mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-08 11:37:26 +00:00
Auto-Update: 2023-12-05T15:01:03.233992+00:00
This commit is contained in:
cad-safe-bot
parent
3682e4098a
commit
d0e5bab903
55
CVE-2022/CVE-2022-244xx/CVE-2022-24403.json
Normal file
55
CVE-2022/CVE-2022-244xx/CVE-2022-24403.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2022-24403",
|
||||
"sourceIdentifier": "cert@ncsc.nl",
|
||||
"published": "2023-12-05T14:15:07.510",
|
||||
"lastModified": "2023-12-05T14:15:07.510",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The TETRA TA61 identity encryption function internally uses a 64-bit value derived exclusively from the SCK (Class 2 networks) or CCK (Class 3 networks). The structure of TA61 allows for efficient recovery of this 64-bit value, allowing an adversary to encrypt or decrypt arbitrary identities given only three known encrypted/unencrypted identity pairs."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cert@ncsc.nl",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "ADJACENT_NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cert@ncsc.nl",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-327"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://tetraburst.com/",
|
||||
"source": "cert@ncsc.nl"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-46480",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T00:15:07.460",
|
||||
"lastModified": "2023-12-05T00:15:07.460",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "La gesti\u00f3n de sesi\u00f3n incorrecta y la reutilizaci\u00f3n de credenciales en la pila Bluetooth LE del firmware de bloqueo inteligente Ultraloq UL3 de segunda generaci\u00f3n 02.27.0012 permiten a un atacante detectar el c\u00f3digo de desbloqueo y desbloquear el dispositivo mientras se encuentra dentro del alcance de Bluetooth."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2022-47531",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T06:15:48.367",
|
||||
"lastModified": "2023-12-05T06:15:48.367",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered in Ericsson Evolved Packet Gateway (EPG) versions 3.x before 3.25 and 2.x before 2.16, allows authenticated users to bypass system CLI and execute commands they are authorized to execute directly in the UNIX shell."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en las versiones 3.x anteriores a 3.25 y 2.x anteriores a 2.16 de Ericsson Evolved Packet Gateway (EPG), que permite a los usuarios autenticados omitir la Interfaz de L\u00ednea de Comandos (CLI) del sistema y ejecutar comandos que est\u00e1n autorizados a ejecutar directamente en el shell de UNIX."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21162",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.217",
|
||||
"lastModified": "2023-12-05T00:15:07.520",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21163",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.377",
|
||||
"lastModified": "2023-12-05T00:15:07.567",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21164",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.430",
|
||||
"lastModified": "2023-12-05T00:15:07.607",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21166",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.477",
|
||||
"lastModified": "2023-12-05T00:15:07.650",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21215",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.523",
|
||||
"lastModified": "2023-12-05T00:15:07.690",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21216",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.570",
|
||||
"lastModified": "2023-12-05T00:15:07.730",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21217",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.617",
|
||||
"lastModified": "2023-12-05T00:15:07.770",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21218",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.667",
|
||||
"lastModified": "2023-12-05T00:15:07.810",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21227",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.720",
|
||||
"lastModified": "2023-12-05T00:15:07.857",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is information disclosure."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay divulgaci\u00f3n de informaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21228",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.767",
|
||||
"lastModified": "2023-12-05T00:15:07.900",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21263",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.813",
|
||||
"lastModified": "2023-12-05T00:15:07.940",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21401",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:22.970",
|
||||
"lastModified": "2023-12-05T00:15:07.983",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21402",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.027",
|
||||
"lastModified": "2023-12-05T00:15:08.020",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21403",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.070",
|
||||
"lastModified": "2023-12-05T00:15:08.063",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-21634",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:08.120",
|
||||
"lastModified": "2023-12-05T03:15:08.120",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to SIM."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en la capa de interfaz de radio al enviar un SMS o escribir un SMS en la SIM."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-22383",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:08.350",
|
||||
"lastModified": "2023-12-05T03:15:08.350",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory Corruption in camera while installing a fd for a particular DMA buffer."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en la c\u00e1mara al instalar un fd para un b\u00fafer DMA en particular."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-22668",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:08.520",
