186", "id": "CVE-2023-40186",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.303", "published": "2023-08-31T22:15:08.303",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:48:23.590",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -50,14 +70,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/fee2b10ba1154f952769a53eb608f044782e22f8/libfreerdp/gdi/gfx.c#L1156-L1165",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hcj4-3c3r-5j3v",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2023/CVE-2023-401xx/CVE-2023-40187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40187", "id": "CVE-2023-40187",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.417", "published": "2023-08-31T22:15:08.417",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:40:05.617",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -36,7 +56,7 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security-advisories@github.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [ "description": [
{ {
@ -44,16 +64,55 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/h264.c#L413-L427",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-pwf9-v5p9-ch4f",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

69
CVE-2023/CVE-2023-401xx/CVE-2023-40188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40188", "id": "CVE-2023-40188",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.523", "published": "2023-08-31T22:15:08.523",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:30:37.297",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,49 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/nsc.c#L115-L175",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9w28-wwj5-p4xq",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

76
CVE-2023/CVE-2023-405xx/CVE-2023-40567.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40567", "id": "CVE-2023-40567",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.613", "published": "2023-08-31T22:15:08.613",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:28:46.033",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,18 +66,56 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.0",
"matchCriteriaId": "80B02150-FC4E-43F5-A3DF-D8E585200977"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L612-L618",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/clear.c#L843-L845",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2w9f-8wg4-8jfp",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-405xx/CVE-2023-40574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40574", "id": "CVE-2023-40574",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.793", "published": "2023-08-31T22:15:08.793",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:24:25.010",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-422p-gj6x-93cw",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-405xx/CVE-2023-40575.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40575", "id": "CVE-2023-40575",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.877", "published": "2023-08-31T22:15:08.877",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T15:18:56.130",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/primitives/prim_YUV.c#L414-L445",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c6vw-92h9-5w9v",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2023/CVE-2023-405xx/CVE-2023-40576.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40576", "id": "CVE-2023-40576",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2023-08-31T22:15:08.970", "published": "2023-08-31T22:15:08.970",
"lastModified": "2023-09-01T07:32:13.003", "lastModified": "2023-09-07T14:50:27.893",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -12,6 +12,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "security-advisories@github.com", "source": "security-advisories@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +66,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113", "nodes": [
