admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-12-17 21:23:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2023-09-06T06:00:24.546635+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2023-09-06 06:00:28 +00:00
parent 3b8ac0d312
commit ed80ac6239
31 changed files with 1692 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-307xx/CVE-2023-30706.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30706",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:11.063",
"lastModified": "2023-09-06T04:15:11.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30707.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30707",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:11.520",
"lastModified": "2023-09-06T04:15:11.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30708.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30708",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:11.627",
"lastModified": "2023-09-06T04:15:11.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30709.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30709",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:11.833",
"lastModified": "2023-09-06T04:15:11.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30710.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30710",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:12.220",
"lastModified": "2023-09-06T04:15:12.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30711.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30711",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:12.570",
"lastModified": "2023-09-06T04:15:12.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30712.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30712",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:13.007",
"lastModified": "2023-09-06T04:15:13.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30713.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30713",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:13.383",
"lastModified": "2023-09-06T04:15:13.383",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30714.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30714",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:13.740",
"lastModified": "2023-09-06T04:15:13.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30715.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30715",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.080",
"lastModified": "2023-09-06T04:15:14.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30716.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30716",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.283",
"lastModified": "2023-09-06T04:15:14.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30717.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30717",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.467",
"lastModified": "2023-09-06T04:15:14.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30718.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30718",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.640",
"lastModified": "2023-09-06T04:15:14.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-926"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30719.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30719",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:14.860",
"lastModified": "2023-09-06T04:15:14.860",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30720.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30720",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:15.067",
"lastModified": "2023-09-06T04:15:15.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30721.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30721",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:15.263",
"lastModified": "2023-09-06T04:15:15.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30722.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30722",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:15.493",
"lastModified": "2023-09-06T04:15:15.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30723.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30723",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:15.703",
"lastModified": "2023-09-06T04:15:15.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30724.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30724",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:15.987",
"lastModified": "2023-09-06T04:15:15.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30725.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30725",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:16.277",
"lastModified": "2023-09-06T04:15:16.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30726.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30726",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:16.470",