|
||||
"lastModified": "2023-12-05T03:15:08.520",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory Corruption in Audio while invoking IOCTLs calls from the user-space."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el audio al invocar llamadas IOCTL desde el espacio de usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24046",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.123",
|
||||
"lastModified": "2023-12-04T23:15:23.123",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en Connectize AC21000 G6 641.139.1.1256 que permite a los atacantes ejecutar comandos arbitrarios mediante el uso de una cadena manipulada en la utilidad ping."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24047",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.173",
|
||||
"lastModified": "2023-12-04T23:15:23.173",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema de administraci\u00f3n de credenciales inseguras descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener privilegios aumentados mediante el uso de un algoritmo de hash d\u00e9bil."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24048",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.220",
|
||||
"lastModified": "2023-12-04T23:15:23.220",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via crafted GET request to /man_password.htm."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo mediante una solicitud GET manipulada a /man_password.htm."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24049",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.263",
|
||||
"lastModified": "2023-12-04T23:15:23.263",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges on the device via poor credential management."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 un problema en Connectize AC21000 G6 641.139.1.1256 que permite a los atacantes obtener privilegios elevados en el dispositivo a trav\u00e9s de una mala gesti\u00f3n de credenciales."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24050",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.320",
|
||||
"lastModified": "2023-12-04T23:15:23.320",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary code via crafted string when setting the Wi-Fi password in the admin panel."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Connectize AC21000 G6 641.139.1.1256 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena manipulada al configurar la contrase\u00f1a de Wi-Fi en el panel de administraci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24051",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.367",
|
||||
"lastModified": "2023-12-04T23:15:23.367",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema de l\u00edmite de velocidad del lado del cliente descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener privilegios aumentados mediante ataques de fuerza bruta."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-24052",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-04T23:15:23.410",
|
||||
"lastModified": "2023-12-04T23:15:23.410",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Un problema descubierto en Connectize AC21000 G6 641.139.1.1256 permite a los atacantes obtener el control del dispositivo a trav\u00e9s de la funci\u00f3n de cambio de contrase\u00f1a, ya que no solicita la contrase\u00f1a actual."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-26941",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T00:15:08.110",
|
||||
"lastModified": "2023-12-05T00:15:08.110",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Weak encryption mechanisms in RFID Tags in Yale Conexis L1 v1.1.0 allows attackers to create a cloned tag via physical proximity to the original."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Conexis L1 v1.1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-26942",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T00:15:08.163",
|
||||
"lastModified": "2023-12-05T00:15:08.163",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm v1.0 allows attackers to create a cloned tag via physical proximity to the original."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Mecanismos de cifrado d\u00e9biles en etiquetas RFID en Yale IA-210 Alarm v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica al original."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-26943",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T00:15:08.227",
|
||||
"lastModified": "2023-12-05T00:15:08.227",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Los d\u00e9biles mecanismos de cifrado en las etiquetas RFID en Yale Keyless Lock v1.0 permiten a los atacantes crear una etiqueta clonada a trav\u00e9s de la proximidad f\u00edsica a la original."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28546",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:08.690",
|
||||
"lastModified": "2023-12-05T03:15:08.690",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory Corruption in SPS Application while exporting public key in sorter TA."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en la aplicaci\u00f3n SPS al exportar la clave p\u00fablica en el clasificador TA."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28550",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:08.870",
|
||||
"lastModified": "2023-12-05T03:15:08.870",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in MPP performance while accessing DSM watermark using external memory address."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el rendimiento de MPP al acceder a la marca de agua DSM mediante una direcci\u00f3n de memoria externa."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28551",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.053",
|
||||