"source": "security-advisories@github.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "D8720D61-0B0D-40ED-B3C4-B452D83BF3C2"
}, },
{ {
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2", "vulnerable": true,
"source": "security-advisories@github.com" "criteria": "cpe:2.3:a:freerdp:freerdp:3.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "18A75D02-0E7A-4AAF-8E23-0CDCB1733FEA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/blob/5be5553e0da72178a4b94cc1ffbdace9ceb153e5/libfreerdp/codec/include/bitmap.c#L94-L113",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x3x5-r7jm-5pq2",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40839.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40839", "id": "CVE-2023-40839",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.453", "published": "2023-08-30T17:15:10.453",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:14:25.523",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the \"formSetIptv\" function, obtaining the \"list\" and \"vlanId\" fields, unfiltered passing these two fields as parameters to the \"sub_ADF3C\" function to execute commands." "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the \"formSetIptv\" function, obtaining the \"list\" and \"vlanId\" fields, unfiltered passing these two fields as parameters to the \"sub_ADF3C\" function to execute commands."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/cmd/3/3.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40840.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40840", "id": "CVE-2023-40840",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.517", "published": "2023-08-30T17:15:10.517",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:13:17.157",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"fromGetWirelessRepeat.\"" "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"fromGetWirelessRepeat.\""
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/6.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/6/6.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40841.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40841", "id": "CVE-2023-40841",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.577", "published": "2023-08-30T17:15:10.577",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:13:10.490",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"add_white_node,\"" "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"add_white_node,\""
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/5.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/5/5.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40842.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40842", "id": "CVE-2023-40842",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.640", "published": "2023-08-30T17:15:10.640",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:13:05.397",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"R7WebsSecurityHandler.\"" "value": "Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"R7WebsSecurityHandler.\""
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/4.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/4/4.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40843.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40843", "id": "CVE-2023-40843",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.697", "published": "2023-08-30T17:15:10.697",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:12:53.890",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"sub_73004.\"" "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function \"sub_73004.\""
