admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-05-10T16:00:24.757312+00:00

Browse Source
This commit is contained in:
René Helmke 2023-05-10 18:00:27 +02:00
parent 8f21ac0176
commit ca9878494a
121 changed files with 7418 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2022/CVE-2022-211xx/CVE-2022-21162.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-21162",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:10.603",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00833.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-212xx/CVE-2022-21239.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-21239",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:10.920",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-218xx/CVE-2022-21804.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-21804",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.010",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-259xx/CVE-2022-25976.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-25976",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.097",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-271xx/CVE-2022-27180.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-27180",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.187",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00784.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-286xx/CVE-2022-28699.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-28699",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.267",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-295xx/CVE-2022-29508.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-29508",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.350",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-299xx/CVE-2022-29919.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-29919",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.480",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-303xx/CVE-2022-30338.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-30338",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.573",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00692.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-314xx/CVE-2022-31477.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-31477",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.667",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-325xx/CVE-2022-32576.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-32576",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.760",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00723.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-325xx/CVE-2022-32577.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-32577",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.837",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-325xx/CVE-2022-32578.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-32578",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:11.970",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-325xx/CVE-2022-32582.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-32582",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.113",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-327xx/CVE-2022-32766.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-32766",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.440",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-338xx/CVE-2022-33894.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-33894",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.630",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-339xx/CVE-2022-33963.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-33963",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.783",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00782.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-341xx/CVE-2022-34147.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-34147",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:12.977",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-348xx/CVE-2022-34848.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-34848",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.147",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-348xx/CVE-2022-34855.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-34855",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.243",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Path traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-363xx/CVE-2022-36339.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-36339",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.343",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-363xx/CVE-2022-36391.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-36391",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.440",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-373xx/CVE-2022-37327.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-37327",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.553",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-374xx/CVE-2022-37409.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-37409",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.647",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-380xx/CVE-2022-38087.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-38087",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.740",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00807.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-381xx/CVE-2022-38101.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-38101",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.833",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00780.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-381xx/CVE-2022-38103.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-38103",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:13.923",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00854.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-387xx/CVE-2022-38787.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-38787",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:14.017",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00824.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-402xx/CVE-2022-40207.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40207",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:14.133",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00785.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-402xx/CVE-2022-40210.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40210",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:14.267",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html",
"source": "secure@intel.com"
}
]
}

64
CVE-2022/CVE-2022-403xx/CVE-2022-40302.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-40302",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:27.423",
"lastModified": "2023-05-03T14:41:00.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T15:18:03.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.4",
"matchCriteriaId": "3CBDA653-317C-427D-AC6A-9AA434671061"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FRRouting/frr/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2022/CVE-2022-403xx/CVE-2022-40318.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-40318",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:27.800",
"lastModified": "2023-05-03T14:41:00.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T15:18:05.483",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.4",
"matchCriteriaId": "3CBDA653-317C-427D-AC6A-9AA434671061"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FRRouting/frr/releases",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2022/CVE-2022-406xx/CVE-2022-40685.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40685",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:14.623",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00772.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-409xx/CVE-2022-40971.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40971",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:14.987",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00833.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-409xx/CVE-2022-40972.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40972",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:15.373",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-409xx/CVE-2022-40974.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-40974",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:15.933",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41610.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41610",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:16.370",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00808.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41621.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41621",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:16.763",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41628.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41628",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:17.127",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41646.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41646",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:17.533",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41658.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41658",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:18.097",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41687.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41687",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:18.417",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41690.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41690",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:18.737",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41693.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41693",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:19.067",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00799.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-416xx/CVE-2022-41699.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41699",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:19.400",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-417xx/CVE-2022-41769.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41769",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:19.750",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-417xx/CVE-2022-41771.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41771",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:20.247",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00778.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-417xx/CVE-2022-41784.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41784",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:20.730",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-418xx/CVE-2022-41801.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41801",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:21.153",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00779.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-418xx/CVE-2022-41808.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41808",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:21.477",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00809.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-419xx/CVE-2022-41979.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41979",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:21.800",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-419xx/CVE-2022-41982.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41982",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:22.117",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00771.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-419xx/CVE-2022-41998.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-41998",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:22.430",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-424xx/CVE-2022-42465.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-42465",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:22.740",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00792.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-428xx/CVE-2022-42878.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-42878",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:23.103",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Null pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-434xx/CVE-2022-43465.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43465",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:23.423",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00796.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-434xx/CVE-2022-43474.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43474",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:23.727",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00816.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-434xx/CVE-2022-43475.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43475",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:24.070",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-435xx/CVE-2022-43507.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-43507",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:24.400",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00798.html",
"source": "secure@intel.com"
}
]
}