"lastModified": "2023-12-05T03:15:09.053",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en UTILS cuando el m\u00f3dem procesa comandos Diag espec\u00edficos de la memoria que tienen valores de direcci\u00f3n arbitrarios como argumentos de entrada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28579",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.233",
|
||||
"lastModified": "2023-12-05T03:15:09.233",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el host WLAN al deserializar los bytes PMK de entrada sin verificar la longitud del PMK de entrada."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28580",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.390",
|
||||
"lastModified": "2023-12-05T03:15:09.390",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in WLAN Host while setting the PMK length in PMK length in internal cache."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el host WLAN al configurar la longitud de PMK en la longitud de PMK en la memoria cach\u00e9 interna."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28585",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.563",
|
||||
"lastModified": "2023-12-05T03:15:09.563",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while loading an ELF segment in TEE Kernel."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al cargar un segmento ELF en TEE Kernel."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28586",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.750",
|
||||
"lastModified": "2023-12-05T03:15:09.750",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Divulgaci\u00f3n de informaci\u00f3n cuando se accede a las direcciones de s\u00edmbolos de metadatos de la aplicaci\u00f3n confiable mientras se carga un ELF en TEE."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28587",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:09.927",
|
||||
"lastModified": "2023-12-05T03:15:09.927",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el controlador BT al analizar comandos de depuraci\u00f3n con subc\u00f3digos de operaci\u00f3n espec\u00edficos en el nivel de la interfaz HCI."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-28588",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:10.103",
|
||||
"lastModified": "2023-12-05T03:15:10.103",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in Bluetooth Host while rfc slot allocation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en el host Bluetooth mientras se asigna la ranura RFC."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-29060",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T20:15:07.230",
|
||||
"lastModified": "2023-12-04T19:20:46.467",
|
||||
"lastModified": "2023-12-05T14:44:26.333",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -90,13 +90,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -122,13 +122,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-29061",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T21:15:07.257",
|
||||
"lastModified": "2023-12-04T19:52:25.550",
|
||||
"lastModified": "2023-12-05T14:45:46.417",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -90,13 +90,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -122,13 +122,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-29062",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T21:15:07.440",
|
||||
"lastModified": "2023-12-04T19:55:58.290",
|
||||
"lastModified": "2023-12-05T14:44:47.873",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -90,13 +90,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -122,13 +122,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-29063",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T21:15:07.613",
|
||||
"lastModified": "2023-12-04T19:57:56.117",
|
||||
"lastModified": "2023-12-05T14:45:30.123",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -90,13 +90,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "08A354DA-E696-4B53-BBE8-66ED253E25E6"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "080F50E4-B7F3-4B1D-ADCB-4887BD14C322"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
@ -122,13 +122,13 @@
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "725BD060-6D59-430C-80F1-BE086F0844E8"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "1EFDBAC8-AAD8-44D6-A309-14A3DF5A157C"
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-29064",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T21:15:07.800",
|
||||
"lastModified": "2023-11-29T14:18:11.973",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-12-05T14:54:35.220",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "PHYSICAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.9,
|
||||
"impactScore": 3.4
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@bd.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-798"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@bd.com",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +80,79 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
|
||||
"source": "cybersecurity@bd.com"
|
||||
"source": "cybersecurity@bd.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2023-29065",
|
||||
"sourceIdentifier": "cybersecurity@bd.com",
|
||||
"published": "2023-11-28T21:15:07.990",
|
||||
"lastModified": "2023-11-29T14:18:11.973",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"lastModified": "2023-12-05T14:59:07.577",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -16,6 +16,26 @@
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "PHYSICAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.9,
|
||||
"impactScore": 3.4
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@bd.com",
|
||||
"type": "Secondary",
|
||||
@ -39,6 +59,16 @@
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-732"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "cybersecurity@bd.com",
|
||||
"type": "Secondary",
|
||||