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/8/8.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/8/8.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40844.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40844", "id": "CVE-2023-40844",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.757", "published": "2023-08-30T17:15:10.757",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:15:43.250",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'" "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/2.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/2/2.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

79
CVE-2023/CVE-2023-408xx/CVE-2023-40845.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2023-40845", "id": "CVE-2023-40845",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-08-30T17:15:10.817", "published": "2023-08-30T17:15:10.817",
"lastModified": "2023-08-31T10:02:10.690", "lastModified": "2023-09-07T14:12:00.257",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks." "value": "Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/14.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac6_firmware:15.03.05.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6F60AFD7-74AF-4CA2-8232-2858D5AD023A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac6:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B622BF6D-85E6-475A-B7FB-11BA1A641191"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/XYIYM/Digging/blob/main/Tenda/AC6/bof/14/14.md",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

20
CVE-2023/CVE-2023-409xx/CVE-2023-40942.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-40942",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-07T15:15:07.767",
"lastModified": "2023-09-07T15:15:07.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Tenda AC9 V3.0BR_V15.03.06.42_multi_TD01 was discovered stack overflow via parameter 'firewall_value' at url /goform/SetFirewallCfg."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/GleamingEyes/vul/blob/main/tenda_ac9/SetFirewallCfg.md",
"source": "cve@mitre.org"
}
]
}

75
CVE-2023/CVE-2023-409xx/CVE-2023-40969.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-40969", "id": "CVE-2023-40969",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-09-01T11:15:42.800", "published": "2023-09-01T11:15:42.800",
"lastModified": "2023-09-01T11:47:43.290", "lastModified": "2023-09-07T14:16:25.927",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php." "value": "Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{ {
"url": "https://github.com/slims/slims9_bulian/issues/204", "source": "nvd@nist.gov",
"source": "cve@mitre.org" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slims:senayan_library_management_system:9.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "548C3132-1CC1-446F-90FC-3411038DFAAB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/komangsughosa/CVE-ID-not-yet/blob/main/slims/slims9_bulian-9.6.1-SSRF-pop_p2p.md",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/slims/slims9_bulian/issues/204",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

99
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2023-09-07T14:00:25.857485+00:00 2023-09-07T16:00:24.858095+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2023-09-07T13:48:46.393000+00:00 2023-09-07T15:55:50.960000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,64 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
224453 224472
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `20` Recently added CVEs: `19`
* [CVE-2021-40698](CVE-2021/CVE-2021-406xx/CVE-2021-40698.json) (`2023-09-07T13:15:07.160`) * [CVE-2021-44189](CVE-2021/CVE-2021-441xx/CVE-2021-44189.json) (`2023-09-07T14:15:07.843`)
* [CVE-2021-40699](CVE-2021/CVE-2021-406xx/CVE-2021-40699.json) (`2023-09-07T13:15:07.300`) * [CVE-2021-44190](CVE-2021/CVE-2021-441xx/CVE-2021-44190.json) (`2023-09-07T14:15:08.187`)
* [CVE-2021-40723](CVE-2021/CVE-2021-407xx/CVE-2021-40723.json) (`2023-09-07T13:15:07.393`) * [CVE-2021-44191](CVE-2021/CVE-2021-441xx/CVE-2021-44191.json) (`2023-09-07T14:15:08.383`)