"lastModified": "2023-09-06T04:15:16.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30728.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30728",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:16.673",
"lastModified": "2023-09-06T04:15:16.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30729.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30729",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:16.890",
"lastModified": "2023-09-06T04:15:16.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-307xx/CVE-2023-30730.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-30730",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-09-06T04:15:17.130",
"lastModified": "2023-09-06T04:15:17.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local attacker to access specific file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=09",
"source": "mobile.security@samsung.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32162.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32162",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.243",
"lastModified": "2023-09-06T05:15:42.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wacom Drivers for Windows Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of the WacomInstallI.txt file by the PrefUtil.exe utility. The issue results from incorrect permissions on the WacomInstallI.txt file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16318."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-741",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2023/CVE-2023-321xx/CVE-2023-32163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-32163",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.347",
"lastModified": "2023-09-06T05:15:42.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wacom Drivers for Windows Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Drivers for Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Tablet Service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16857."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-742",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

59
CVE-2023/CVE-2023-34xx/CVE-2023-3471.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3471",
"sourceIdentifier": "product-security@gg.jp.panasonic.com",
"published": "2023-09-06T05:15:42.520",
"lastModified": "2023-09-06T05:15:42.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp",
"source": "product-security@gg.jp.panasonic.com"
},
{
"url": "https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp",
"source": "product-security@gg.jp.panasonic.com"
}
]
}

59
CVE-2023/CVE-2023-34xx/CVE-2023-3472.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-3472",
"sourceIdentifier": "product-security@gg.jp.panasonic.com",
"published": "2023-09-06T05:15:42.613",
"lastModified": "2023-09-06T05:15:42.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free vulnerability in Panasonic KW Watcher versions 1.00 through 2.82 may allow attackers to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "product-security@gg.jp.panasonic.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://www3.panasonic.biz/ac/e/fasys/software_info/eco/kwwatcher_versioninfo.jsp",
"source": "product-security@gg.jp.panasonic.com"
},
{
"url": "https://www3.panasonic.biz/ac/j/fasys/software_info/eco/tol_kwwatcher.jsp",
"source": "product-security@gg.jp.panasonic.com"
}
]
}

55
CVE-2023/CVE-2023-357xx/CVE-2023-35719.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-35719",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2023-09-06T05:15:42.437",
"lastModified": "2023-09-06T05:15:42.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the Password Reset Portal used by the GINA client. The issue results from the lack of proper authentication of data received via HTTP. An attacker can leverage this vulnerability to bypass authentication and execute code in the context of SYSTEM. Was ZDI-CAN-17009."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-891",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

59
CVE-2023/CVE-2023-47xx/CVE-2023-4773.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-4773",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-09-06T04:15:17.377",
"lastModified": "2023-09-06T04:15:17.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-social-login/tags/3.0.4/includes/widgets/wsl.auth.widgets.php#L413",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b987822d-2b1b-4f79-988b-4bd731864b63?source=cve",
"source": "security@wordfence.com"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2023-09-06T04:00:25.174226+00:00
2023-09-06T06:00:24.546635+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2023-09-06T03:15:11.807000+00:00
2023-09-06T05:15:42.613000+00:00
```
### Last Data Feed Release
@ -29,48 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
224285
224315
```
### CVEs added in the last Commit
Recently added CVEs: `25`
Recently added CVEs: `30`
* [CVE-2022-32920](CVE-2022/CVE-2022-329xx/CVE-2022-32920.json) (`2023-09-06T02:15:07.873`)