@ -50,10 +80,79 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "4D5E0D4F-559B-414E-A627-0BA0937BD7F1"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:5.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "57F63FB2-2AE2-4B5F-8B49-4A0A4549CF3E"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g9:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "54279DE4-A2A4-4AA6-A05F-931094446F16"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "AND",
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.0:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "2785D17E-800C-4772-A131-5737E9446C01"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:bd:facschorus:3.1:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "30FD1DE4-982F-4D14-BB8A-478F8430BC63"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": false,
|
||||
"criteria": "cpe:2.3:h:hp:hp_z2_tower_g5:-:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "7E9BA28D-9C14-435A-9786-222BE58A9258"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.bd.com/en-us/about-bd/cybersecurity/bulletin/bd-facschorus-software",
|
||||
"source": "cybersecurity@bd.com"
|
||||
"source": "cybersecurity@bd.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33017",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:10.290",
|
||||
"lastModified": "2023-12-05T03:15:10.290",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Boot while running a ListVars test in UEFI Menu during boot."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el arranque mientras se ejecuta una prueba ListVars en el men\u00fa UEFI durante el arranque."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33018",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:10.480",
|
||||
"lastModified": "2023-12-05T03:15:10.480",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while using the UIM diag command to get the operators name."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al utilizar el comando diag de User Identity Module (UIM) para obtener el nombre del operador."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33022",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:10.660",
|
||||
"lastModified": "2023-12-05T03:15:10.660",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in HLOS while invoking IOCTL calls from user-space."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en HLOS al invocar llamadas IOCTL desde el espacio de usuario."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33024",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:10.833",
|
||||
"lastModified": "2023-12-05T03:15:10.833",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while sending SMS from AP firmware."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al enviar SMS desde el firmware AP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33041",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.013",
|
||||
"lastModified": "2023-12-05T03:15:11.013",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer ids."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En ciertos escenarios, el firmware de WLAN alcanzar\u00e1 una afirmaci\u00f3n debido a una confusi\u00f3n de estado al buscar ID de pares."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33042",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.187",
|
||||
"lastModified": "2023-12-05T03:15:11.187",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in Modem after RRC Setup message is received."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en el m\u00f3dem despu\u00e9s de recibir el mensaje de configuraci\u00f3n de RRC."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33043",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.360",
|
||||
"lastModified": "2023-12-05T03:15:11.360",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in Modem when a Beam switch request is made with a non-configured BWP."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en el m\u00f3dem cuando se realiza una solicitud de cambio de haz con un BWP no configurado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33044",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.530",
|
||||
"lastModified": "2023-12-05T03:15:11.530",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in Data modem while handling TLB control messages from the Network."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en m\u00f3dem de datos mientras se manejan mensajes de control TLB de la Red."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33053",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.707",
|
||||
"lastModified": "2023-12-05T03:15:11.707",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Kernel while parsing metadata."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el Kernel al analizar metadatos."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33054",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:11.880",
|
||||
"lastModified": "2023-12-05T03:15:11.880",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Problema criptogr\u00e1fico en el controlador GPS HLOS al descargar datos de asistencia GNSS de Qualcomm."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33063",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.067",
|
||||
"lastModified": "2023-12-05T03:15:12.067",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in DSP Services during a remote call from HLOS to DSP."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en los servicios DSP durante una llamada remota de HLOS a DSP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33070",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.253",
|
||||
"lastModified": "2023-12-05T03:15:12.253",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in Automotive OS due to improper authentication to the secure IO calls."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en sistemas operativos automotrices debido a una autenticaci\u00f3n incorrecta en las llamadas IO seguras."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33071",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.433",
|
||||