* [CVE-2021-40790](CVE-2021/CVE-2021-407xx/CVE-2021-40790.json) (`2023-09-07T13:15:07.507`) * [CVE-2021-44192](CVE-2021/CVE-2021-441xx/CVE-2021-44192.json) (`2023-09-07T14:15:08.573`)
* [CVE-2021-40791](CVE-2021/CVE-2021-407xx/CVE-2021-40791.json) (`2023-09-07T13:15:07.597`) * [CVE-2021-44193](CVE-2021/CVE-2021-441xx/CVE-2021-44193.json) (`2023-09-07T14:15:08.750`)
* [CVE-2021-40795](CVE-2021/CVE-2021-407xx/CVE-2021-40795.json) (`2023-09-07T13:15:07.683`) * [CVE-2021-44194](CVE-2021/CVE-2021-441xx/CVE-2021-44194.json) (`2023-09-07T14:15:08.943`)
* [CVE-2021-42265](CVE-2021/CVE-2021-422xx/CVE-2021-42265.json) (`2023-09-07T13:15:07.777`) * [CVE-2021-44195](CVE-2021/CVE-2021-441xx/CVE-2021-44195.json) (`2023-09-07T14:15:09.147`)
* [CVE-2021-42734](CVE-2021/CVE-2021-427xx/CVE-2021-42734.json) (`2023-09-07T13:15:07.883`) * [CVE-2022-30637](CVE-2022/CVE-2022-306xx/CVE-2022-30637.json) (`2023-09-07T14:15:09.323`)
* [CVE-2021-43018](CVE-2021/CVE-2021-430xx/CVE-2021-43018.json) (`2023-09-07T13:15:07.973`) * [CVE-2022-30638](CVE-2022/CVE-2022-306xx/CVE-2022-30638.json) (`2023-09-07T14:15:09.487`)
* [CVE-2021-43027](CVE-2021/CVE-2021-430xx/CVE-2021-43027.json) (`2023-09-07T13:15:08.057`) * [CVE-2022-30639](CVE-2022/CVE-2022-306xx/CVE-2022-30639.json) (`2023-09-07T14:15:09.690`)
* [CVE-2021-43751](CVE-2021/CVE-2021-437xx/CVE-2021-43751.json) (`2023-09-07T13:15:08.140`) * [CVE-2022-30640](CVE-2022/CVE-2022-306xx/CVE-2022-30640.json) (`2023-09-07T14:15:09.930`)
* [CVE-2021-43753](CVE-2021/CVE-2021-437xx/CVE-2021-43753.json) (`2023-09-07T13:15:08.230`) * [CVE-2022-30641](CVE-2022/CVE-2022-306xx/CVE-2022-30641.json) (`2023-09-07T14:15:10.057`)
* [CVE-2021-44188](CVE-2021/CVE-2021-441xx/CVE-2021-44188.json) (`2023-09-07T13:15:08.317`) * [CVE-2022-30642](CVE-2022/CVE-2022-306xx/CVE-2022-30642.json) (`2023-09-07T14:15:10.253`)
* [CVE-2023-36635](CVE-2023/CVE-2023-366xx/CVE-2023-36635.json) (`2023-09-07T13:15:08.433`) * [CVE-2022-30643](CVE-2022/CVE-2022-306xx/CVE-2022-30643.json) (`2023-09-07T14:15:10.430`)
* [CVE-2023-39420](CVE-2023/CVE-2023-394xx/CVE-2023-39420.json) (`2023-09-07T13:15:08.517`) * [CVE-2022-30644](CVE-2022/CVE-2022-306xx/CVE-2022-30644.json) (`2023-09-07T14:15:10.707`)
* [CVE-2023-39421](CVE-2023/CVE-2023-394xx/CVE-2023-39421.json) (`2023-09-07T13:15:08.617`) * [CVE-2022-30645](CVE-2022/CVE-2022-306xx/CVE-2022-30645.json) (`2023-09-07T14:15:10.910`)
* [CVE-2023-39422](CVE-2023/CVE-2023-394xx/CVE-2023-39422.json) (`2023-09-07T13:15:08.710`) * [CVE-2022-30646](CVE-2022/CVE-2022-306xx/CVE-2022-30646.json) (`2023-09-07T14:15:11.183`)
* [CVE-2023-39423](CVE-2023/CVE-2023-394xx/CVE-2023-39423.json) (`2023-09-07T13:15:08.837`) * [CVE-2023-39711](CVE-2023/CVE-2023-397xx/CVE-2023-39711.json) (`2023-09-07T15:15:07.697`)
* [CVE-2023-39424](CVE-2023/CVE-2023-394xx/CVE-2023-39424.json) (`2023-09-07T13:15:08.933`) * [CVE-2023-40942](CVE-2023/CVE-2023-409xx/CVE-2023-40942.json) (`2023-09-07T15:15:07.767`)
* [CVE-2023-3747](CVE-2023/CVE-2023-37xx/CVE-2023-3747.json) (`2023-09-07T13:15:09.030`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `30` Recently modified CVEs: `40`
* [CVE-2023-38032](CVE-2023/CVE-2023-380xx/CVE-2023-38032.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20837](CVE-2023/CVE-2023-208xx/CVE-2023-20837.json) (`2023-09-07T14:39:00.457`)
* [CVE-2023-38033](CVE-2023/CVE-2023-380xx/CVE-2023-38033.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20838](CVE-2023/CVE-2023-208xx/CVE-2023-20838.json) (`2023-09-07T14:41:14.693`)
* [CVE-2023-39236](CVE-2023/CVE-2023-392xx/CVE-2023-39236.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20839](CVE-2023/CVE-2023-208xx/CVE-2023-20839.json) (`2023-09-07T14:41:27.213`)
* [CVE-2023-39237](CVE-2023/CVE-2023-392xx/CVE-2023-39237.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20843](CVE-2023/CVE-2023-208xx/CVE-2023-20843.json) (`2023-09-07T14:41:36.843`)