64
CVE-2022/CVE-2022-436xx/CVE-2022-43681.json
View File

@ -2,19 +2,75 @@
"id": "CVE-2022-43681",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-03T12:16:30.070",
"lastModified": "2023-05-03T14:41:00.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T15:17:58.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndIncluding": "8.4",
"matchCriteriaId": "3CBDA653-317C-427D-AC6A-9AA434671061"
}
]
}
]
}
],
"references": [
{
"url": "https://forescout.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2022/CVE-2022-446xx/CVE-2022-44610.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-44610",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:24.720",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-446xx/CVE-2022-44619.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-44619",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:25.067",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00806.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-451xx/CVE-2022-45128.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-45128",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:25.387",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00797.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-462xx/CVE-2022-46279.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-46279",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:25.710",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-466xx/CVE-2022-46645.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-46645",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:26.070",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00815.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2022/CVE-2022-466xx/CVE-2022-46656.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-46656",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:26.340",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00834.html",
"source": "secure@intel.com"
}
]
}

84
CVE-2022/CVE-2022-477xx/CVE-2022-47758.json Normal file
View File

@ -0,0 +1,84 @@
{
"id": "CVE-2022-47758",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-27T02:15:08.973",
"lastModified": "2023-05-10T14:48:13.287",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:nanoleaf:nanoleaf_firmware:7.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D0C6B9-CFEC-4B1B-9857-2CD9B648FB69"
}
]
}
]
}
],
"references": [
{
"url": "http://nanoleaf.com",
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://pwning.tech/cve-2022-47758",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
]
}
]
}

76
CVE-2022/CVE-2022-478xx/CVE-2022-47874.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2022-47874",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.423",
"lastModified": "2023-05-05T19:15:15.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T14:07:40.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jedox:cloud:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D00E49DC-4B46-4770-AEA5-608830A64D26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jedox:jedox:2020.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD31D96-EC95-4111-A9A8-504144689CFF"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172156/Jedox-2020.2.5-Database-Credential-Disclosure.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

71
CVE-2022/CVE-2022-478xx/CVE-2022-47878.json
View File

@ -2,23 +2,84 @@
"id": "CVE-2022-47878",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.647",
"lastModified": "2023-05-05T19:15:15.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T14:10:16.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jedox:jedox:2020.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3CD31D96-EC95-4111-A9A8-504144689CFF"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-222xx/CVE-2023-22297.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22297",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:26.607",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Access of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-223xx/CVE-2023-22312.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22312",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:26.943",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-223xx/CVE-2023-22355.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22355",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:27.240",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00819.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-223xx/CVE-2023-22379.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22379",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:27.557",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-224xx/CVE-2023-22440.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22440",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:27.873",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00832.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-224xx/CVE-2023-22442.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22442",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:28.187",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-224xx/CVE-2023-22443.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22443",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:28.600",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-224xx/CVE-2023-22447.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22447",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:28.900",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.0,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.6,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00827.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-226xx/CVE-2023-22661.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-22661",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:29.207",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-235xx/CVE-2023-23569.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23569",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:29.507",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-235xx/CVE-2023-23573.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23573",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:29.840",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-235xx/CVE-2023-23580.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23580",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:30.253",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-239xx/CVE-2023-23909.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23909",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:30.667",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-239xx/CVE-2023-23910.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-23910",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:30.950",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00805.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-244xx/CVE-2023-24475.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-24475",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:31.273",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-251xx/CVE-2023-25175.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25175",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:31.587",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-251xx/CVE-2023-25179.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25179",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:31.930",
"lastModified": "2023-05-10T14:38:37.273",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00825.html",
"source": "secure@intel.com"
}
]
}