"lastModified": "2023-12-05T03:15:12.433",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el sistema operativo automotriz cada vez que aplicaciones que no son de confianza intentan acceder a HAb para funciones gr\u00e1ficas."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33079",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.600",
|
||||
"lastModified": "2023-12-05T03:15:12.600",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Audio while running invalid audio recording from ADSP."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en audio mientras se ejecuta una grabaci\u00f3n de audio no v\u00e1lida desde ADSP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33080",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.773",
|
||||
"lastModified": "2023-12-05T03:15:12.773",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio mientras se analiza un IE (elemento de informaci\u00f3n) espec\u00edfico del fabricante del frame de gesti\u00f3n de respuesta de reasociaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33081",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:12.957",
|
||||
"lastModified": "2023-12-05T03:15:12.957",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS while converting TWT (Target Wake Time) frame parameters in the OTA broadcast."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio al convertir par\u00e1metros de fotograma TWT (Target Wake Time) en la transmisi\u00f3n OTA."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33082",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:13.137",
|
||||
"lastModified": "2023-12-05T03:15:13.137",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al enviar una solicitud de asociaci\u00f3n con una consulta BTM o una respuesta BTM que contiene MBO IE."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33083",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:13.327",
|
||||
"lastModified": "2023-12-05T03:15:13.327",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in WLAN Host while processing RRM beacon on the AP."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en el host WLAN mientras se procesa beacon RRM en el AP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33087",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:13.520",
|
||||
"lastModified": "2023-12-05T03:15:13.520",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Core while processing RX intent request."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en Core mientras se procesa la solicitud de intenci\u00f3n RX."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33088",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:13.703",
|
||||
"lastModified": "2023-12-05T03:15:13.703",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption when processing cmd parameters while parsing vdev."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al procesar par\u00e1metros cmd mientras se analiza vdev."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33089",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:13.893",
|
||||
"lastModified": "2023-12-05T03:15:13.893",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS when processing a NULL buffer while parsing WLAN vdev."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio al procesar un b\u00fafer NULL mientras se analiza WLAN vdev."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33092",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.143",
|
||||
"lastModified": "2023-12-05T03:15:14.143",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al procesar la respuesta del PIN en Bluetooth, cuando el c\u00f3digo PIN recibido desde la capa de la APLICACI\u00d3N es mayor que el tama\u00f1o esperado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33097",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.317",
|
||||
"lastModified": "2023-12-05T03:15:14.317",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS in WLAN Firmware while processing a FTMR frame."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio en el firmware WLAN mientras se procesa un frame FTMR."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33098",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.493",
|
||||
"lastModified": "2023-12-05T03:15:14.493",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Transient DOS while parsing WPA IES, when it is passed with length more than expected size."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "DOS transitorio al analizar WPA IES, cuando se pasa con una longitud mayor que el tama\u00f1o esperado."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33106",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.673",
|
||||
"lastModified": "2023-12-05T03:15:14.673",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria al enviar una lista grande de puntos de sincronizaci\u00f3n en un comando AUX al IOCTL_KGSL_GPU_AUX_COMMAND."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-33107",
|
||||
"sourceIdentifier": "product-security@qualcomm.com",
|
||||
"published": "2023-12-05T03:15:14.860",
|
||||
"lastModified": "2023-12-05T03:15:14.860",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Corrupci\u00f3n de la memoria en Graphics Linux al asignar una regi\u00f3n de memoria virtual compartida durante la llamada IOCTL."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-35668",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.460",
|
||||
"lastModified": "2023-12-04T23:15:23.460",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En visitUris de Notification.java, existe una forma posible de mostrar im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-35690",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.507",
|
||||
"lastModified": "2023-12-05T00:15:08.280",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "There is elevation of privilege."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Hay elevaci\u00f3n de privilegios."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-37572",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2023-12-05T06:15:48.617",