* [CVE-2023-4815](CVE-2023/CVE-2023-48xx/CVE-2023-4815.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20844](CVE-2023/CVE-2023-208xx/CVE-2023-20844.json) (`2023-09-07T14:41:45.870`)
* [CVE-2023-39238](CVE-2023/CVE-2023-392xx/CVE-2023-39238.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20845](CVE-2023/CVE-2023-208xx/CVE-2023-20845.json) (`2023-09-07T14:41:57.077`)
* [CVE-2023-39239](CVE-2023/CVE-2023-392xx/CVE-2023-39239.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-20846](CVE-2023/CVE-2023-208xx/CVE-2023-20846.json) (`2023-09-07T14:42:09.063`)
* [CVE-2023-39240](CVE-2023/CVE-2023-392xx/CVE-2023-39240.json) (`2023-09-07T12:50:36.973`) * [CVE-2023-32812](CVE-2023/CVE-2023-328xx/CVE-2023-32812.json) (`2023-09-07T14:42:25.327`)
* [CVE-2023-39710](CVE-2023/CVE-2023-397xx/CVE-2023-39710.json) (`2023-09-07T12:56:42.723`) * [CVE-2023-32813](CVE-2023/CVE-2023-328xx/CVE-2023-32813.json) (`2023-09-07T14:42:39.470`)
* [CVE-2023-39703](CVE-2023/CVE-2023-397xx/CVE-2023-39703.json) (`2023-09-07T12:57:41.467`) * [CVE-2023-32814](CVE-2023/CVE-2023-328xx/CVE-2023-32814.json) (`2023-09-07T14:42:58.513`)
* [CVE-2023-37830](CVE-2023/CVE-2023-378xx/CVE-2023-37830.json) (`2023-09-07T12:58:00.423`) * [CVE-2023-32815](CVE-2023/CVE-2023-328xx/CVE-2023-32815.json) (`2023-09-07T14:43:12.923`)
* [CVE-2023-37829](CVE-2023/CVE-2023-378xx/CVE-2023-37829.json) (`2023-09-07T13:03:28.967`) * [CVE-2023-32816](CVE-2023/CVE-2023-328xx/CVE-2023-32816.json) (`2023-09-07T14:43:32.837`)
* [CVE-2023-37828](CVE-2023/CVE-2023-378xx/CVE-2023-37828.json) (`2023-09-07T13:03:37.697`) * [CVE-2023-32817](CVE-2023/CVE-2023-328xx/CVE-2023-32817.json) (`2023-09-07T14:43:42.350`)
* [CVE-2023-37827](CVE-2023/CVE-2023-378xx/CVE-2023-37827.json) (`2023-09-07T13:03:44.377`) * [CVE-2023-20847](CVE-2023/CVE-2023-208xx/CVE-2023-20847.json) (`2023-09-07T14:43:55.820`)
* [CVE-2023-37826](CVE-2023/CVE-2023-378xx/CVE-2023-37826.json) (`2023-09-07T13:04:10.693`) * [CVE-2023-20848](CVE-2023/CVE-2023-208xx/CVE-2023-20848.json) (`2023-09-07T14:44:06.117`)
* [CVE-2023-37997](CVE-2023/CVE-2023-379xx/CVE-2023-37997.json) (`2023-09-07T13:05:27.313`) * [CVE-2023-20849](CVE-2023/CVE-2023-208xx/CVE-2023-20849.json) (`2023-09-07T14:44:14.570`)
* [CVE-2023-37994](CVE-2023/CVE-2023-379xx/CVE-2023-37994.json) (`2023-09-07T13:05:35.930`) * [CVE-2023-20850](CVE-2023/CVE-2023-208xx/CVE-2023-20850.json) (`2023-09-07T14:44:28.573`)
* [CVE-2023-37986](CVE-2023/CVE-2023-379xx/CVE-2023-37986.json) (`2023-09-07T13:05:43.310`) * [CVE-2023-40576](CVE-2023/CVE-2023-405xx/CVE-2023-40576.json) (`2023-09-07T14:50:27.893`)
* [CVE-2023-37893](CVE-2023/CVE-2023-378xx/CVE-2023-37893.json) (`2023-09-07T13:05:50.480`) * [CVE-2023-40575](CVE-2023/CVE-2023-405xx/CVE-2023-40575.json) (`2023-09-07T15:18:56.130`)
* [CVE-2023-34011](CVE-2023/CVE-2023-340xx/CVE-2023-34011.json) (`2023-09-07T13:06:11.770`) * [CVE-2023-40574](CVE-2023/CVE-2023-405xx/CVE-2023-40574.json) (`2023-09-07T15:24:25.010`)
* [CVE-2023-41742](CVE-2023/CVE-2023-417xx/CVE-2023-41742.json) (`2023-09-07T13:13:00.990`) * [CVE-2023-40567](CVE-2023/CVE-2023-405xx/CVE-2023-40567.json) (`2023-09-07T15:28:46.033`)
* [CVE-2023-28801](CVE-2023/CVE-2023-288xx/CVE-2023-28801.json) (`2023-09-07T13:26:55.797`) * [CVE-2023-40188](CVE-2023/CVE-2023-401xx/CVE-2023-40188.json) (`2023-09-07T15:30:37.297`)
* [CVE-2023-40848](CVE-2023/CVE-2023-408xx/CVE-2023-40848.json) (`2023-09-07T13:45:12.653`) * [CVE-2023-40187](CVE-2023/CVE-2023-401xx/CVE-2023-40187.json) (`2023-09-07T15:40:05.617`)
* [CVE-2023-40847](CVE-2023/CVE-2023-408xx/CVE-2023-40847.json) (`2023-09-07T13:47:17.837`) * [CVE-2023-40186](CVE-2023/CVE-2023-401xx/CVE-2023-40186.json) (`2023-09-07T15:48:23.590`)
* [CVE-2023-39810](CVE-2023/CVE-2023-398xx/CVE-2023-39810.json) (`2023-09-07T13:48:46.393`) * [CVE-2023-40181](CVE-2023/CVE-2023-401xx/CVE-2023-40181.json) (`2023-09-07T15:55:50.960`)
## Download and Usage ## Download and Usage