69
CVE-2023/CVE-2023-254xx/CVE-2023-25438.json
View File

@ -2,23 +2,82 @@
"id": "CVE-2023-25438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-04T02:15:18.213",
"lastModified": "2023-05-04T13:03:05.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T15:37:47.167",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:genomedics:millegpg:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB849307-6F93-4920-A92E-CF1B75590959"
}
]
}
]
}
],
"references": [
{
"url": "https://millegpg.it/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/172052/MilleGPG5-5.9.2-Local-Privilege-Escalation.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

43
CVE-2023/CVE-2023-255xx/CVE-2023-25545.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25545",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.107",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

71
CVE-2023/CVE-2023-255xx/CVE-2023-25568.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-25568",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-05-10T14:15:32.187",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/ipfs/boxo/commit/62cbac40b96f49e39cd7fedc77ee6b56adce4916",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ipfs/boxo/commit/9cb5cb54d40b57084d1221ba83b9e6bb3fcc3197",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ipfs/boxo/commit/baa748b682fabb21a4c1f7628a8af348d4645974",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ipfs/go-libipfs/security/advisories/GHSA-m974-xj4j-7qv5",
"source": "security-advisories@github.com"
}
]
}

43
CVE-2023/CVE-2023-257xx/CVE-2023-25771.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25771",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.310",
"lastModified": "2023-05-10T14:38:19.080",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00777.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-257xx/CVE-2023-25772.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25772",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.397",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00847.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-257xx/CVE-2023-25776.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-25776",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.490",
"lastModified": "2023-05-10T14:38:25.967",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.5
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00839.html",
"source": "secure@intel.com"
}
]
}

76
CVE-2023/CVE-2023-260xx/CVE-2023-26089.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2023-26089",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.707",
"lastModified": "2023-05-03T10:33:50.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T15:27:30.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:echa.europa:iuclid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "6.27.6",
"matchCriteriaId": "589BB6E2-579C-4236-8CDF-B10A885438A5"
}
]
}
]
}
],
"references": [
{
"url": "https://iuclid6.echa.europa.eu",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://iuclid6.echa.europa.eu/download",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

76
CVE-2023/CVE-2023-265xx/CVE-2023-26546.json
View File

@ -2,27 +2,91 @@
"id": "CVE-2023-26546",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-02T20:15:10.757",
"lastModified": "2023-05-03T10:33:50.897",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2023-05-10T14:29:42.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:echa.europa:iuclid:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "6.27.6",
"matchCriteriaId": "589BB6E2-579C-4236-8CDF-B10A885438A5"
}
]
}
]
}
],
"references": [
{
"url": "https://iuclid6.echa.europa.eu",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://iuclid6.echa.europa.eu/documents/1387205/1809530/note_v6.27.6.pdf/76545a65-e6be-6486-280a-7d7c3d2ad455?t=1677577170669",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://iuclid6.echa.europa.eu/download",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

43
CVE-2023/CVE-2023-272xx/CVE-2023-27298.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-27298",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.563",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00853.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-273xx/CVE-2023-27382.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-27382",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.647",
"lastModified": "2023-05-10T14:38:31.210",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00802.html",
"source": "secure@intel.com"
}
]
}

43
CVE-2023/CVE-2023-273xx/CVE-2023-27386.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-27386",
"sourceIdentifier": "secure@intel.com",
"published": "2023-05-10T14:15:32.740",
"lastModified": "2023-05-10T14:38:42.927",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@intel.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00855.html",
"source": "secure@intel.com"
}
]
}

24
CVE-2023/CVE-2023-275xx/CVE-2023-27562.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27562",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-10T15:15:08.817",
"lastModified": "2023-05-10T15:26:03.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The n8n package 0.218.0 for Node.js allows Directory Traversal."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/n8n-io/n8n/releases",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-275xx/CVE-2023-27563.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27563",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-10T15:15:09.483",
"lastModified": "2023-05-10T15:26:03.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The n8n package 0.218.0 for Node.js allows Escalation of Privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/n8n-io/n8n/releases",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-275xx/CVE-2023-27564.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-27564",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-10T15:15:09.660",
"lastModified": "2023-05-10T15:26:03.940",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The n8n package 0.218.0 for Node.js allows Information Disclosure."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/n8n-io/n8n/releases",
"source": "cve@mitre.org"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf",
"source": "cve@mitre.org"
}
]
}

Some files were not shown because too many files have changed in this diff Show More