|
||||
"lastModified": "2023-12-05T06:15:48.617",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSF_discovery service."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Softing OPC Suite versi\u00f3n 5.25 y anteriores tiene un control de acceso incorrecto, lo que permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de permisos d\u00e9biles en el servicio OSF_discovery."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-39248",
|
||||
"sourceIdentifier": "security_alert@emc.com",
|
||||
"published": "2023-12-05T06:15:48.667",
|
||||
"lastModified": "2023-12-05T06:15:48.667",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\nDell OS10 Networking Switches running 10.5.2.x and above contain an Uncontrolled Resource Consumption (Denial of Service) vulnerability, when switches are configured with VLT and VRRP. A remote unauthenticated\u00a0user can cause the network to be flooded leading to Denial of Service for actual network users. This is a high severity vulnerability as it allows an attacker to cause an outage of network. Dell recommends customers to upgrade at the earliest opportunity.\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Dell OS10 Networking Switches que ejecutan 10.5.2.x y versiones posteriores contienen una vulnerabilidad de consumo de recursos no controlado (denegaci\u00f3n de servicio) cuando los conmutadores est\u00e1n configurados con VLT y VRRP. Un usuario remoto no autenticado puede provocar que la red se inunde, lo que provocar\u00e1 una denegaci\u00f3n de servicio para los usuarios reales de la red. Esta es una vulnerabilidad de alta gravedad, ya que permite que un atacante provoque una interrupci\u00f3n de la red. Dell recomienda a los clientes actualizar lo antes posible."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40073",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.553",
|
||||
"lastModified": "2023-12-04T23:15:23.553",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40074",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.607",
|
||||
"lastModified": "2023-12-04T23:15:23.607",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En saveToXml de PersistableBundle.java, los datos no v\u00e1lidos podr\u00edan provocar una denegaci\u00f3n de servicio persistente local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40075",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.660",
|
||||
"lastModified": "2023-12-04T23:15:23.660",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En forceReplaceShortcutInner de ShortcutPackage.java, existe una forma posible de registrar paquetes ilimitados debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local, lo que dar\u00eda lugar a un bucle de inicio sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40076",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.713",
|
||||
"lastModified": "2023-12-04T23:15:23.713",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En createPendingIntent de CredentialManagerUi.java, existe una forma posible de acceder a las credenciales de otros usuarios debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40077",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.760",
|
||||
"lastModified": "2023-12-04T23:15:23.760",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En m\u00faltiples funciones de MetaDataBase.cpp, existe una posible escritura UAF debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40078",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.807",
|
||||
"lastModified": "2023-12-04T23:15:23.807",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In a2dp_vendor_opus_decoder_decode_packet of a2dp_vendor_opus_decoder.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En a2dp_vendor_opus_decoder_decode_packet de a2dp_vendor_opus_decoder.cc, hay una posible escritura fuera de los l\u00edmites debido a un desbordamiento del heap del b\u00fafer. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40079",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.857",
|
||||
"lastModified": "2023-12-04T23:15:23.857",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En injectSendIntentSender de ShortcutService.java, existe un posible inicio de actividad en segundo plano debido a una omisi\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40080",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.913",
|
||||
"lastModified": "2023-12-04T23:15:23.913",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En m\u00faltiples funciones de btm_ble_gap.cc, existe una posible escritura fuera de los l\u00edmites debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40081",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:23.973",
|
||||
"lastModified": "2023-12-04T23:15:23.973",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En loadMediaDataInBgForResumption de MediaDataManager.kt, existe una forma posible de ver las im\u00e1genes de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40082",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.023",
|
||||
"lastModified": "2023-12-04T23:15:24.023",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En modify_for_next_stage de fdt.rs, existe una manera posible de hacer que KASLR sea ineficaz debido a un uso incorrecto de la criptograf\u00eda. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40083",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.073",
|
||||
"lastModified": "2023-12-04T23:15:24.073",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En parse_gap_data de utils.cc, hay una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40084",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.130",
|
||||
"lastModified": "2023-12-04T23:15:24.130",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En run de MDnsSdListener.cpp, existe una posible corrupci\u00f3n de la memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40087",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.177",