* [CVE-2023-27950](CVE-2023/CVE-2023-279xx/CVE-2023-27950.json) (`2023-09-06T02:15:08.280`)
* [CVE-2023-28187](CVE-2023/CVE-2023-281xx/CVE-2023-28187.json) (`2023-09-06T02:15:08.340`)
* [CVE-2023-28188](CVE-2023/CVE-2023-281xx/CVE-2023-28188.json) (`2023-09-06T02:15:08.393`)
* [CVE-2023-28195](CVE-2023/CVE-2023-281xx/CVE-2023-28195.json) (`2023-09-06T02:15:08.447`)
* [CVE-2023-28208](CVE-2023/CVE-2023-282xx/CVE-2023-28208.json) (`2023-09-06T02:15:08.497`)
* [CVE-2023-28209](CVE-2023/CVE-2023-282xx/CVE-2023-28209.json) (`2023-09-06T02:15:08.550`)
* [CVE-2023-28210](CVE-2023/CVE-2023-282xx/CVE-2023-28210.json) (`2023-09-06T02:15:08.600`)
* [CVE-2023-28211](CVE-2023/CVE-2023-282xx/CVE-2023-28211.json) (`2023-09-06T02:15:08.653`)
* [CVE-2023-28212](CVE-2023/CVE-2023-282xx/CVE-2023-28212.json) (`2023-09-06T02:15:08.703`)
* [CVE-2023-28213](CVE-2023/CVE-2023-282xx/CVE-2023-28213.json) (`2023-09-06T02:15:08.757`)
* [CVE-2023-28214](CVE-2023/CVE-2023-282xx/CVE-2023-28214.json) (`2023-09-06T02:15:08.807`)
* [CVE-2023-28215](CVE-2023/CVE-2023-282xx/CVE-2023-28215.json) (`2023-09-06T02:15:08.857`)
* [CVE-2023-29166](CVE-2023/CVE-2023-291xx/CVE-2023-29166.json) (`2023-09-06T02:15:08.910`)
* [CVE-2023-32356](CVE-2023/CVE-2023-323xx/CVE-2023-32356.json) (`2023-09-06T02:15:08.967`)
* [CVE-2023-32362](CVE-2023/CVE-2023-323xx/CVE-2023-32362.json) (`2023-09-06T02:15:09.017`)
* [CVE-2023-32370](CVE-2023/CVE-2023-323xx/CVE-2023-32370.json) (`2023-09-06T02:15:09.070`)
* [CVE-2023-32379](CVE-2023/CVE-2023-323xx/CVE-2023-32379.json) (`2023-09-06T02:15:09.120`)
* [CVE-2023-32425](CVE-2023/CVE-2023-324xx/CVE-2023-32425.json) (`2023-09-06T02:15:09.177`)
* [CVE-2023-32426](CVE-2023/CVE-2023-324xx/CVE-2023-32426.json) (`2023-09-06T02:15:09.223`)
* [CVE-2023-32428](CVE-2023/CVE-2023-324xx/CVE-2023-32428.json) (`2023-09-06T02:15:09.270`)
* [CVE-2023-32432](CVE-2023/CVE-2023-324xx/CVE-2023-32432.json) (`2023-09-06T02:15:09.327`)
* [CVE-2023-32438](CVE-2023/CVE-2023-324xx/CVE-2023-32438.json) (`2023-09-06T02:15:09.383`)
* [CVE-2023-34352](CVE-2023/CVE-2023-343xx/CVE-2023-34352.json) (`2023-09-06T02:15:09.440`)
* [CVE-2023-4719](CVE-2023/CVE-2023-47xx/CVE-2023-4719.json) (`2023-09-06T02:15:09.500`)
* [CVE-2023-30711](CVE-2023/CVE-2023-307xx/CVE-2023-30711.json) (`2023-09-06T04:15:12.570`)
* [CVE-2023-30712](CVE-2023/CVE-2023-307xx/CVE-2023-30712.json) (`2023-09-06T04:15:13.007`)
* [CVE-2023-30713](CVE-2023/CVE-2023-307xx/CVE-2023-30713.json) (`2023-09-06T04:15:13.383`)
* [CVE-2023-30714](CVE-2023/CVE-2023-307xx/CVE-2023-30714.json) (`2023-09-06T04:15:13.740`)
* [CVE-2023-30715](CVE-2023/CVE-2023-307xx/CVE-2023-30715.json) (`2023-09-06T04:15:14.080`)
* [CVE-2023-30716](CVE-2023/CVE-2023-307xx/CVE-2023-30716.json) (`2023-09-06T04:15:14.283`)
* [CVE-2023-30717](CVE-2023/CVE-2023-307xx/CVE-2023-30717.json) (`2023-09-06T04:15:14.467`)
* [CVE-2023-30718](CVE-2023/CVE-2023-307xx/CVE-2023-30718.json) (`2023-09-06T04:15:14.640`)
* [CVE-2023-30719](CVE-2023/CVE-2023-307xx/CVE-2023-30719.json) (`2023-09-06T04:15:14.860`)
* [CVE-2023-30720](CVE-2023/CVE-2023-307xx/CVE-2023-30720.json) (`2023-09-06T04:15:15.067`)
* [CVE-2023-30721](CVE-2023/CVE-2023-307xx/CVE-2023-30721.json) (`2023-09-06T04:15:15.263`)
* [CVE-2023-30722](CVE-2023/CVE-2023-307xx/CVE-2023-30722.json) (`2023-09-06T04:15:15.493`)
* [CVE-2023-30723](CVE-2023/CVE-2023-307xx/CVE-2023-30723.json) (`2023-09-06T04:15:15.703`)
* [CVE-2023-30724](CVE-2023/CVE-2023-307xx/CVE-2023-30724.json) (`2023-09-06T04:15:15.987`)
* [CVE-2023-30725](CVE-2023/CVE-2023-307xx/CVE-2023-30725.json) (`2023-09-06T04:15:16.277`)
* [CVE-2023-30726](CVE-2023/CVE-2023-307xx/CVE-2023-30726.json) (`2023-09-06T04:15:16.470`)
* [CVE-2023-30728](CVE-2023/CVE-2023-307xx/CVE-2023-30728.json) (`2023-09-06T04:15:16.673`)
* [CVE-2023-30729](CVE-2023/CVE-2023-307xx/CVE-2023-30729.json) (`2023-09-06T04:15:16.890`)
* [CVE-2023-30730](CVE-2023/CVE-2023-307xx/CVE-2023-30730.json) (`2023-09-06T04:15:17.130`)
* [CVE-2023-4773](CVE-2023/CVE-2023-47xx/CVE-2023-4773.json) (`2023-09-06T04:15:17.377`)
* [CVE-2023-32162](CVE-2023/CVE-2023-321xx/CVE-2023-32162.json) (`2023-09-06T05:15:42.243`)
* [CVE-2023-32163](CVE-2023/CVE-2023-321xx/CVE-2023-32163.json) (`2023-09-06T05:15:42.347`)
* [CVE-2023-35719](CVE-2023/CVE-2023-357xx/CVE-2023-35719.json) (`2023-09-06T05:15:42.437`)
* [CVE-2023-3471](CVE-2023/CVE-2023-34xx/CVE-2023-3471.json) (`2023-09-06T05:15:42.520`)
* [CVE-2023-3472](CVE-2023/CVE-2023-34xx/CVE-2023-3472.json) (`2023-09-06T05:15:42.613`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `0`
* [CVE-2020-21426](CVE-2020/CVE-2020-214xx/CVE-2020-21426.json) (`2023-09-06T03:15:10.613`)
* [CVE-2020-21427](CVE-2020/CVE-2020-214xx/CVE-2020-21427.json) (`2023-09-06T03:15:11.547`)
* [CVE-2020-21428](CVE-2020/CVE-2020-214xx/CVE-2020-21428.json) (`2023-09-06T03:15:11.657`)
* [CVE-2020-22524](CVE-2020/CVE-2020-225xx/CVE-2020-22524.json) (`2023-09-06T03:15:11.807`)
## Download and Usage