|
||||
"lastModified": "2023-12-04T23:15:24.177",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In transcodeQ*ToFloat of btif_avrcp_audio_track.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En transcodeQ*ToFloat de btif_avrcp_audio_track.cc, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda llevar a una escalada de privilegios del dispositivo emparejado sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40088",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.230",
|
||||
"lastModified": "2023-12-04T23:15:24.230",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En callback_thread_event de com_android_bluetooth_btservice_AdapterService.cpp, existe una posible corrupci\u00f3n de memoria debido a use after free. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo (pr\u00f3ximo/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40089",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.283",
|
||||
"lastModified": "2023-12-04T23:15:24.283",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En getCredentialManagerPolicy de DevicePolicyManagerService.java, existe un m\u00e9todo posible para que los usuarios seleccionen administradores de credenciales sin permiso debido a que falta una verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40090",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.337",
|
||||
"lastModified": "2023-12-04T23:15:24.337",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En BTM_BleVerifySignature de btm_ble.cc, existe una forma posible de omitir la validaci\u00f3n de firma debido a la divulgaci\u00f3n de informaci\u00f3n del canal lateral. Esto podr\u00eda conducir a una escalada remota de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40091",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.387",
|
||||
"lastModified": "2023-12-04T23:15:24.387",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En onTransact de IncidentService.cpp, existe una posible escritura fuera de los l\u00edmites debido a da\u00f1os en la memoria. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40092",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.440",
|
||||
"lastModified": "2023-12-04T23:15:24.440",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En verificarShortcutInfoPackage de ShortcutService.java, existe una forma posible de ver la imagen de otro usuario debido a un diputado confundido. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40094",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.493",
|
||||
"lastModified": "2023-12-04T23:15:24.493",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En keyguardGoingAway de ActivityTaskManagerService.java, existe una posible omisi\u00f3n de la pantalla de bloqueo debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40095",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.547",
|
||||
"lastModified": "2023-12-04T23:15:24.547",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En createDontSendToRestrictedAppsBundle de PendingIntentUtils.java, existe un posible inicio de actividad en segundo plano debido a que falta una verificaci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40096",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.600",
|
||||
"lastModified": "2023-12-04T23:15:24.600",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En OpRecordAudioMonitor::onFirstRef de AudioRecordClient.cpp, existe una forma posible de grabar audio en segundo plano debido a que falta un indicador. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40097",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.657",
|
||||
"lastModified": "2023-12-04T23:15:24.657",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En hasPermissionForActivity de PackageManagerHelper.java, existe una posible concesi\u00f3n de URI debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40098",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.707",
|
||||
"lastModified": "2023-12-04T23:15:24.707",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En mOnDone de NotificationConversationInfo.java, existe una forma posible de acceder a los datos de notificaci\u00f3n de la aplicaci\u00f3n de otro usuario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40103",
|
||||
"sourceIdentifier": "security@android.com",
|
||||
"published": "2023-12-04T23:15:24.757",
|
||||
"lastModified": "2023-12-04T23:15:24.757",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "En varias ubicaciones, existe una posible forma de da\u00f1ar la memoria debido a una doble liberaci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
|
||||
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2023-40459",
|
||||
"sourceIdentifier": "security@sierrawireless.com",
|
||||
"published": "2023-12-04T23:15:24.933",
|
||||
"lastModified": "2023-12-04T23:15:24.933",
|
||||
"vulnStatus": "Received",
|
||||
"lastModified": "2023-12-05T13:51:04.540",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\n\n\n\n\n\n\n\n\nThe\nACEManager component of ALEOS 4.16 and earlier does not adequately perform\ninput sanitization during authentication, which could potentially result in a\nDenial of Service (DoS) condition for ACEManager without impairing other router\nfunctions. ACEManager recovers from the DoS condition by restarting within ten\nseconds of becoming unavailable.\n\n\n\n\n\n\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "El componente ACEManager de ALEOS 4.16 y versiones anteriores no realiza adecuadamente la sanitizaci\u00f3n de entradas durante la autenticaci\u00f3n, lo que podr\u00eda resultar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) para ACEManager sin afectar otras funciones del router. ACEManager se recupera de la condici\u00f3n DoS reinici\u00e1ndose dentro de los diez segundos posteriores a que no est\u00e9 disponible."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user